Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows aus Sicherheitsgründen blockiert (https://www.trojaner-board.de/112237-windows-sicherheitsgruenden-blockiert.html)

sravy 24.03.2012 20:13
Windows aus Sicherheitsgründen blockiert
 
Hallo Freunde,

bin neu in Forum und habe folgendes Problem. Ich weiß dass das Problem hier mehrmals erwähnt ist und dass ich die OTL Logs hier anhängen soll. Die lade ich hoch. Ohne internet kann ich mich richtig anmelden und mit Internetverbindung bekomme ich dieses problem.. Mit Wlan kommt immer wieder der Fehler "Windows aus Sicherheitsgründen blockiert, bezahlen und runterladen" Ich habe mozilla benutzt und ausversehen auf ein link geklickt, was zu diese Virus geführt hat.

OTL Log ist Folgendes


OTL Logfile:
Code:
OTL logfile created on: 24.03.2012 20:05:57 - Run 4
OTL by OldTimer - Version 3.2.39.2    Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 74,58% Memory free
5,32 Gb Paging File | 4,46 Gb Available in Paging File | 83,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,75 Gb Free Space | 44,38% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 916,86 Mb Free Space | 92,80% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
PRC - C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
PRC - C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\bin\ZenUserDaemon.exe (Novell, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
PRC - C:\Programme\Novell\ZENworks\bin\TSUsage32.exe (Novell, Inc.)
PRC - C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
PRC - C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Notes\nslsvice.exe (IBM Corp)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe (Microsoft Corporation)
PRC - C:\Programme\Novell\ZENworks\NalAgent.exe (Novell, Inc)
PRC - C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Programme\TechSmith\SnagIt 8\TscHelp.exe (TechSmith Corporation)
PRC - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\acc5ec6c04f1eff1029f88e339c98e47\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d4a5aced0ec83076368bad3f7277da5f\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1cb3849720ed4eb09c75725675a3ef31\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\facce4c3f0327583278401d360310a99\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1af095ac130f585527b60abd230b4558\System.DirectoryServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\142e2b633a002e749dbd9d697dbf3f4f\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\64bf8d2f963138ede81700b9fd525547\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\569ae3c239c7270b687996583ca97c28\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9cf4a4fdd044bf3f033ae4fa26bdd796\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\891e536eaeebb1c3ea4a2b199f3b739b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3877aa44425b257edad57137c5a2e21\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0aacf518f032079557bc36a2eef2ccea\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\c54577f8280781a7fdfab0768a5e57dc\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\448062bb843b945803db54b94a340c0c\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\666b3b77f2bdbd072b199abd2f15f5f1\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\c29d0fd0724449a5e2e64f36c968f268\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5aa5f52223edf2f53fe90b153108d450\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\12637de2619ee65d57c529f6c786dce1\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Novell.Casa.Client.Auth\1.7.0.0__ed0eb71059ea593b\Novell.Casa.Client.Auth.dll ()
MOD - C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll ()
MOD - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL ()
MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\ACSonyEricssonHlpr.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\AcWrpc.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\zmd.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Localizer.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\sqlite3.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\WinProxyUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\InventoryManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\InventoryManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusCollectionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AppModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AppModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentDistributionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AuthSatellite_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\LoggerUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconPlugins_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\RegistrationModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\RegistrationModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\SettingsModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusSender_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZMD_de.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Mobile Broadband drivers\WMCore\MBMDebug.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\PatchLink\Update Agent\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\nls\DEUTSCH\nwshlxnr.dll ()
MOD - C:\WINDOWS\system32\nwshlxnt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalUIRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalAgentRes.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\XMLPARSE.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (SMART Mirror Driver Monitor Service) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe (SMART Technologies)
SRV - (TelevisionFanaticService) -- C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DMService) -- C:\WINDOWS\DOWNLO~1\DMService.exe ()
SRV - (ZENPreAgent) -- C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe ()
SRV - (AgentSrv) -- C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Novell ZENworks Agent Service) -- C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
SRV - (WMCoreService) -- C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
SRV - (jhi_service) Intel(R) -- C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (uagqecsvc) -- C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
SRV - (Lenovo.micmute) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (Novell Identity Store) -- C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (PatchLink Update) -- C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (Lotus Notes Single Logon) -- C:\Notes\nslsvice.exe (IBM Corp)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ZFDWM) -- C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NALNTSERVICE) -- C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120323.023\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120323.023\NAVENG.SYS (Symantec Corporation)
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (TrojanKillerDriver) -- C:\WINDOWS\system32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (risdxc) -- C:\WINDOWS\system32\drivers\risdxc86.sys (REDC)
DRV - (WNTHW) -- C:\WINDOWS\system32\drivers\WNTHW.SYS ()
DRV - (Mbm4NUn) F5521gw Mobile Broadband Network Adapter (WDM) -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys (MCCI Corporation)
DRV - (Mbm4mdm) -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys (MCCI Corporation)
DRV - (Mbm4mgmt)  Mobile Broadband Device Management Driver (WDM) -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys (MCCI Corporation)
DRV - (Mbm4NNd5) F5521gw Mobile Broadband Network Adapter (NDIS) -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys (MCCI Corporation)
DRV - (Mbm4bus) F5521gw Mobile Broadband Device (WDM) -- C:\WINDOWS\system32\drivers\Mbm4bus.sys (MCCI Corporation)
DRV - (Mbm4mdfl) -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys (MCCI Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (NETwNx32) ___ Intel(R) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (e1cexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1c5132.sys (Intel Corporation)
DRV - (l36wgps) -- C:\WINDOWS\system32\drivers\l36wgps.sys (Ericsson AB)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (MEI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\lnvoscard.sys (Sony Ericsson)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (stmtpm) -- C:\WINDOWS\system32\drivers\stm_tpm.sys (STMicroelectronics, INC)
DRV - (BM) -- C:\WINDOWS\system32\drivers\vptunnel.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (NICICCS) -- C:\WINDOWS\System32\drivers\niciccs.sys ()
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKCU\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=a6ddc64300000000000060d819c0da1b
IE - HKCU\..\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}: "URL" = hxxp://www.google.de
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ad.econgas.com:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://wpad/wpad.dat
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Programme\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\:
 
[2011.12.20 16:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Extensions
[2012.02.29 21:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions
[2012.03.24 19:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions\64ffxtbr@TelevisionFanatic.com
[2012.02.05 12:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.05 12:46:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 15:43:25 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2008.04.14 18:30:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Programme\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll File not found
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Programme\TelevisionFanatic\bar\1.bin\64bar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Programme\TelevisionFanatic\bar\1.bin\64bar.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Application Explorer] C:\Programme\Novell\ZENworks\naldesk.exe (Novell, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMSS] C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDDM] C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [SMART Mirror Driver Monitor Service] C:\Dokumente und Einstellungen\Sravan Kumar Puppala [2012.03.24 19:34:41 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [ZCM Install Helper] D:\Temp\~ZCM\cleanup.exe File not found
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - HKCU..\Run: [SkypePM] C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\Skype\SkypePM.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK = C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SnagIt 8.lnk = C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarningMsgInBody =
O8 - Extra context menu item: &Search - hxxp://tbedits.televisionfanatic.com/one-toolbaredits/menusearch.jhtml?s=100000415&p=XPxdm049YYde&si=49647&a=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&n=2012022005 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKCU\..Trusted Domains: hotmail.de ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: srv7vie07 ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: steria.com ([chgpwd.hq] https in Vertrauenswürdige Sites)
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx (FarPoint Spread 7.0 (OLEDB))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.koeln.steria-mummert.de/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qliktech.webex.com/client/T27LD/nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9B80A69-0E19-4CC0-A499-C8F0C5544AA3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ZISWIN.EXE (Novell)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\LCredMgr: DllName - (C:\Programme\Novell\CASA\bin\lcredmgr.dll) - C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 14:06:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{0E5911DD-EA12-4626-B1A8-CB9B7E701F9F} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 15:05:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft Trojan Killer
[2012.03.24 15:04:58 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2012.03.19 13:14:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.03.14 12:31:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SAP BW
[2012.03.05 06:57:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\Qlikview
[2012.03.01 15:01:37 | 000,002,432 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 15:01:35 | 000,011,648 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 15:01:35 | 000,003,584 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.29 11:54:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\IECompatCache
[2012.02.28 17:38:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QlikView
[2012.02.24 17:40:31 | 000,000,000 | ---D | C] -- D:\Bilder
[2012.02.24 08:32:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011.12.20 10:23:00 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Programme\Gemeinsame Dateien\sapxlhelper.dll
[2011.12.20 10:23:00 | 000,626,688 | ---- | C] (SAP AG) -- C:\Programme\Gemeinsame Dateien\sapconsaccess.dll
[2011.12.20 10:23:00 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Programme\Gemeinsame Dateien\sapconsr3.dll
[2011.12.20 10:23:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.24 19:35:25 | 000,002,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.24 19:35:16 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012.03.24 19:34:51 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.03.24 19:34:50 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012.03.24 19:34:40 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
[2012.03.24 19:34:39 | 000,019,868 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.03.24 19:33:45 | 000,000,462 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012.03.24 19:30:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.24 15:05:03 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.24 13:42:42 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK
[2012.03.24 13:18:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.23 14:53:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.22 10:09:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.16 22:32:43 | 000,437,661 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.03.01 15:01:37 | 000,002,432 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 15:01:35 | 000,011,648 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 15:01:35 | 000,003,584 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.28 17:03:43 | 000,002,010 | -H-- | M] () -- D:\Default.rdp
[2012.02.27 23:42:29 | 000,000,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.24 19:35:13 | 000,002,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.24 15:05:03 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.16 22:32:43 | 000,437,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.02.27 23:42:29 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[2012.02.19 15:12:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.07 12:15:05 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.15 20:56:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2012.01.15 20:56:13 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.01.03 19:20:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.21 01:41:29 | 000,131,072 | ---- | C] () -- C:\WINDOWS\toggleql.exe
[2011.12.20 17:07:31 | 000,456,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\niciccs.sys
[2011.12.20 17:05:45 | 000,078,448 | ---- | C] () -- C:\WINDOWS\System32\bmnotify.dll
[2011.12.20 17:05:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ldapmethod.dll
[2011.12.20 17:05:43 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\vpnlogin.exe
[2011.12.20 17:05:43 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\ikeapp.exe
[2011.12.20 17:05:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\vpnstats.exe
[2011.12.20 17:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vpnext.dll
[2011.12.20 17:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\regvpn.exe
[2011.12.20 17:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vpnrst.exe
[2011.12.20 17:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SlpDnsRestore.exe
[2011.12.20 17:02:57 | 000,586,752 | R--- | C] () -- C:\WINDOWS\autolog.exe
[2011.12.20 17:02:57 | 000,080,384 | ---- | C] () -- C:\WINDOWS\cusrmgr.exe
[2011.12.20 17:02:55 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2011.12.20 17:02:55 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2011.12.20 17:02:55 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2011.12.20 17:02:55 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2011.12.20 17:02:54 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2011.12.20 17:02:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2011.12.20 17:02:51 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2011.12.20 17:02:50 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2011.12.20 17:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2011.12.20 17:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2011.12.20 17:02:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2011.12.20 17:02:09 | 000,573,893 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.12.20 16:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.12.20 12:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.12.20 12:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.12.20 12:28:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.12.20 12:25:56 | 000,000,462 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.12.20 12:24:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011.12.20 12:24:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011.12.20 12:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011.12.20 12:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011.12.20 12:24:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011.12.20 12:24:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011.12.20 12:22:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011.12.20 12:19:14 | 000,521,856 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.12.20 11:55:49 | 000,023,116 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011.12.20 11:53:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.20 11:37:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.12.20 10:31:49 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011.12.20 10:24:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.12.20 10:23:49 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2011.12.20 10:23:48 | 001,690,896 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2011.12.20 10:23:48 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2011.12.20 10:23:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2011.12.20 10:23:00 | 000,955,904 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt
[2011.12.20 10:23:00 | 000,949,760 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt
[2011.12.20 10:21:43 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011.12.20 10:21:43 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011.12.20 10:21:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011.12.20 10:21:43 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011.12.20 10:21:43 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011.12.20 10:18:43 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2011.11.09 09:08:01 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011.11.09 09:07:54 | 000,030,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mixer.ini
[2011.11.09 09:07:47 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\Altmixer.ini
[2011.11.09 09:03:42 | 002,286,930 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.12.09 13:57:54 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010.10.11 02:29:34 | 000,114,688 | ---- | C] () -- C:\Programme\ad_ff.dll
[2010.10.11 02:29:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmicasa.dll
[2010.10.11 02:29:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\micasa.dll
[2010.10.11 02:28:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\micasacache.dll
[2010.07.10 03:24:14 | 000,006,253 | ---- | C] () -- C:\Programme\eula.rtf
[2010.05.28 10:39:16 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\casa_authtoken.dll
[2010.05.14 11:08:12 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\providers.bin
 
========== LOP Check ==========
 
[2012.02.19 15:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.12.20 10:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware
[2011.12.20 12:25:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011.12.20 10:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mummert
[2012.02.28 16:03:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QlikTech
[2012.01.14 11:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2012.02.19 15:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Babylon
[2012.01.17 13:40:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\DBDesigner4
[2011.12.20 11:53:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Lenovo
[2011.12.20 11:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mummert
[2011.12.20 15:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\PwrMgr
[2012.01.06 11:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\QlikTech
[2012.01.14 11:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG
[2012.01.19 11:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TeamViewer
[2012.03.19 13:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.01.13 13:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Xerox
[2012.03.24 19:34:51 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.12.20 11:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.12.20 11:35:49 | 000,000,000 | -HSD | M] -- C:\DRIVERS
[2012.02.11 13:06:23 | 000,000,000 | ---D | M] -- C:\Forefront UAG Remote Access Agent
[2011.12.20 17:02:49 | 000,000,000 | -HSD | M] -- C:\INSTALLS
[2011.12.20 12:22:15 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.24 19:34:55 | 000,000,000 | -H-D | M] -- C:\NALCache
[2012.01.05 17:41:34 | 000,000,000 | ---D | M] -- C:\NDPS
[2012.03.19 19:58:40 | 000,000,000 | ---D | M] -- C:\Notes
[2011.12.20 10:10:12 | 000,000,000 | ---D | M] -- C:\Novell
[2012.03.24 15:04:58 | 000,000,000 | R--D | M] -- C:\Programme
[2012.01.08 18:44:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.20 17:01:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.24 17:47:32 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 18:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 18:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 18:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 18:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 18:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 18:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 18:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 18:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 18:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 14:13:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\DRIVERS\000_SYSTEM\MSD\iastor\IaStor.sys
[2010.11.05 23:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\DRIVERS\000_SYSTEM\IaStor.sys
[2010.11.05 19:09:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\WINDOWS\system32\drivers\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 18:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 18:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 18:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 18:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 18:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 18:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 18:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 18:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 18:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 18:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 18:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 18:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.12.01 19:28:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.01 19:28:18 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.01 19:28:18 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.12.20 15:02:28 | 000,069,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\install.xml
[2012.03.24 19:11:09 | 004,980,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT
[2012.03.24 20:05:50 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT.LOG
[2012.03.24 19:11:09 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.ini
[2012.03.24 19:34:40 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.01.12 18:20:28 | 001,860,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
--- --- ---



Vielendank in Voraus
Sravy

Bitte kann jemand ein Tip geben welche Fix ich für OTL geben soll.

Vielendank

hallo ich habe malwarebytes Antimalware laufen lassen und im Anhang ist der Log.
ich kann zwar anmelden jetzt nach der Ausführung von Malwarebytessoftware und behebung aber mein Rechner ist nicht 100% Sauber.

Der Log sieht so aus

Zitat:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Datenbank Version: v2012.03.25.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sravan Kumar Puppala :: MC00019325 [Administrator]
25.03.2012 17:32:16
mbam-log-2012-03-25 (17-43-19).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235764
Laufzeit: 7 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 92
HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.MyWebSearch) -> Daten: C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Daten: a[Éê°HM˜9yÓRØ€ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.MyWebSearch) -> Daten: "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 2
C:\Programme\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
Infizierte Dateien: 30
C:\Programme\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Programme\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
(Ende)

sravy 25.03.2012 17:37
Nochmal OTL ausgeführt und so siehts aus

OTL_text:

OTL Logfile:
Code:
OTL logfile created on: 25.03.2012 18:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,35% Memory free
5,32 Gb Paging File | 4,31 Gb Available in Paging File | 81,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,81 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 917,44 Mb Free Space | 92,86% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
PRC - C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\bin\ZenUserDaemon.exe (Novell, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
PRC - C:\Programme\Novell\ZENworks\bin\TSUsage32.exe (Novell, Inc.)
PRC - C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
PRC - C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Notes\nslsvice.exe (IBM Corp)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Novell\ZENworks\NalAgent.exe (Novell, Inc)
PRC - C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Programme\TechSmith\SnagIt 8\TscHelp.exe (TechSmith Corporation)
PRC - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\acc5ec6c04f1eff1029f88e339c98e47\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d4a5aced0ec83076368bad3f7277da5f\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1cb3849720ed4eb09c75725675a3ef31\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\facce4c3f0327583278401d360310a99\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1af095ac130f585527b60abd230b4558\System.DirectoryServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\142e2b633a002e749dbd9d697dbf3f4f\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\64bf8d2f963138ede81700b9fd525547\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\569ae3c239c7270b687996583ca97c28\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9cf4a4fdd044bf3f033ae4fa26bdd796\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\891e536eaeebb1c3ea4a2b199f3b739b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3877aa44425b257edad57137c5a2e21\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0aacf518f032079557bc36a2eef2ccea\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\c54577f8280781a7fdfab0768a5e57dc\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\448062bb843b945803db54b94a340c0c\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\666b3b77f2bdbd072b199abd2f15f5f1\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\c29d0fd0724449a5e2e64f36c968f268\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5aa5f52223edf2f53fe90b153108d450\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\12637de2619ee65d57c529f6c786dce1\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.1.2.200808010926\os\win32\x86\tlogpsdll.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Novell.Casa.Client.Auth\1.7.0.0__ed0eb71059ea593b\Novell.Casa.Client.Auth.dll ()
MOD - C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll ()
MOD - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL ()
MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\ACSonyEricssonHlpr.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\AcWrpc.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\zmd.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Localizer.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\sqlite3.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\WinProxyUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\InventoryManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\InventoryManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusCollectionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AppModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AppModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentDistributionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AuthSatellite_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\LoggerUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconPlugins_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\QuickTaskManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\ContentManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AssignmentManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\RegistrationModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\RegistrationModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Novell.Zenworks.Settings.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\SettingsModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusSender_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZMD_de.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Mobile Broadband drivers\WMCore\MBMDebug.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\PatchLink\Update Agent\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\nls\DEUTSCH\nwshlxnr.dll ()
MOD - C:\WINDOWS\system32\nwshlxnt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalUIRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalAgentRes.dll ()
MOD - C:\WINDOWS\system32\novell\novdhcp.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\XMLPARSE.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (SMART Mirror Driver Monitor Service) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe (SMART Technologies)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DMService) -- C:\WINDOWS\DOWNLO~1\DMService.exe ()
SRV - (ZENPreAgent) -- C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe ()
SRV - (AgentSrv) -- C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Novell ZENworks Agent Service) -- C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
SRV - (WMCoreService) -- C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
SRV - (jhi_service) Intel(R) -- C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (uagqecsvc) -- C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
SRV - (Lenovo.micmute) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (Novell Identity Store) -- C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (PatchLink Update) -- C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (Lotus Notes Single Logon) -- C:\Notes\nslsvice.exe (IBM Corp)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ZFDWM) -- C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NALNTSERVICE) -- C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120324.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120324.019\NAVENG.SYS (Symantec Corporation)
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (TrojanKillerDriver) -- C:\WINDOWS\system32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (risdxc) -- C:\WINDOWS\system32\drivers\risdxc86.sys (REDC)
DRV - (WNTHW) -- C:\WINDOWS\system32\drivers\WNTHW.SYS ()
DRV - (Mbm4NUn) F5521gw Mobile Broadband Network Adapter (WDM) -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys (MCCI Corporation)
DRV - (Mbm4mdm) -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys (MCCI Corporation)
DRV - (Mbm4mgmt)  Mobile Broadband Device Management Driver (WDM) -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys (MCCI Corporation)
DRV - (Mbm4NNd5) F5521gw Mobile Broadband Network Adapter (NDIS) -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys (MCCI Corporation)
DRV - (Mbm4bus) F5521gw Mobile Broadband Device (WDM) -- C:\WINDOWS\system32\drivers\Mbm4bus.sys (MCCI Corporation)
DRV - (Mbm4mdfl) -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys (MCCI Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (NETwNx32) ___ Intel(R) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (e1cexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1c5132.sys (Intel Corporation)
DRV - (l36wgps) -- C:\WINDOWS\system32\drivers\l36wgps.sys (Ericsson AB)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (MEI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\lnvoscard.sys (Sony Ericsson)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (stmtpm) -- C:\WINDOWS\system32\drivers\stm_tpm.sys (STMicroelectronics, INC)
DRV - (BM) -- C:\WINDOWS\system32\drivers\vptunnel.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (NICICCS) -- C:\WINDOWS\System32\drivers\niciccs.sys ()
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=a6ddc64300000000000060d819c0da1b
IE - HKCU\..\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}: "URL" = hxxp://www.google.de
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ad.econgas.com:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://wpad/wpad.dat
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\:
 
[2011.12.20 17:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Extensions
[2012.02.29 22:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions
[2012.03.24 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions\64ffxtbr@TelevisionFanatic.com
[2012.02.05 13:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.05 13:46:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 16:43:25 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2008.04.14 19:30:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Application Explorer] C:\Programme\Novell\ZENworks\naldesk.exe (Novell, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMSS] C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDDM] C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [SMART Mirror Driver Monitor Service] C:\Dokumente und Einstellungen\Sravan Kumar Puppala [2012.03.25 17:48:58 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [ZCM Install Helper] D:\Temp\~ZCM\cleanup.exe File not found
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK = C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SnagIt 8.lnk = C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarningMsgInBody =
O8 - Extra context menu item: &Search - hxxp://tbedits.televisionfanatic.com/one-toolbaredits/menusearch.jhtml?s=100000415&p=XPxdm049YYde&si=49647&a=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&n=2012022005 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKCU\..Trusted Domains: hotmail.de ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: srv7vie07 ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: steria.com ([chgpwd.hq] https in Vertrauenswürdige Sites)
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx (FarPoint Spread 7.0 (OLEDB))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.koeln.steria-mummert.de/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qliktech.webex.com/client/T27LD/nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9B80A69-0E19-4CC0-A499-C8F0C5544AA3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ZISWIN.EXE (Novell)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\LCredMgr: DllName - (C:\Programme\Novell\CASA\bin\lcredmgr.dll) - C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 15:06:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{0E5911DD-EA12-4626-B1A8-CB9B7E701F9F} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 18:21:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe
[2012.03.25 17:46:38 | 000,000,000 | ---D | C] -- C:\Avenger
[2012.03.25 15:06:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Malwarebytes
[2012.03.25 15:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.25 15:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.25 15:06:47 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.25 15:06:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.24 16:05:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft Trojan Killer
[2012.03.24 16:04:58 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2012.03.19 14:14:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.03.14 13:31:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SAP BW
[2012.03.05 07:57:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\Qlikview
[2012.03.01 16:01:37 | 000,002,432 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 16:01:35 | 000,011,648 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 16:01:35 | 000,003,584 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.29 12:54:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\IECompatCache
[2012.02.28 18:38:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QlikView
[2012.02.24 18:40:31 | 000,000,000 | ---D | C] -- D:\Bilder
[2011.12.20 11:23:00 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Programme\Gemeinsame Dateien\sapxlhelper.dll
[2011.12.20 11:23:00 | 000,626,688 | ---- | C] (SAP AG) -- C:\Programme\Gemeinsame Dateien\sapconsaccess.dll
[2011.12.20 11:23:00 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Programme\Gemeinsame Dateien\sapconsr3.dll
[2011.12.20 11:23:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 18:21:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe
[2012.03.25 18:05:42 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012.03.25 17:50:48 | 000,020,894 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.03.25 17:50:47 | 000,000,462 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012.03.25 17:50:26 | 000,002,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.25 17:49:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.03.25 17:49:09 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012.03.25 17:48:58 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
[2012.03.25 17:47:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.25 17:05:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.25 17:03:18 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.25 15:23:21 | 000,442,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 15:23:21 | 000,367,280 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012.03.25 15:23:21 | 000,365,016 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.25 15:23:21 | 000,355,152 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012.03.25 15:23:21 | 000,071,912 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.25 15:23:21 | 000,069,076 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.25 15:23:21 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012.03.25 15:23:21 | 000,048,468 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012.03.25 15:06:48 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.24 16:05:03 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.24 14:42:42 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK
[2012.03.23 15:53:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.22 11:09:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.16 23:32:43 | 000,437,661 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.03.01 16:01:37 | 000,002,432 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 16:01:35 | 000,011,648 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 16:01:35 | 000,003,584 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.28 18:03:43 | 000,002,010 | -H-- | M] () -- D:\Default.rdp
[2012.02.28 00:42:29 | 000,000,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.25 17:50:26 | 000,002,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.25 15:06:48 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.24 16:05:03 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.16 23:32:43 | 000,437,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.02.28 00:42:29 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[2012.02.19 16:12:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.07 13:15:05 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.15 21:56:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2012.01.15 21:56:13 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.01.03 20:20:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.20 18:07:31 | 000,456,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\niciccs.sys
[2011.12.20 18:05:45 | 000,078,448 | ---- | C] () -- C:\WINDOWS\System32\bmnotify.dll
[2011.12.20 18:05:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ldapmethod.dll
[2011.12.20 18:05:43 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\vpnlogin.exe
[2011.12.20 18:05:43 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\ikeapp.exe
[2011.12.20 18:05:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\vpnstats.exe
[2011.12.20 18:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vpnext.dll
[2011.12.20 18:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\regvpn.exe
[2011.12.20 18:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vpnrst.exe
[2011.12.20 18:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SlpDnsRestore.exe
[2011.12.20 18:02:57 | 000,586,752 | R--- | C] () -- C:\WINDOWS\autolog.exe
[2011.12.20 18:02:57 | 000,080,384 | ---- | C] () -- C:\WINDOWS\cusrmgr.exe
[2011.12.20 18:02:55 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2011.12.20 18:02:55 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2011.12.20 18:02:55 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2011.12.20 18:02:55 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2011.12.20 18:02:54 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2011.12.20 18:02:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2011.12.20 18:02:51 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2011.12.20 18:02:50 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2011.12.20 18:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2011.12.20 18:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2011.12.20 18:02:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2011.12.20 18:02:09 | 000,573,893 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.12.20 17:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.12.20 13:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.12.20 13:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.12.20 13:28:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.12.20 13:25:56 | 000,000,462 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.12.20 13:24:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011.12.20 13:24:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011.12.20 13:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011.12.20 13:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011.12.20 13:24:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011.12.20 13:24:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011.12.20 13:22:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011.12.20 13:19:14 | 000,638,784 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.12.20 12:55:49 | 000,023,116 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011.12.20 12:53:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.20 12:37:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.12.20 11:31:49 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011.12.20 11:24:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.12.20 11:23:49 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2011.12.20 11:23:48 | 001,690,896 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2011.12.20 11:23:48 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2011.12.20 11:23:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2011.12.20 11:23:00 | 000,955,904 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt
[2011.12.20 11:23:00 | 000,949,760 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt
[2011.12.20 11:21:43 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011.12.20 11:21:43 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011.12.20 11:21:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011.12.20 11:21:43 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011.12.20 11:21:43 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011.12.20 11:18:43 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2011.11.09 10:08:01 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011.11.09 10:07:54 | 000,030,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mixer.ini
[2011.11.09 10:07:47 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\Altmixer.ini
[2011.11.09 10:03:42 | 002,286,930 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.12.09 14:57:54 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010.10.11 03:29:34 | 000,114,688 | ---- | C] () -- C:\Programme\ad_ff.dll
[2010.10.11 03:29:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmicasa.dll
[2010.10.11 03:29:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\micasa.dll
[2010.10.11 03:28:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\micasacache.dll
[2010.07.10 04:24:14 | 000,006,253 | ---- | C] () -- C:\Programme\eula.rtf
[2010.05.28 11:39:16 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\casa_authtoken.dll
[2010.05.14 12:08:12 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\providers.bin
 
========== LOP Check ==========
 
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.12.20 11:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware
[2011.12.20 13:25:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011.12.20 11:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mummert
[2012.02.28 17:03:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QlikTech
[2012.01.14 12:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Babylon
[2012.01.17 14:40:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\DBDesigner4
[2011.12.20 12:53:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Lenovo
[2011.12.20 12:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mummert
[2011.12.20 16:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\PwrMgr
[2012.01.06 12:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\QlikTech
[2012.01.14 12:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG
[2012.01.19 12:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TeamViewer
[2012.03.19 14:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.01.13 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Xerox
[2012.03.25 17:49:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.25 17:47:24 | 000,000,000 | ---D | M] -- C:\Avenger
[2011.12.20 12:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.12.20 12:35:49 | 000,000,000 | -HSD | M] -- C:\DRIVERS
[2012.02.11 14:06:23 | 000,000,000 | ---D | M] -- C:\Forefront UAG Remote Access Agent
[2011.12.20 18:02:49 | 000,000,000 | -HSD | M] -- C:\INSTALLS
[2011.12.20 13:22:15 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.25 17:50:15 | 000,000,000 | -H-D | M] -- C:\NALCache
[2012.01.05 18:41:34 | 000,000,000 | ---D | M] -- C:\NDPS
[2012.03.19 20:58:40 | 000,000,000 | ---D | M] -- C:\Notes
[2011.12.20 11:10:12 | 000,000,000 | ---D | M] -- C:\Novell
[2012.03.25 15:06:47 | 000,000,000 | R--D | M] -- C:\Programme
[2012.01.08 19:44:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.20 18:01:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.25 15:12:34 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 19:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 19:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 19:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 19:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 19:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 15:13:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\DRIVERS\000_SYSTEM\MSD\iastor\IaStor.sys
[2010.11.06 00:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\DRIVERS\000_SYSTEM\IaStor.sys
[2010.11.05 20:09:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\WINDOWS\system32\drivers\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 19:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 19:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 19:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 19:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 19:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 19:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 19:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 19:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 19:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 19:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 19:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 19:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.12.01 20:28:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.01 20:28:18 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.01 20:28:18 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.12.20 16:02:28 | 000,069,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\install.xml
[2012.03.25 17:45:59 | 004,980,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT
[2012.03.25 18:23:48 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT.LOG
[2012.03.25 17:45:59 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.ini
[2012.03.25 17:48:58 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.01.12 19:20:28 | 001,860,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          Schliesse bitte nun alle Programme >

< End of report >
--- --- ---

[/CODE]

OTL_Extras:
OTL Logfile:
Code:
OTL Extras logfile created on: 25.03.2012 18:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,35% Memory free
5,32 Gb Paging File | 4,31 Gb Available in Paging File | 81,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,81 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 917,44 Mb Free Space | 92,86% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3024:UDP" = 3024:UDP:*:Enabled:Novell Bordermanager Proxy Services
"1761:TCP" = 1761:TCP:*:Enabled:Novell ZENworks Services
"1761:UDP" = 1761:UDP:*:Enabled:Novell ZENworks Services
"7461:TCP" = 7461:TCP:*:Enabled:Novell Asset Management
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3024:UDP" = 3024:UDP:*:Enabled:Novell Bordermanager Proxy Services
"1761:TCP" = 1761:TCP:*:Enabled:Novell ZENworks Services
"1761:UDP" = 1761:UDP:*:Enabled:Novell ZENworks Services
"2967:TCP" = 2967:TCP:*:Enabled:Symantec Client Security 1
"2967:UDP" = 2967:UDP:*:Enabled:Symantec Client Security 2
"38293:UDP" = 38293:UDP:*:Enabled:Symantec Client Security 3
"7461:TCP" = 7461:TCP:*:Enabled:Novell Asset Management
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%WINDIR%\system32\dpmw32.exe" = %WINDIR%\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"%WINDIR%\system32\vpnstats.exe" = %WINDIR%\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"%WINDIR%\system32\ikeapp.exe" = %WINDIR%\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Connected\COBackup.exe" = C:\Programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\Programme\Connected\AgentSrv.exe" = C:\Programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"C:\WINDOWS\system32\ikeapp.exe" = C:\WINDOWS\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\WINDOWS\system32\vpnstats.exe" = C:\WINDOWS\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%WINDIR%\system32\dpmw32.exe" = %WINDIR%\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"%WINDIR%\system32\vpnstats.exe" = %WINDIR%\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"%WINDIR%\system32\ikeapp.exe" = %WINDIR%\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Connected\AgentSrv.exe" = C:\Programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\Programme\Connected\COBackup.exe" = C:\Programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"C:\WINDOWS\system32\ikeapp.exe" = C:\WINDOWS\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\WINDOWS\system32\vpnstats.exe" = C:\WINDOWS\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" = C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04EB530D-EFBE-4624-BC83-611E557B9F03}" = STM TPM Driver 1.0.4.15 - 32 bits
"{118C9AEE-A282-445C-8B56-A6B50795B8A6}" = Powerarchiver
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{15A3C0D8-3D81-4CF6-8797-E27BDE5F8573}" = ZENworks Uninstaller
"{1717FEDC-6D5A-44B7-AB98-814834F0E695}" = ZENworks Agent Bundle Management
"{176E8FD2-5BE4-47f5-A7FB-379428C0C027}" = ZENworks Patch Management Agent
"{17C573A8-D916-4166-81A6-7C5C608919CA}" = ZENworks Agent Authentication Satellite Module
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1BE23A18-1B51-4F59-8326-33CA5F1294F4}" = ZENworks Primary Agent
"{1CA2B9F5-835B-46C2-8961-D52C96C613B7}" = ZENworks Imaging Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F7117E-1B6F-4EEC-8F47-FB7A142FAC12}" = ZENworks Desktop Management Agent
"{21EFE22F-B9A5-4842-9EB6-0D37442F6B9E}" = assetmanagementmodule-langs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2BF03149-7323-4347-A72E-A48642C248A4}" = SMC Vorlagen für Office 2003
"{2CB10E96-23CD-4AE2-A7C4-9CF75463C174}" = ZENworks Information Icon
"{2FE4A854-6739-45B9-AF0B-270AA25215F4}" = ZENworks Agent System Update Module
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{364DA896-84B4-4887-95AA-5A2953234217}" = windows-desktop-langs
"{3C189690-43B8-4E98-A2E4-3908A8F691D0}" = PDF Konverter
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C6849B6-1953-4DAF-9A8B-783FB72F3CBB}" = Novell CASA Authentication Token Client
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4CD57A44-0FE0-44B5-AC1A-BDE5490FEA6F}" = status-collection-point-langs
"{4DF669B8-5B56-4174-AFDE-BE7DA0662850}" = primary-agent-langs
"{4E7344D7-84E3-4FB6-967F-DD4624D7EA9C}" = ZFD Mini Inventory
"{5248DF85-F55D-4F84-A08F-3B323DB036B8}" = ThinkVantage Fingerprint Software
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53675532-C165-4916-BD97-59CE0DCF5D09}" = ConText
"{55A976DD-9D1A-4B70-B36B-459D7EE3D380}" = Steria ConfigMgr Local Policy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FCDC863-72E2-4C1A-86B2-593018307B1C}" = zencore-agent-langs
"{6034D614-E53F-46F2-B0BC-280222D569C2}" = CASA
"{63C63A5D-44C8-4734-85D6-72D8332721E4}" = Mummert Zertifikate
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{72E37E13-0FB8-4644-A8E8-F2900B9C7B67}" = See & Share
"{79EE919C-7A93-4868-8B42-EF8F9B14FFFC}" = ZENworks Status Collection Point
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87467DDA-0189-4730-A3A6-079429D1657B}" = ZENworks Agent WinProxy Module
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89FB3889-47EE-4CDA-A2DC-565C1D6CEE6C}" = QlikView x86
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90F80407-6000-11D3-8CFE-0150048383C9}" = Tool zum Entfernen verborgener Daten
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{925E8226-FBED-43FD-BC8C-41207B999AF0}" = ZENworks Extensions Libraries
"{93699C3E-005E-4294-87CA-F5B7DE2CD687}" = SnagIt 8
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951F94FD-DDBB-4A15-B8E7-1560D3D28900}" = actions-langs
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98AA657D-9790-4454-9DB2-E8ED0EF8C571}" = Configuration Manager Client
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E7260AC-22D9-4622-AA26-7CD6011D9DA4}" = SAP Mobile Infrastructure
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F74D9F-ECC1-48BB-8105-6FD5B70DD55B}" = ZENworks Agent Asset Management Module
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D5C59E-F97B-4665-B811-DC93635E05B0}" = ZENworks Action Utilities
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AD98F2ED-D92A-43AA-9F28-0466928AA13C}" = content-distribution-point-langs
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF2E0395-7695-41E8-AC23-D58C328126F7}" = zennotifyicon-langs
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BC9FD7FB-5929-47F7-9B24-D9237B14F26E}" = ZENworks Version Information
"{BE0B37FE-EF39-4B9C-A329-904616EE633C}" = ZENworks Action Handlers
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{C8FE6530-2E39-4563-A7D8-183C7FA2B76A}" = ZENworks Agent Inventory Management
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB5EDF53-10D0-44F1-A25D-C7BB352AF1B8}" = Novell BorderManager 3.8.15 VPN Client
"{CBA13F11-D29E-48CC-9EBC-F122567F9119}" = Action Handler Resources
"{CD124C12-BEFD-4DBA-A915-A2F995F56B13}" = Policy Action Handler Resources
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4CAD0A4-A14D-4F70-A8CB-475776C76CF8}" = inventory-langs
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{D6EA1689-AA4C-4CF6-862C-87D9877F3651}" = ZENworks Content Distribution Point
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{D9CFF2FF-620F-4842-A075-8A0769816FA4}" = Novell ZENworks Adaptive Agent Help
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8542277-8C9D-4CC9-8D92-7C126EE7110E}" = bundle-langs
"{E855E69B-79FA-499D-866B-16B082D6D83A}" = Lotus Notes 8.0.2 de
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{EC482C6E-8F7F-4187-BB4C-841E1B64022B}" = ZENworks Actions
"{EE1B5DDC-BE68-4F19-BEEE-7FFD4DD43BFD}" = ZENworks Agent Core Modules
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F48BE301-EC78-4686-B580-EE4934558798}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{F594EA1A-5603-4B82-B624-BE1F807BC8E1}" = WinProxy-langs
"{F5F97313-4454-4B49-A602-285447A55B86}" = Intel(R) PROSet/Wireless WiFi-Software
"{F6B2EDDE-108F-463B-B788-42329FE00D9E}" = Microsoft Redistributable Files (x86)
"{FB6C607F-B865-42A2-B14B-14E207F2EA90}" = QvPluginSetup
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"{FEAD3C72-1A18-4BAB-94FB-E508C31B2E79}" = auth-satellite-server-langs
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"Connected" = Connected DataProtector
"GridinSoft Trojan Killer" = Trojan Killer
"ie8" = Windows Internet Explorer 8
"InstallShield_{9E7260AC-22D9-4622-AA26-7CD6011D9DA4}" = SAP Mobile Infrastructure
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NICI U.S./Worldwide (128 bit)" = NICI U.S./Worldwide 1.7.0 (128 bit)
"Novell Client for Windows" = Novell Client für Windows
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"PPTView97" = Microsoft PowerPoint Viewer 97
"ProInst" = Intel PROSet Wireless
"RDC" = RDC
"SAP_ALD80" = Adobe LiveCycle Designer 8.0
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamViewer 7" = TeamViewer 7
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TreeSize Professional_is1" = TreeSize Professional 4.3
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENworks" = Novell ZENworks
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2012 05:11:45 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 06:11:45 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 07:11:46 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 08:11:47 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 09:11:47 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 15:08:07 | Computer Name = MC00019325 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.03.2012 02:33:26 | Computer Name = MC00019325 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.03.2012 05:22:01 | Computer Name = MC00019325 | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden.  Es werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene
 Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information
 ist DWORD 2.
 
Error - 23.03.2012 05:22:01 | Computer Name = MC00019325 | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode
 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.
 
Error - 23.03.2012 05:23:37 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
[ Lumension Events ]
Error - 15.03.2012 14:11:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:12:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =  Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 15.03.2012 14:13:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:14:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =  Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 15.03.2012 14:15:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:16:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =  Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 17.03.2012 05:06:54 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 19.03.2012 05:07:56 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 24.03.2012 07:20:40 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 25.03.2012 09:25:55 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
[ PatchLink Events ]
Error - 03.01.2012 11:33:29 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 04.01.2012 10:26:29 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 06.01.2012 04:45:50 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 08.01.2012 03:15:00 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
[ System Events ]
Error - 15.03.2012 14:25:15 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
Error - 15.03.2012 14:25:15 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
Error - 15.03.2012 14:25:46 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
Error - 15.03.2012 14:25:48 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
Error - 15.03.2012 14:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 14:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 14:58:03 | Computer Name = MC00019325 | Source = NapAgent | ID = 30
Description = Der System-Integritäts-Agent 79745 hat den Fehlercode FailureCategory
 Other zurückgeliefert.
 
Error - 15.03.2012 15:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 15:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 16.03.2012 01:37:57 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
 
< End of report >
--- --- ---

[/CODE]

cosinus 25.03.2012 17:38
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

sravy 25.03.2012 17:38
Nochmal OTL ausgeführt und so siehts aus:

OTL_text:

OTL Logfile:
Code:
OTL logfile created on: 25.03.2012 18:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,35% Memory free
5,32 Gb Paging File | 4,31 Gb Available in Paging File | 81,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,81 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 917,44 Mb Free Space | 92,86% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
PRC - C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\bin\ZenUserDaemon.exe (Novell, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
PRC - C:\Programme\Novell\ZENworks\bin\TSUsage32.exe (Novell, Inc.)
PRC - C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
PRC - C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Programme\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
PRC - C:\Notes\nslsvice.exe (IBM Corp)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Novell\ZENworks\NalAgent.exe (Novell, Inc)
PRC - C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Programme\TechSmith\SnagIt 8\TscHelp.exe (TechSmith Corporation)
PRC - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\acc5ec6c04f1eff1029f88e339c98e47\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d4a5aced0ec83076368bad3f7277da5f\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1cb3849720ed4eb09c75725675a3ef31\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\facce4c3f0327583278401d360310a99\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1af095ac130f585527b60abd230b4558\System.DirectoryServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\142e2b633a002e749dbd9d697dbf3f4f\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\64bf8d2f963138ede81700b9fd525547\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\569ae3c239c7270b687996583ca97c28\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9cf4a4fdd044bf3f033ae4fa26bdd796\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\891e536eaeebb1c3ea4a2b199f3b739b\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3877aa44425b257edad57137c5a2e21\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0aacf518f032079557bc36a2eef2ccea\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\c54577f8280781a7fdfab0768a5e57dc\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\448062bb843b945803db54b94a340c0c\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\666b3b77f2bdbd072b199abd2f15f5f1\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\c29d0fd0724449a5e2e64f36c968f268\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5aa5f52223edf2f53fe90b153108d450\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\12637de2619ee65d57c529f6c786dce1\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.1.2.200808010926\os\win32\x86\tlogpsdll.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Novell.Casa.Client.Auth\1.7.0.0__ed0eb71059ea593b\Novell.Casa.Client.Auth.dll ()
MOD - C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll ()
MOD - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL ()
MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\ACSonyEricssonHlpr.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\AcWrpc.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\zmd.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Localizer.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\sqlite3.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\WinProxyUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\InventoryManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\InventoryManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusCollectionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AppModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AppModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentDistributionPoint_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\AuthSatellite_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\LoggerUI_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconPlugins_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\QuickTaskManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\ContentManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ContentManager_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\AssignmentManager.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZenNotifyIconModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\RegistrationModule.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\RegistrationModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\bin\XmlSerializers\Novell.Zenworks.Settings.XmlSerializers.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\SettingsModule_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\StatusSender_de.dll ()
MOD - C:\Programme\Novell\ZENworks\lang\ZMD_de.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll ()
MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Mobile Broadband drivers\WMCore\MBMDebug.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\PatchLink\Update Agent\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\nls\DEUTSCH\nwshlxnr.dll ()
MOD - C:\WINDOWS\system32\nwshlxnt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalUIRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalRes.dll ()
MOD - C:\Programme\Novell\ZENworks\nls\deutsch\NalAgentRes.dll ()
MOD - C:\WINDOWS\system32\novell\novdhcp.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\WINDOWS\system32\XMLPARSE.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (SMART Mirror Driver Monitor Service) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe (SMART Technologies)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DMService) -- C:\WINDOWS\DOWNLO~1\DMService.exe ()
SRV - (ZENPreAgent) -- C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe ()
SRV - (AgentSrv) -- C:\Programme\Connected\AGENTSRV.EXE (Connected Corporation)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Novell ZENworks Agent Service) -- C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe (Novell, Inc.)
SRV - (WMCoreService) -- C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe (Ericsson AB)
SRV - (jhi_service) Intel(R) -- C:\Programme\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (uagqecsvc) -- C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
SRV - (Lenovo.micmute) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (Novell Identity Store) -- C:\Programme\Novell\CASA\bin\micasad.exe (Novell, Inc)
SRV - (Symantec AntiVirus) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (PatchLink Update) -- C:\Programme\PatchLink\Update Agent\GravitixService.exe (Novell, Inc.)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (Lotus Notes Single Logon) -- C:\Notes\nslsvice.exe (IBM Corp)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ZFDWM) -- C:\Programme\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\novell\xtagent.exe (Novell, Inc.)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NALNTSERVICE) -- C:\Programme\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120324.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20120324.019\NAVENG.SYS (Symantec Corporation)
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (TrojanKillerDriver) -- C:\WINDOWS\system32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (risdxc) -- C:\WINDOWS\system32\drivers\risdxc86.sys (REDC)
DRV - (WNTHW) -- C:\WINDOWS\system32\drivers\WNTHW.SYS ()
DRV - (Mbm4NUn) F5521gw Mobile Broadband Network Adapter (WDM) -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys (MCCI Corporation)
DRV - (Mbm4mdm) -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys (MCCI Corporation)
DRV - (Mbm4mgmt)  Mobile Broadband Device Management Driver (WDM) -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys (MCCI Corporation)
DRV - (Mbm4NNd5) F5521gw Mobile Broadband Network Adapter (NDIS) -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys (MCCI Corporation)
DRV - (Mbm4bus) F5521gw Mobile Broadband Device (WDM) -- C:\WINDOWS\system32\drivers\Mbm4bus.sys (MCCI Corporation)
DRV - (Mbm4mdfl) -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys (MCCI Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (NETwNx32) ___ Intel(R) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (e1cexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1c5132.sys (Intel Corporation)
DRV - (l36wgps) -- C:\WINDOWS\system32\drivers\l36wgps.sys (Ericsson AB)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (MEI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (SysPlant) -- C:\WINDOWS\system32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\lnvoscard.sys (Sony Ericsson)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (stmtpm) -- C:\WINDOWS\system32\drivers\stm_tpm.sys (STMicroelectronics, INC)
DRV - (BM) -- C:\WINDOWS\system32\drivers\vptunnel.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (NICICCS) -- C:\WINDOWS\System32\drivers\niciccs.sys ()
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.steria-mummert.de/intern/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.steria-mummert.de/intern/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=a6ddc64300000000000060d819c0da1b
IE - HKCU\..\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}: "URL" = hxxp://www.google.de
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ad.econgas.com:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://wpad/wpad.dat
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\:
 
[2011.12.20 17:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Extensions
[2012.02.29 22:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions
[2012.03.24 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mozilla\Firefox\Profiles\wbkl6vga.default\extensions\64ffxtbr@TelevisionFanatic.com
[2012.02.05 13:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.05 13:46:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 16:43:25 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2008.04.14 19:30:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Application Explorer] C:\Programme\Novell\ZENworks\naldesk.exe (Novell, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMSS] C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDDM] C:\Programme\PatchLink\Update Agent\pddm.exe (Novell, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [SMART Mirror Driver Monitor Service] C:\Dokumente und Einstellungen\Sravan Kumar Puppala [2012.03.25 17:48:58 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [ZCM Install Helper] D:\Temp\~ZCM\cleanup.exe File not found
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK = C:\Programme\Connected\CBSysTray.exe (Connected Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SnagIt 8.lnk = C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarningMsgInBody =
O8 - Extra context menu item: &Search - hxxp://tbedits.televisionfanatic.com/one-toolbaredits/menusearch.jhtml?s=100000415&p=XPxdm049YYde&si=49647&a=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&n=2012022005 File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKCU\..Trusted Domains: hotmail.de ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: live.com ([login] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: srv7vie07 ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: steria.com ([chgpwd.hq] https in Vertrauenswürdige Sites)
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx (FarPoint Spread 7.0 (OLEDB))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://external.econgas.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://domino.koeln.steria-mummert.de/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qliktech.webex.com/client/T27LD/nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9B80A69-0E19-4CC0-A499-C8F0C5544AA3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ZISWIN.EXE (Novell)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\LCredMgr: DllName - (C:\Programme\Novell\CASA\bin\lcredmgr.dll) - C:\Programme\Novell\CASA\bin\lcredmgr.dll ()
O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\SMC Start Screen_1440w_Plain.BMP
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Programme\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 15:06:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{0E5911DD-EA12-4626-B1A8-CB9B7E701F9F} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 18:21:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe
[2012.03.25 17:46:38 | 000,000,000 | ---D | C] -- C:\Avenger
[2012.03.25 15:06:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Malwarebytes
[2012.03.25 15:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.25 15:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.25 15:06:47 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.25 15:06:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.24 16:05:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft Trojan Killer
[2012.03.24 16:04:58 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2012.03.19 14:14:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.03.14 13:31:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SAP BW
[2012.03.05 07:57:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\Qlikview
[2012.03.01 16:01:37 | 000,002,432 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 16:01:35 | 000,011,648 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 16:01:35 | 000,003,584 | ---- | C] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.29 12:54:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\IECompatCache
[2012.02.28 18:38:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QlikView
[2012.02.24 18:40:31 | 000,000,000 | ---D | C] -- D:\Bilder
[2011.12.20 11:23:00 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Programme\Gemeinsame Dateien\sapxlhelper.dll
[2011.12.20 11:23:00 | 000,626,688 | ---- | C] (SAP AG) -- C:\Programme\Gemeinsame Dateien\sapconsaccess.dll
[2011.12.20 11:23:00 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Programme\Gemeinsame Dateien\sapconsr3.dll
[2011.12.20 11:23:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Programme\Gemeinsame Dateien\DigitalSignature.ocx
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 18:21:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\OTL.exe
[2012.03.25 18:05:42 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012.03.25 17:50:48 | 000,020,894 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.03.25 17:50:47 | 000,000,462 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012.03.25 17:50:26 | 000,002,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.25 17:49:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012.03.25 17:49:09 | 000,573,893 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012.03.25 17:48:58 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
[2012.03.25 17:47:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.25 17:05:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.25 17:03:18 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.25 15:23:21 | 000,442,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 15:23:21 | 000,367,280 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012.03.25 15:23:21 | 000,365,016 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.03.25 15:23:21 | 000,355,152 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012.03.25 15:23:21 | 000,071,912 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.25 15:23:21 | 000,069,076 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.03.25 15:23:21 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012.03.25 15:23:21 | 000,048,468 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012.03.25 15:06:48 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.24 16:05:03 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.24 14:42:42 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Connected TaskBar Icon.LNK
[2012.03.23 15:53:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.22 11:09:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.16 23:32:43 | 000,437,661 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.03.01 16:01:37 | 000,002,432 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\drivers\smrtdrv.sys
[2012.03.01 16:01:35 | 000,011,648 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtdrv.dll
[2012.03.01 16:01:35 | 000,003,584 | ---- | M] (SMART Technologies Inc.) -- C:\WINDOWS\System32\smrtexp.dll
[2012.02.28 18:03:43 | 000,002,010 | -H-- | M] () -- D:\Default.rdp
[2012.02.28 00:42:29 | 000,000,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[62 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.25 17:50:26 | 000,002,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\SMC Anwendungen.nal
[2012.03.25 15:06:48 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.24 16:05:03 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk
[2012.03.16 23:32:43 | 000,437,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\FLT_3F4HCB15413_0.pdf
[2012.02.28 00:42:29 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\default.pls
[2012.02.19 16:12:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.07 13:15:05 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.15 21:56:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2012.01.15 21:56:13 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.01.03 20:20:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.20 18:07:31 | 000,456,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\niciccs.sys
[2011.12.20 18:05:45 | 000,078,448 | ---- | C] () -- C:\WINDOWS\System32\bmnotify.dll
[2011.12.20 18:05:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ldapmethod.dll
[2011.12.20 18:05:43 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\vpnlogin.exe
[2011.12.20 18:05:43 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\ikeapp.exe
[2011.12.20 18:05:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\vpnstats.exe
[2011.12.20 18:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vpnext.dll
[2011.12.20 18:05:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\regvpn.exe
[2011.12.20 18:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vpnrst.exe
[2011.12.20 18:05:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SlpDnsRestore.exe
[2011.12.20 18:02:57 | 000,586,752 | R--- | C] () -- C:\WINDOWS\autolog.exe
[2011.12.20 18:02:57 | 000,080,384 | ---- | C] () -- C:\WINDOWS\cusrmgr.exe
[2011.12.20 18:02:55 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2011.12.20 18:02:55 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2011.12.20 18:02:55 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2011.12.20 18:02:55 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2011.12.20 18:02:54 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2011.12.20 18:02:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2011.12.20 18:02:51 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2011.12.20 18:02:50 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2011.12.20 18:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2011.12.20 18:02:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2011.12.20 18:02:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2011.12.20 18:02:09 | 000,573,893 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.12.20 17:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.12.20 13:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.12.20 13:28:36 | 000,256,580 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.12.20 13:28:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.12.20 13:25:56 | 000,000,462 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.12.20 13:24:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011.12.20 13:24:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011.12.20 13:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011.12.20 13:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011.12.20 13:24:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011.12.20 13:24:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011.12.20 13:22:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011.12.20 13:19:14 | 000,638,784 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.12.20 12:55:49 | 000,023,116 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011.12.20 12:53:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.12.20 12:37:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.12.20 11:31:49 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011.12.20 11:24:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.12.20 11:23:49 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2011.12.20 11:23:48 | 001,690,896 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2011.12.20 11:23:48 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2011.12.20 11:23:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2011.12.20 11:23:00 | 000,955,904 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL.xlt
[2011.12.20 11:23:00 | 000,949,760 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\SAPActiveXL_nosig.xlt
[2011.12.20 11:21:43 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011.12.20 11:21:43 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011.12.20 11:21:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011.12.20 11:21:43 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011.12.20 11:21:43 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011.12.20 11:18:43 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2011.11.09 10:08:01 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011.11.09 10:07:54 | 000,030,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mixer.ini
[2011.11.09 10:07:47 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\Altmixer.ini
[2011.11.09 10:03:42 | 002,286,930 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.12.09 14:57:54 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010.10.11 03:29:34 | 000,114,688 | ---- | C] () -- C:\Programme\ad_ff.dll
[2010.10.11 03:29:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmicasa.dll
[2010.10.11 03:29:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\micasa.dll
[2010.10.11 03:28:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\micasacache.dll
[2010.07.10 04:24:14 | 000,006,253 | ---- | C] () -- C:\Programme\eula.rtf
[2010.05.28 11:39:16 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\casa_authtoken.dll
[2010.05.14 12:08:12 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\providers.bin
 
========== LOP Check ==========
 
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.12.20 11:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware
[2011.12.20 13:25:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011.12.20 11:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mummert
[2012.02.28 17:03:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QlikTech
[2012.01.14 12:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Babylon
[2012.01.17 14:40:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\DBDesigner4
[2011.12.20 12:53:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Lenovo
[2011.12.20 12:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Mummert
[2011.12.20 16:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\PwrMgr
[2012.01.06 12:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\QlikTech
[2012.01.14 12:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG
[2012.01.19 12:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TeamViewer
[2012.03.19 14:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
[2012.01.13 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Xerox
[2012.03.25 17:49:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.25 17:47:24 | 000,000,000 | ---D | M] -- C:\Avenger
[2011.12.20 12:51:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.12.20 12:35:49 | 000,000,000 | -HSD | M] -- C:\DRIVERS
[2012.02.11 14:06:23 | 000,000,000 | ---D | M] -- C:\Forefront UAG Remote Access Agent
[2011.12.20 18:02:49 | 000,000,000 | -HSD | M] -- C:\INSTALLS
[2011.12.20 13:22:15 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.25 17:50:15 | 000,000,000 | -H-D | M] -- C:\NALCache
[2012.01.05 18:41:34 | 000,000,000 | ---D | M] -- C:\NDPS
[2012.03.19 20:58:40 | 000,000,000 | ---D | M] -- C:\Notes
[2011.12.20 11:10:12 | 000,000,000 | ---D | M] -- C:\Novell
[2012.03.25 15:06:47 | 000,000,000 | R--D | M] -- C:\Programme
[2012.01.08 19:44:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.20 18:01:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.25 15:12:34 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 19:30:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 19:30:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 19:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 19:30:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 19:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 19:30:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 15:13:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\DRIVERS\000_SYSTEM\MSD\iastor\IaStor.sys
[2010.11.06 00:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\DRIVERS\000_SYSTEM\IaStor.sys
[2010.11.05 20:09:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\WINDOWS\system32\drivers\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 19:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 19:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 19:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 19:30:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 19:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 19:30:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 19:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 19:30:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 19:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 19:30:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 19:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 19:30:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.12.01 20:28:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.01 20:28:18 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.01 20:28:18 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.12.20 16:02:28 | 000,069,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\install.xml
[2012.03.25 17:45:59 | 004,980,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT
[2012.03.25 18:23:48 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\NTUSER.DAT.LOG
[2012.03.25 17:45:59 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.ini
[2012.03.25 17:48:58 | 000,000,972 | RHS- | M] () -- C:\Dokumente und Einstellungen\Sravan Kumar Puppala\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.01.12 19:20:28 | 001,860,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          Schliesse bitte nun alle Programme >

< End of report >
--- --- ---

[/CODE]

OTL_Extras:
OTL Logfile:
Code:
OTL Extras logfile created on: 25.03.2012 18:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,35% Memory free
5,32 Gb Paging File | 4,31 Gb Available in Paging File | 81,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 40,00 Gb Total Space | 17,81 Gb Free Space | 44,53% Space Free | Partition Type: NTFS
Drive D: | 425,26 Gb Total Space | 294,34 Gb Free Space | 69,21% Space Free | Partition Type: NTFS
Drive E: | 988,00 Mb Total Space | 917,44 Mb Free Space | 92,86% Space Free | Partition Type: FAT
 
Computer Name: MC00019325 | User Name: Sravan Kumar Puppala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3024:UDP" = 3024:UDP:*:Enabled:Novell Bordermanager Proxy Services
"1761:TCP" = 1761:TCP:*:Enabled:Novell ZENworks Services
"1761:UDP" = 1761:UDP:*:Enabled:Novell ZENworks Services
"7461:TCP" = 7461:TCP:*:Enabled:Novell Asset Management
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3024:UDP" = 3024:UDP:*:Enabled:Novell Bordermanager Proxy Services
"1761:TCP" = 1761:TCP:*:Enabled:Novell ZENworks Services
"1761:UDP" = 1761:UDP:*:Enabled:Novell ZENworks Services
"2967:TCP" = 2967:TCP:*:Enabled:Symantec Client Security 1
"2967:UDP" = 2967:UDP:*:Enabled:Symantec Client Security 2
"38293:UDP" = 38293:UDP:*:Enabled:Symantec Client Security 3
"7461:TCP" = 7461:TCP:*:Enabled:Novell Asset Management
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%WINDIR%\system32\dpmw32.exe" = %WINDIR%\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"%WINDIR%\system32\vpnstats.exe" = %WINDIR%\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"%WINDIR%\system32\ikeapp.exe" = %WINDIR%\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Connected\COBackup.exe" = C:\Programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\Programme\Connected\AgentSrv.exe" = C:\Programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"C:\WINDOWS\system32\ikeapp.exe" = C:\WINDOWS\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\WINDOWS\system32\vpnstats.exe" = C:\WINDOWS\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%WINDIR%\system32\dpmw32.exe" = %WINDIR%\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"%WINDIR%\system32\vpnstats.exe" = %WINDIR%\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"%WINDIR%\system32\ikeapp.exe" = %WINDIR%\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Connected\AgentSrv.exe" = C:\Programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\Programme\Connected\COBackup.exe" = C:\Programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector -- (Connected Corporation)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:Novell Distributed Print Services -- (Novell, Inc.)
"C:\WINDOWS\system32\ikeapp.exe" = C:\WINDOWS\system32\ikeapp.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\WINDOWS\system32\vpnstats.exe" = C:\WINDOWS\system32\vpnstats.exe:*:Enabled:Novell Bordermanager VPN Services -- ()
"C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" = C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04EB530D-EFBE-4624-BC83-611E557B9F03}" = STM TPM Driver 1.0.4.15 - 32 bits
"{118C9AEE-A282-445C-8B56-A6B50795B8A6}" = Powerarchiver
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{15A3C0D8-3D81-4CF6-8797-E27BDE5F8573}" = ZENworks Uninstaller
"{1717FEDC-6D5A-44B7-AB98-814834F0E695}" = ZENworks Agent Bundle Management
"{176E8FD2-5BE4-47f5-A7FB-379428C0C027}" = ZENworks Patch Management Agent
"{17C573A8-D916-4166-81A6-7C5C608919CA}" = ZENworks Agent Authentication Satellite Module
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1BE23A18-1B51-4F59-8326-33CA5F1294F4}" = ZENworks Primary Agent
"{1CA2B9F5-835B-46C2-8961-D52C96C613B7}" = ZENworks Imaging Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F7117E-1B6F-4EEC-8F47-FB7A142FAC12}" = ZENworks Desktop Management Agent
"{21EFE22F-B9A5-4842-9EB6-0D37442F6B9E}" = assetmanagementmodule-langs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2BF03149-7323-4347-A72E-A48642C248A4}" = SMC Vorlagen für Office 2003
"{2CB10E96-23CD-4AE2-A7C4-9CF75463C174}" = ZENworks Information Icon
"{2FE4A854-6739-45B9-AF0B-270AA25215F4}" = ZENworks Agent System Update Module
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{364DA896-84B4-4887-95AA-5A2953234217}" = windows-desktop-langs
"{3C189690-43B8-4E98-A2E4-3908A8F691D0}" = PDF Konverter
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C6849B6-1953-4DAF-9A8B-783FB72F3CBB}" = Novell CASA Authentication Token Client
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4CD57A44-0FE0-44B5-AC1A-BDE5490FEA6F}" = status-collection-point-langs
"{4DF669B8-5B56-4174-AFDE-BE7DA0662850}" = primary-agent-langs
"{4E7344D7-84E3-4FB6-967F-DD4624D7EA9C}" = ZFD Mini Inventory
"{5248DF85-F55D-4F84-A08F-3B323DB036B8}" = ThinkVantage Fingerprint Software
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53675532-C165-4916-BD97-59CE0DCF5D09}" = ConText
"{55A976DD-9D1A-4B70-B36B-459D7EE3D380}" = Steria ConfigMgr Local Policy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FCDC863-72E2-4C1A-86B2-593018307B1C}" = zencore-agent-langs
"{6034D614-E53F-46F2-B0BC-280222D569C2}" = CASA
"{63C63A5D-44C8-4734-85D6-72D8332721E4}" = Mummert Zertifikate
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{72E37E13-0FB8-4644-A8E8-F2900B9C7B67}" = See & Share
"{79EE919C-7A93-4868-8B42-EF8F9B14FFFC}" = ZENworks Status Collection Point
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87467DDA-0189-4730-A3A6-079429D1657B}" = ZENworks Agent WinProxy Module
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89FB3889-47EE-4CDA-A2DC-565C1D6CEE6C}" = QlikView x86
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90F80407-6000-11D3-8CFE-0150048383C9}" = Tool zum Entfernen verborgener Daten
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{925E8226-FBED-43FD-BC8C-41207B999AF0}" = ZENworks Extensions Libraries
"{93699C3E-005E-4294-87CA-F5B7DE2CD687}" = SnagIt 8
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951F94FD-DDBB-4A15-B8E7-1560D3D28900}" = actions-langs
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98AA657D-9790-4454-9DB2-E8ED0EF8C571}" = Configuration Manager Client
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E7260AC-22D9-4622-AA26-7CD6011D9DA4}" = SAP Mobile Infrastructure
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F74D9F-ECC1-48BB-8105-6FD5B70DD55B}" = ZENworks Agent Asset Management Module
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D5C59E-F97B-4665-B811-DC93635E05B0}" = ZENworks Action Utilities
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AD98F2ED-D92A-43AA-9F28-0466928AA13C}" = content-distribution-point-langs
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF2E0395-7695-41E8-AC23-D58C328126F7}" = zennotifyicon-langs
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BC9FD7FB-5929-47F7-9B24-D9237B14F26E}" = ZENworks Version Information
"{BE0B37FE-EF39-4B9C-A329-904616EE633C}" = ZENworks Action Handlers
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{C8FE6530-2E39-4563-A7D8-183C7FA2B76A}" = ZENworks Agent Inventory Management
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB5EDF53-10D0-44F1-A25D-C7BB352AF1B8}" = Novell BorderManager 3.8.15 VPN Client
"{CBA13F11-D29E-48CC-9EBC-F122567F9119}" = Action Handler Resources
"{CD124C12-BEFD-4DBA-A915-A2F995F56B13}" = Policy Action Handler Resources
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4CAD0A4-A14D-4F70-A8CB-475776C76CF8}" = inventory-langs
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{D6EA1689-AA4C-4CF6-862C-87D9877F3651}" = ZENworks Content Distribution Point
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{D9CFF2FF-620F-4842-A075-8A0769816FA4}" = Novell ZENworks Adaptive Agent Help
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8542277-8C9D-4CC9-8D92-7C126EE7110E}" = bundle-langs
"{E855E69B-79FA-499D-866B-16B082D6D83A}" = Lotus Notes 8.0.2 de
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{EC482C6E-8F7F-4187-BB4C-841E1B64022B}" = ZENworks Actions
"{EE1B5DDC-BE68-4F19-BEEE-7FFD4DD43BFD}" = ZENworks Agent Core Modules
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F48BE301-EC78-4686-B580-EE4934558798}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{F594EA1A-5603-4B82-B624-BE1F807BC8E1}" = WinProxy-langs
"{F5F97313-4454-4B49-A602-285447A55B86}" = Intel(R) PROSet/Wireless WiFi-Software
"{F6B2EDDE-108F-463B-B788-42329FE00D9E}" = Microsoft Redistributable Files (x86)
"{FB6C607F-B865-42A2-B14B-14E207F2EA90}" = QvPluginSetup
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"{FEAD3C72-1A18-4BAB-94FB-E508C31B2E79}" = auth-satellite-server-langs
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"Connected" = Connected DataProtector
"GridinSoft Trojan Killer" = Trojan Killer
"ie8" = Windows Internet Explorer 8
"InstallShield_{9E7260AC-22D9-4622-AA26-7CD6011D9DA4}" = SAP Mobile Infrastructure
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NICI U.S./Worldwide (128 bit)" = NICI U.S./Worldwide 1.7.0 (128 bit)
"Novell Client for Windows" = Novell Client für Windows
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"PPTView97" = Microsoft PowerPoint Viewer 97
"ProInst" = Intel PROSet Wireless
"RDC" = RDC
"SAP_ALD80" = Adobe LiveCycle Designer 8.0
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamViewer 7" = TeamViewer 7
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TreeSize Professional_is1" = TreeSize Professional 4.3
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENworks" = Novell ZENworks
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2012 05:11:45 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 06:11:45 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 07:11:46 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 08:11:47 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 09:11:47 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
Error - 22.03.2012 15:08:07 | Computer Name = MC00019325 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.03.2012 02:33:26 | Computer Name = MC00019325 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 23.03.2012 05:22:01 | Computer Name = MC00019325 | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden.  Es werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene
 Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information
 ist DWORD 2.
 
Error - 23.03.2012 05:22:01 | Computer Name = MC00019325 | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode
 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.
 
Error - 23.03.2012 05:23:37 | Computer Name = MC00019325 | Source = MSSHA | ID = 1008
Description = Ein Offlinescanvorgang konnte vom Windows-Sicherheitsintegritäts-Agent
 nicht abgeschlossen werden. Fehlercode: 80070422.
 
[ Lumension Events ]
Error - 15.03.2012 14:11:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:12:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =  Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 15.03.2012 14:13:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:14:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =  Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 15.03.2012 14:15:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (full diff) - error code
 = -2  error msg = ''
 
Error - 15.03.2012 14:16:37 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =  Error occurred posting fingerprints results to PLUS - error code
 = -2
 
Error - 17.03.2012 05:06:54 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 19.03.2012 05:07:56 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 24.03.2012 07:20:40 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 25.03.2012 09:25:55 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
[ PatchLink Events ]
Error - 03.01.2012 11:33:29 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 04.01.2012 10:26:29 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 06.01.2012 04:45:50 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
Error - 08.01.2012 03:15:00 | Computer Name = MC00019325 | Source = ZENworks Patch Management Detection Agent | ID = 2
Description =    Error occurred posting detection to PLUS (incremental diff) -
error code = -30  error msg = 'Error: Invalid CheckSum'
 
[ System Events ]
Error - 15.03.2012 14:25:15 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
Error - 15.03.2012 14:25:15 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
Error - 15.03.2012 14:25:46 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
Error - 15.03.2012 14:25:48 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
Error - 15.03.2012 14:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 14:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 14:58:03 | Computer Name = MC00019325 | Source = NapAgent | ID = 30
Description = Der System-Integritäts-Agent 79745 hat den Fehlercode FailureCategory
 Other zurückgeliefert.
 
Error - 15.03.2012 15:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 15.03.2012 15:56:37 | Computer Name = MC00019325 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 16.03.2012 01:37:57 | Computer Name = MC00019325 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IBMTPCHK" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%31
 
 
< End of report >
--- --- ---

[/CODE]

Danke für Hilfe in voraus

cosinus 25.03.2012 18:13
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=a6ddc64300000000000060d819c0da1b
IE - HKCU\..\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}: "URL" = http://www.google.de
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=DDACAE69-42A6-4475-B7CB-5BC0B4AEAAB3&psa=&ind=2012022005&st=sb&n=77ed04f5&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ad.econgas.com:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad/wpad.dat
[2012.02.19 16:43:25 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ZCM Install Helper] D:\Temp\~ZCM\cleanup.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WarningMsgInBody =
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 15:06:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
[2012.02.19 16:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.03.25 17:47:24 | 000,000,000 | ---D | M] -- C:\Avenger
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sravy 25.03.2012 19:02
Dankeschön für die Hilfe.

ich habe OTL Fix gemacht und der Log sieht so aus:

Code:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{068A3FEB-E034-4CD7-834C-20E7AB1D0B46}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1003C13B-1BEF-4DB6-BEA1-DC5E2FD06A00}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
File C:\Programme\mozilla firefox\searchplugins\babylon.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZCM Install Helper deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMSAppLogo5ChannelNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\CompatibleRUPSecurity deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SynchronousMachineGroupPolicy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SynchronousUserGroupPolicy deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Home deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Fullscreen deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Tools deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Print deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Edit deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Cut deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Copy deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Paste deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Encoding deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WarningMsgInBody deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7606a47c-52f5-11e1-a04e-028037ec0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7606a47c-52f5-11e1-a04e-028037ec0200}\ not found.
File E:\Toshiba\more4you.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8140258f-3a1f-11e1-a010-60d819c0da1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8140258f-3a1f-11e1-a010-60d819c0da1b}\ not found.
File E:\Toshiba\Launcher\start.exe not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon folder moved successfully.
C:\Avenger folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 20206629 bytes
->Temporary Internet Files folder emptied: 42100 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 89441015 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43146 bytes
 
User: Sravan Kumar Puppala
->Temp folder emptied: 67550723 bytes
->Temporary Internet Files folder emptied: 86417206 bytes
->Java cache emptied: 1683626 bytes
->Flash cache emptied: 35348 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3011718 bytes
%systemroot%\System32 .tmp files removed: 275335 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2711997 bytes
Session Manager Temp folder emptied: 1213731011 bytes
Session Manager Tmp folder emptied: 94208 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 752471865 bytes
 
Total Files Cleaned = 2.134,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03252012_195040

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Temporary Internet Files\Content.IE5\VXVMIEUH\112237-windows-sicherheitsgruenden-blockiert[1].html moved successfully.
C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDXEJF2V\adsCAYJCN6W.htm moved successfully.
C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5PFWIQOD\ads[1].htm moved successfully.
File move failed. D:\Temp\BtwEventTrace_5_6_0_6500.etl scheduled to be moved on reboot.
File\Folder D:\Temp\~DF72C0.tmp not found!
File\Folder D:\Temp\~DF9153.tmp not found!

Registry entries deleted on Reboot...
Nochmal malware ausgeführt und
die Logdatei ist
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sravan Kumar Puppala :: MC00019325 [Administrator]

25.03.2012 20:03:36
mbam-log-2012-03-25 (20-11-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234261
Laufzeit: 7 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

was könnte ich noch machen?



vielendank

cosinus 26.03.2012 12:11
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

sravy 26.03.2012 20:53
Hi danke nochmal für die Antwort
Code:
21:49:22.0656 4156        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:49:22.0859 4156        ============================================================
21:49:22.0859 4156        Current date / time: 2012/03/26 21:49:22.0859
21:49:22.0859 4156        SystemInfo:
21:49:22.0859 4156       
21:49:22.0859 4156        OS Version: 5.1.2600 ServicePack: 3.0
21:49:22.0859 4156        Product type: Workstation
21:49:22.0859 4156        ComputerName: MC00019325
21:49:22.0859 4156        UserName: Sravan Kumar Puppala
21:49:22.0859 4156        Windows directory: C:\WINDOWS
21:49:22.0859 4156        System windows directory: C:\WINDOWS
21:49:22.0859 4156        Processor architecture: Intel x86
21:49:22.0859 4156        Number of processors: 4
21:49:22.0859 4156        Page size: 0x1000
21:49:22.0859 4156        Boot type: Normal boot
21:49:22.0859 4156        ============================================================
21:49:23.0656 4156        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:49:23.0656 4156        \Device\Harddisk0\DR0:
21:49:23.0656 4156        MBR used
21:49:23.0656 4156        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5000000
21:49:23.0656 4156        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5000800, BlocksNum 0x35284800
21:49:23.0656 4156        \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x3A285000, BlocksNum 0x100800
21:49:23.0734 4156        Initialize success
21:49:23.0734 4156        ============================================================
21:50:19.0328 7060        ============================================================
21:50:19.0328 7060        Scan started
21:50:19.0328 7060        Mode: Manual; SigCheck; TDLFS;
21:50:19.0328 7060        ============================================================
21:50:19.0890 7060        Abiosdsk - ok
21:50:19.0906 7060        abp480n5 - ok
21:50:19.0968 7060        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:50:20.0500 7060        ACPI - ok
21:50:20.0531 7060        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:50:20.0656 7060        ACPIEC - ok
21:50:20.0718 7060        AcPrfMgrSvc    (02150acb98286c98cd00a3b5d0daea44) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
21:50:20.0734 7060        AcPrfMgrSvc - ok
21:50:20.0750 7060        AcSvc          (bf7d32fa7ceba8fab34049dbc8631b2e) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
21:50:20.0765 7060        AcSvc - ok
21:50:20.0781 7060        adpu160m - ok
21:50:20.0828 7060        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:50:20.0921 7060        aec - ok
21:50:20.0953 7060        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:50:20.0968 7060        AFD - ok
21:50:21.0000 7060        AgentSrv - ok
21:50:21.0015 7060        Aha154x - ok
21:50:21.0031 7060        aic78u2 - ok
21:50:21.0046 7060        aic78xx - ok
21:50:21.0062 7060        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
21:50:21.0250 7060        Alerter - ok
21:50:21.0265 7060        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
21:50:21.0359 7060        ALG - ok
21:50:21.0375 7060        AliIde - ok
21:50:21.0375 7060        amsint - ok
21:50:21.0390 7060        ANC            (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
21:50:21.0421 7060        ANC ( UnsignedFile.Multi.Generic ) - warning
21:50:21.0421 7060        ANC - detected UnsignedFile.Multi.Generic (1)
21:50:21.0421 7060        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
21:50:21.0531 7060        AppMgmt - ok
21:50:21.0531 7060        asc - ok
21:50:21.0546 7060        asc3350p - ok
21:50:21.0562 7060        asc3550 - ok
21:50:21.0625 7060        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:50:21.0750 7060        aspnet_state - ok
21:50:21.0781 7060        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:50:21.0953 7060        AsyncMac - ok
21:50:21.0984 7060        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:50:22.0140 7060        atapi - ok
21:50:22.0156 7060        Atdisk - ok
21:50:22.0171 7060        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:50:22.0218 7060        Atmarpc - ok
21:50:22.0250 7060        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
21:50:22.0296 7060        AudioSrv - ok
21:50:22.0312 7060        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:50:22.0359 7060        audstub - ok
21:50:22.0375 7060        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:50:22.0421 7060        Beep - ok
21:50:22.0453 7060        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
21:50:22.0515 7060        BITS - ok
21:50:22.0562 7060        BlankScr        (0d266f08aed52d9b17b3c61be01dd576) C:\WINDOWS\system32\drivers\BlankScr.sys
21:50:22.0562 7060        BlankScr ( UnsignedFile.Multi.Generic ) - warning
21:50:22.0562 7060        BlankScr - detected UnsignedFile.Multi.Generic (1)
21:50:22.0593 7060        BM              (7351f1dbfe9284f632c4ea47b355b061) C:\WINDOWS\system32\DRIVERS\vptunnel.sys
21:50:22.0609 7060        BM ( UnsignedFile.Multi.Generic ) - warning
21:50:22.0609 7060        BM - detected UnsignedFile.Multi.Generic (1)
21:50:22.0640 7060        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
21:50:22.0687 7060        Browser - ok
21:50:22.0703 7060        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
21:50:22.0718 7060        BrScnUsb - ok
21:50:22.0750 7060        BrYNSvc        (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Programme\Browny02\BrYNSvc.exe
21:50:22.0765 7060        BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
21:50:22.0765 7060        BrYNSvc - detected UnsignedFile.Multi.Generic (1)
21:50:22.0812 7060        btaudio        (4c1e8749d280f9b8e41c4eff6a6bbc04) C:\WINDOWS\system32\drivers\btaudio.sys
21:50:22.0843 7060        btaudio - ok
21:50:22.0875 7060        BTDriver        (a47b37b97f9348e81a60c44b99011416) C:\WINDOWS\system32\DRIVERS\btport.sys
21:50:22.0875 7060        BTDriver - ok
21:50:22.0921 7060        BTKRNL          (658548bdda675ae2e36aa5604f8e9549) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:50:22.0968 7060        BTKRNL - ok
21:50:23.0046 7060        btwdins        (4b9e1a7798a80d075f53d1049fd4dab0) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
21:50:23.0078 7060        btwdins - ok
21:50:23.0093 7060        BTWDNDIS        (eb80e51cb4045571066d8ad1871e284e) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
21:50:23.0109 7060        BTWDNDIS - ok
21:50:23.0140 7060        BTWUSB          (083497b731aa32288a9a84b49757307c) C:\WINDOWS\system32\Drivers\btwusb.sys
21:50:23.0140 7060        BTWUSB - ok
21:50:23.0187 7060        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:50:23.0250 7060        cbidf2k - ok
21:50:23.0296 7060        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:50:23.0359 7060        CCDECODE - ok
21:50:23.0390 7060        ccEvtMgr        (260a069f403da226d18c058ad14fd3a3) C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
21:50:23.0406 7060        ccEvtMgr - ok
21:50:23.0453 7060        CcmExec        (a454a9baa25b8c8e76735dd86bd4b017) C:\WINDOWS\system32\CCM\CcmExec.exe
21:50:23.0531 7060        CcmExec - ok
21:50:23.0531 7060        ccSetMgr        (260a069f403da226d18c058ad14fd3a3) C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
21:50:23.0546 7060        ccSetMgr - ok
21:50:23.0562 7060        cd20xrnt - ok
21:50:23.0578 7060        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:50:23.0687 7060        Cdaudio - ok
21:50:23.0718 7060        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:50:23.0765 7060        Cdfs - ok
21:50:23.0781 7060        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:50:23.0843 7060        Cdrom - ok
21:50:23.0859 7060        Changer - ok
21:50:23.0875 7060        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
21:50:23.0921 7060        CiSvc - ok
21:50:23.0937 7060        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
21:50:23.0984 7060        ClipSrv - ok
21:50:24.0031 7060        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:24.0062 7060        clr_optimization_v2.0.50727_32 - ok
21:50:24.0093 7060        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:50:24.0234 7060        CmBatt - ok
21:50:24.0250 7060        CmdIde - ok
21:50:24.0296 7060        CnxtHdAudService (108d22ae4b97307668ae5f951aed72d1) C:\WINDOWS\system32\drivers\CHDRT32.sys
21:50:24.0390 7060        CnxtHdAudService - ok
21:50:24.0437 7060        COH_Mon        (de88a385898f6d13026f94f749fbaed2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
21:50:24.0468 7060        COH_Mon - ok
21:50:24.0500 7060        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:50:24.0562 7060        Compbatt - ok
21:50:24.0562 7060        COMSysApp - ok
21:50:24.0578 7060        Cpqarray - ok
21:50:24.0609 7060        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
21:50:24.0750 7060        CryptSvc - ok
21:50:24.0765 7060        cusrvc          (ccdf15672bfdadef3b39e249fed23298) C:\WINDOWS\system32\cusrvc.exe
21:50:24.0781 7060        cusrvc ( UnsignedFile.Multi.Generic ) - warning
21:50:24.0781 7060        cusrvc - detected UnsignedFile.Multi.Generic (1)
21:50:24.0796 7060        dac2w2k - ok
21:50:24.0796 7060        dac960nt - ok
21:50:24.0812 7060        Darpan          (566cca06fb1b98dff3e9eea563b6334e) C:\WINDOWS\system32\DRIVERS\Darpan.sys
21:50:24.0812 7060        Darpan ( UnsignedFile.Multi.Generic ) - warning
21:50:24.0812 7060        Darpan - detected UnsignedFile.Multi.Generic (1)
21:50:24.0859 7060        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
21:50:24.0921 7060        DcomLaunch - ok
21:50:24.0968 7060        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
21:50:25.0046 7060        Dhcp - ok
21:50:25.0062 7060        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:50:25.0250 7060        Disk - ok
21:50:25.0250 7060        dmadmin - ok
21:50:25.0281 7060        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:50:25.0390 7060        dmboot - ok
21:50:25.0406 7060        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:50:25.0484 7060        dmio - ok
21:50:25.0484 7060        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:50:25.0578 7060        dmload - ok
21:50:25.0609 7060        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
21:50:25.0656 7060        dmserver - ok
21:50:25.0718 7060        DMService      (4e82a6c63af27769d116eab576e5357e) C:\WINDOWS\DOWNLO~1\DMService.exe
21:50:25.0796 7060        DMService - ok
21:50:25.0828 7060        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:50:25.0937 7060        DMusic - ok
21:50:25.0968 7060        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
21:50:25.0984 7060        Dnscache - ok
21:50:26.0015 7060        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
21:50:26.0125 7060        Dot3svc - ok
21:50:26.0156 7060        DozeHDD        (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
21:50:26.0171 7060        DozeHDD - ok
21:50:26.0218 7060        DozeSvc        (a4ecdd165b0f7ee9e44a569881f4ca6d) C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
21:50:26.0328 7060        DozeSvc - ok
21:50:26.0343 7060        dpti2o - ok
21:50:26.0359 7060        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:50:26.0453 7060        drmkaud - ok
21:50:26.0484 7060        e1cexpress      (f1ebf5b469f38379285e79b043527cfd) C:\WINDOWS\system32\DRIVERS\e1c5132.sys
21:50:26.0515 7060        e1cexpress - ok
21:50:26.0531 7060        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
21:50:26.0687 7060        EapHost - ok
21:50:26.0734 7060        eeCtrl          (579a6b6135d32b857faf0e3a974535d8) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
21:50:26.0765 7060        eeCtrl - ok
21:50:26.0812 7060        EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:50:26.0812 7060        EraserUtilRebootDrv - ok
21:50:26.0828 7060        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
21:50:27.0000 7060        ERSvc - ok
21:50:27.0031 7060        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:50:27.0062 7060        Eventlog - ok
21:50:27.0093 7060        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
21:50:27.0125 7060        EventSystem - ok
21:50:27.0187 7060        EvtEng          (fe29bbf76408f47bbfef0e2cd5ccb891) C:\Programme\Intel\WiFi\bin\EvtEng.exe
21:50:27.0250 7060        EvtEng - ok
21:50:27.0296 7060        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:50:27.0343 7060        Fastfat - ok
21:50:27.0375 7060        FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
21:50:27.0453 7060        FastUserSwitchingCompatibility - ok
21:50:27.0484 7060        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:50:27.0625 7060        Fdc - ok
21:50:27.0640 7060        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:50:27.0765 7060        Fips - ok
21:50:27.0781 7060        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:50:27.0828 7060        Flpydisk - ok
21:50:27.0843 7060        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:50:27.0968 7060        FltMgr - ok
21:50:28.0015 7060        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:50:28.0015 7060        FontCache3.0.0.0 - ok
21:50:28.0031 7060        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:50:28.0078 7060        Fs_Rec - ok
21:50:28.0093 7060        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:50:28.0140 7060        Ftdisk - ok
21:50:28.0156 7060        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:50:28.0218 7060        Gpc - ok
21:50:28.0234 7060        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:50:28.0281 7060        HDAudBus - ok
21:50:28.0312 7060        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:50:28.0468 7060        helpsvc - ok
21:50:28.0468 7060        HidServ - ok
21:50:28.0484 7060        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:50:28.0578 7060        hidusb - ok
21:50:28.0593 7060        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
21:50:28.0640 7060        hkmsvc - ok
21:50:28.0656 7060        hpn - ok
21:50:28.0671 7060        HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
21:50:28.0750 7060        HTTP - ok
21:50:28.0765 7060        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
21:50:28.0843 7060        HTTPFilter - ok
21:50:28.0859 7060        i2omgmt - ok
21:50:28.0859 7060        i2omp - ok
21:50:28.0875 7060        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:50:28.0937 7060        i8042prt - ok
21:50:28.0968 7060        iaStor          (f4037a3fedb92dd97c95f320766ea5c9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:50:28.0984 7060        iaStor - ok
21:50:29.0015 7060        IBMPMDRV        (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
21:50:29.0015 7060        IBMPMDRV - ok
21:50:29.0046 7060        IBMPMSVC        (495f184a29b80b51735bcee91d84fe8f) C:\WINDOWS\system32\ibmpmsvc.exe
21:50:29.0062 7060        IBMPMSVC - ok
21:50:29.0093 7060        IBMTPCHK        (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
21:50:29.0125 7060        IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
21:50:29.0125 7060        IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
21:50:29.0187 7060        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:50:29.0281 7060        idsvc - ok
21:50:29.0359 7060        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:50:29.0453 7060        Imapi - ok
21:50:29.0468 7060        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
21:50:29.0609 7060        ImapiService - ok
21:50:29.0625 7060        ini910u - ok
21:50:29.0625 7060        IntelIde - ok
21:50:29.0656 7060        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:50:29.0828 7060        intelppm - ok
21:50:29.0875 7060        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:50:29.0937 7060        Ip6Fw - ok
21:50:29.0968 7060        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:50:30.0078 7060        IpFilterDriver - ok
21:50:30.0109 7060        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:50:30.0171 7060        IpInIp - ok
21:50:30.0203 7060        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:50:30.0265 7060        IpNat - ok
21:50:30.0296 7060        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:50:30.0359 7060        IPSec - ok
21:50:30.0390 7060        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:50:30.0437 7060        IRENUM - ok
21:50:30.0468 7060        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:50:30.0562 7060        isapnp - ok
21:50:30.0609 7060        IviRegMgr      (213822072085b5bbad9af30ab577d817) C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
21:50:30.0640 7060        IviRegMgr - ok
21:50:30.0703 7060        JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Programme\Java\jre6\bin\jqs.exe
21:50:30.0750 7060        JavaQuickStarterService - ok
21:50:30.0765 7060        jhi_service    (6faf199fdffdd2376973143c3e012765) C:\Programme\Intel\Services\IPT\jhi_service.exe
21:50:30.0875 7060        jhi_service - ok
21:50:30.0906 7060        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:50:31.0093 7060        Kbdclass - ok
21:50:31.0109 7060        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:50:31.0265 7060        kbdhid - ok
21:50:31.0296 7060        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:50:31.0453 7060        kmixer - ok
21:50:31.0484 7060        KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
21:50:31.0656 7060        KSecDD - ok
21:50:31.0687 7060        l36wgps        (31c584c4f630b253cceaea12ab930b64) C:\WINDOWS\system32\DRIVERS\l36wgps.sys
21:50:31.0687 7060        l36wgps - ok
21:50:31.0734 7060        LanmanServer    (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
21:50:31.0781 7060        LanmanServer - ok
21:50:31.0812 7060        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
21:50:31.0828 7060        lanmanworkstation - ok
21:50:31.0843 7060        lbrtfdc - ok
21:50:31.0875 7060        LENOVO.CAMMUTE  (1ef45f1bd62b8f4c19458326a3e91930) C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe
21:50:31.0890 7060        LENOVO.CAMMUTE - ok
21:50:31.0921 7060        Lenovo.micmute  (fce735941da27929dbfc1918f286ffd8) C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
21:50:31.0937 7060        Lenovo.micmute - ok
21:50:31.0937 7060        lenovo.smi      (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
21:50:31.0953 7060        lenovo.smi - ok
21:50:32.0015 7060        LiveUpdate      (6105b28f5d03c4affa7197b228768849) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:50:32.0171 7060        LiveUpdate - ok
21:50:32.0218 7060        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
21:50:32.0312 7060        LmHosts - ok
21:50:32.0359 7060        LMS            (97f9eaac985a663394cd8f54dcd3e73a) C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:50:32.0390 7060        LMS - ok
21:50:32.0421 7060        Lotus Notes Single Logon (ffe3026a0f10495252787f1a9e3543d9) C:\Notes\nslsvice.exe
21:50:32.0453 7060        Lotus Notes Single Logon - ok
21:50:32.0484 7060        Mbm4bus        (ff43f7be79b9039bd115702a3d9a9731) C:\WINDOWS\system32\DRIVERS\Mbm4bus.sys
21:50:32.0500 7060        Mbm4bus - ok
21:50:32.0515 7060        Mbm4mdfl        (ae7226900cd8a4cd7a20c904652e5d3c) C:\WINDOWS\system32\DRIVERS\Mbm4mdfl.sys
21:50:32.0531 7060        Mbm4mdfl - ok
21:50:32.0578 7060        Mbm4mdm        (a1c0e4fd7fa43954b914e3737390a494) C:\WINDOWS\system32\DRIVERS\Mbm4mdm.sys
21:50:32.0593 7060        Mbm4mdm - ok
21:50:32.0625 7060        Mbm4mgmt        (c66ddeede078244fd9d885d6f7bb419a) C:\WINDOWS\system32\DRIVERS\Mbm4mgmt.sys
21:50:32.0640 7060        Mbm4mgmt - ok
21:50:32.0656 7060        Mbm4NNd5        (725b9eb865aeba0cdbb3f3c0077ee645) C:\WINDOWS\system32\DRIVERS\Mbm4NNd5.sys
21:50:32.0656 7060        Mbm4NNd5 - ok
21:50:32.0687 7060        Mbm4NUn        (99cc98a0902ffcf99764d14a1fba02d8) C:\WINDOWS\system32\DRIVERS\Mbm4NUn.sys
21:50:32.0734 7060        Mbm4NUn - ok
21:50:32.0781 7060        MEI            (d86ac00883b9c98b570e7643aaf8e554) C:\WINDOWS\system32\DRIVERS\HECI.sys
21:50:32.0828 7060        MEI - ok
21:50:32.0843 7060        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
21:50:33.0000 7060        Messenger - ok
21:50:33.0046 7060        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:50:33.0187 7060        mnmdd - ok
21:50:33.0203 7060        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
21:50:33.0359 7060        mnmsrvc - ok
21:50:33.0390 7060        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:50:33.0468 7060        Modem - ok
21:50:33.0484 7060        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:50:33.0546 7060        Mouclass - ok
21:50:33.0562 7060        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:50:33.0625 7060        mouhid - ok
21:50:33.0640 7060        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:50:33.0687 7060        MountMgr - ok
21:50:33.0703 7060        mraid35x - ok
21:50:33.0703 7060        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:50:33.0781 7060        MRxDAV - ok
21:50:33.0812 7060        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:50:33.0843 7060        MRxSmb - ok
21:50:33.0859 7060        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
21:50:33.0921 7060        MSDTC - ok
21:50:33.0937 7060        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:50:34.0031 7060        Msfs - ok
21:50:34.0031 7060        MSIServer - ok
21:50:34.0062 7060        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:50:34.0125 7060        MSKSSRV - ok
21:50:34.0156 7060        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:50:34.0234 7060        MSPCLOCK - ok
21:50:34.0250 7060        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:50:34.0359 7060        MSPQM - ok
21:50:34.0375 7060        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:50:34.0484 7060        mssmbios - ok
21:50:34.0515 7060        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:50:34.0625 7060        MSTEE - ok
21:50:34.0640 7060        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:50:34.0671 7060        Mup - ok
21:50:34.0687 7060        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:50:34.0828 7060        NABTSFEC - ok
21:50:34.0875 7060        NALNTSERVICE    (314b1149a560fae07a0c697f9d3d7c97) C:\Programme\Novell\ZENworks\nalntsrv.exe
21:50:34.0906 7060        NALNTSERVICE ( UnsignedFile.Multi.Generic ) - warning
21:50:34.0906 7060        NALNTSERVICE - detected UnsignedFile.Multi.Generic (1)
21:50:34.0921 7060        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
21:50:35.0062 7060        napagent - ok
21:50:35.0156 7060        NAVENG          (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\GEMEIN~1\SYMANT~1\VIRUSD~1\20120326.002\NAVENG.SYS
21:50:35.0187 7060        NAVENG - ok
21:50:35.0234 7060        NAVEX15        (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\GEMEIN~1\SYMANT~1\VIRUSD~1\20120326.002\NAVEX15.SYS
21:50:35.0343 7060        NAVEX15 - ok
21:50:35.0390 7060        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:50:35.0546 7060        NDIS - ok
21:50:35.0578 7060        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:50:35.0750 7060        NdisIP - ok
21:50:35.0781 7060        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:50:35.0812 7060        NdisTapi - ok
21:50:35.0828 7060        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:50:35.0921 7060        Ndisuio - ok
21:50:35.0937 7060        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:36.0000 7060        NdisWan - ok
21:50:36.0046 7060        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:50:36.0078 7060        NDProxy - ok
21:50:36.0078 7060        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:50:36.0140 7060        NetBIOS - ok
21:50:36.0156 7060        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:50:36.0218 7060        NetBT - ok
21:50:36.0250 7060        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:50:36.0328 7060        NetDDE - ok
21:50:36.0328 7060        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
21:50:36.0406 7060        NetDDEdsdm - ok
21:50:36.0421 7060        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:36.0468 7060        Netlogon - ok
21:50:36.0484 7060        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
21:50:36.0578 7060        Netman - ok
21:50:36.0640 7060        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:50:36.0656 7060        NetTcpPortSharing - ok
21:50:36.0703 7060        NetwareWorkstation (a48f743759ea1c7917eb21cadf75f566) C:\WINDOWS\system32\NetWare\nwfs.sys
21:50:36.0734 7060        NetwareWorkstation ( UnsignedFile.Multi.Generic ) - warning
21:50:36.0734 7060        NetwareWorkstation - detected UnsignedFile.Multi.Generic (1)
21:50:36.0906 7060        NETwNx32        (32e6902485c5add8e4c6cd21545d5133) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
21:50:37.0203 7060        NETwNx32 - ok
21:50:37.0250 7060        NICICCS        (93c697a3e20026f1778776e853208e6f) C:\WINDOWS\system32\drivers\NICICCS.sys
21:50:37.0281 7060        NICICCS ( UnsignedFile.Multi.Generic ) - warning
21:50:37.0281 7060        NICICCS - detected UnsignedFile.Multi.Generic (1)
21:50:37.0296 7060        NICM            (d686538f37dff96042047930650ac88d) C:\WINDOWS\system32\drivers\nicm.sys
21:50:37.0312 7060        NICM ( UnsignedFile.Multi.Generic ) - warning
21:50:37.0312 7060        NICM - detected UnsignedFile.Multi.Generic (1)
21:50:37.0375 7060        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
21:50:37.0406 7060        Nla - ok
21:50:37.0453 7060        NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
21:50:37.0515 7060        NMIndexingService - ok
21:50:37.0562 7060        Novell Identity Store (0fbaacfa6fc27a100d56c22aa655edf7) C:\Programme\Novell\CASA\bin\micasad.exe
21:50:37.0578 7060        Novell Identity Store ( UnsignedFile.Multi.Generic ) - warning
21:50:37.0578 7060        Novell Identity Store - detected UnsignedFile.Multi.Generic (1)
21:50:37.0625 7060        Novell ZENworks Agent Service (f64dbf67e80c112d7f35d78979e01cf5) C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe
21:50:37.0625 7060        Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - warning
21:50:37.0625 7060        Novell ZENworks Agent Service - detected UnsignedFile.Multi.Generic (1)
21:50:37.0656 7060        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:50:37.0703 7060        Npfs - ok
21:50:37.0718 7060        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:50:37.0781 7060        Ntfs - ok
21:50:37.0812 7060        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:37.0859 7060        NtLmSsp - ok
21:50:37.0890 7060        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
21:50:37.0953 7060        NtmsSvc - ok
21:50:37.0968 7060        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:50:38.0015 7060        Null - ok
21:50:38.0250 7060        nv              (92ffc99aadfba0e1441556b33557b006) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:50:38.0593 7060        nv - ok
21:50:38.0640 7060        NVHDA          (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys
21:50:38.0656 7060        NVHDA - ok
21:50:38.0671 7060        nvsvc          (3f7dfa811cddc9f9369a354dbedfadda) C:\WINDOWS\system32\nvsvc32.exe
21:50:38.0703 7060        nvsvc - ok
21:50:38.0718 7060        NWDHCP          (a4b071419e0ea596ffb3da89c1f04e61) C:\WINDOWS\system32\NetWare\nwdhcp.sys
21:50:38.0734 7060        NWDHCP ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0734 7060        NWDHCP - detected UnsignedFile.Multi.Generic (1)
21:50:38.0750 7060        NWDNS          (b6f69f4d4fae462574f3440070ac22ec) C:\WINDOWS\system32\NetWare\nwdns.sys
21:50:38.0765 7060        NWDNS ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0765 7060        NWDNS - detected UnsignedFile.Multi.Generic (1)
21:50:38.0781 7060        NWFILTER        (3d8f24cbed28067e4c5a960ee67cdb19) C:\WINDOWS\system32\NetWare\nwfilter.sys
21:50:38.0781 7060        NWFILTER ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0781 7060        NWFILTER - detected UnsignedFile.Multi.Generic (1)
21:50:38.0796 7060        NWHOST          (baa75acf404bebce7065663664a7c3e4) C:\WINDOWS\system32\NetWare\NWHOST.sys
21:50:38.0812 7060        NWHOST ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0812 7060        NWHOST - detected UnsignedFile.Multi.Generic (1)
21:50:38.0828 7060        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:50:38.0875 7060        NwlnkFlt - ok
21:50:38.0890 7060        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:50:38.0953 7060        NwlnkFwd - ok
21:50:38.0968 7060        NWSAP          (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys
21:50:38.0984 7060        NWSAP ( UnsignedFile.Multi.Generic ) - warning
21:50:38.0984 7060        NWSAP - detected UnsignedFile.Multi.Generic (1)
21:50:39.0031 7060        NWSAPAutoWorkstationUpdateSvc (e6786593e1a3a2cce974a130dc6fc28f) C:\Programme\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
21:50:39.0046 7060        NWSAPAutoWorkstationUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0046 7060        NWSAPAutoWorkstationUpdateSvc - detected UnsignedFile.Multi.Generic (1)
21:50:39.0078 7060        NWSIPX32        (e00b0349cc3921225ad60728230d78be) C:\WINDOWS\system32\NetWare\nwsipx32.sys
21:50:39.0078 7060        NWSIPX32 ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0078 7060        NWSIPX32 - detected UnsignedFile.Multi.Generic (1)
21:50:39.0109 7060        NWSLP          (10e02fc7585e495dd963031520ad2f0a) C:\WINDOWS\system32\NetWare\nwslp.sys
21:50:39.0109 7060        NWSLP ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0109 7060        NWSLP - detected UnsignedFile.Multi.Generic (1)
21:50:39.0125 7060        NWSNS          (172308996609da67e99c87fa784df8bc) C:\WINDOWS\system32\NetWare\NWSNS.sys
21:50:39.0125 7060        NWSNS ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0125 7060        NWSNS - detected UnsignedFile.Multi.Generic (1)
21:50:39.0156 7060        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:50:39.0171 7060        ose - ok
21:50:39.0218 7060        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
21:50:39.0265 7060        Parport - ok
21:50:39.0296 7060        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:50:39.0343 7060        PartMgr - ok
21:50:39.0375 7060        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:50:39.0437 7060        ParVdm - ok
21:50:39.0515 7060        PatchLink Update (83c7705e5850ce8f9a527cc5af048b2c) C:\Programme\PatchLink\Update Agent\GravitixService.exe
21:50:39.0515 7060        PatchLink Update ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0515 7060        PatchLink Update - detected UnsignedFile.Multi.Generic (1)
21:50:39.0531 7060        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:50:39.0578 7060        PCI - ok
21:50:39.0578 7060        PCIDump - ok
21:50:39.0593 7060        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:50:39.0625 7060        PCIIde - ok
21:50:39.0656 7060        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:50:39.0703 7060        Pcmcia - ok
21:50:39.0703 7060        PDCOMP - ok
21:50:39.0718 7060        PDFRAME - ok
21:50:39.0718 7060        PDRELI - ok
21:50:39.0734 7060        PDRFRAME - ok
21:50:39.0734 7060        perc2 - ok
21:50:39.0750 7060        perc2hib - ok
21:50:39.0781 7060        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
21:50:39.0796 7060        PlugPlay - ok
21:50:39.0812 7060        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:39.0859 7060        PolicyAgent - ok
21:50:39.0906 7060        Power Manager DBC Service (1275eba5a13135f65665a155f61789f2) C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
21:50:39.0906 7060        Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
21:50:39.0906 7060        Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
21:50:39.0937 7060        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:50:40.0000 7060        PptpMiniport - ok
21:50:40.0078 7060        prepdrvr        (2a4514a9233d35a355f569ff8b8f6240) C:\WINDOWS\system32\CCM\prepdrv.sys
21:50:40.0093 7060        prepdrvr - ok
21:50:40.0093 7060        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:40.0156 7060        ProtectedStorage - ok
21:50:40.0171 7060        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:50:40.0343 7060        PSched - ok
21:50:40.0343 7060        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:50:40.0500 7060        Ptilink - ok
21:50:40.0546 7060        PwmEWSvc        (bb232ee2820093d13af78f3c6a67f49f) C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
21:50:40.0578 7060        PwmEWSvc - ok
21:50:40.0578 7060        ql1080 - ok
21:50:40.0593 7060        Ql10wnt - ok
21:50:40.0593 7060        ql12160 - ok
21:50:40.0609 7060        ql1240 - ok
21:50:40.0609 7060        ql1280 - ok
21:50:40.0625 7060        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:50:40.0671 7060        RasAcd - ok
21:50:40.0703 7060        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
21:50:40.0750 7060        RasAuto - ok
21:50:40.0765 7060        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:50:40.0796 7060        Rasl2tp - ok
21:50:40.0828 7060        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
21:50:40.0890 7060        RasMan - ok
21:50:40.0890 7060        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:50:40.0953 7060        RasPppoe - ok
21:50:40.0953 7060        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:50:41.0000 7060        Raspti - ok
21:50:41.0031 7060        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:50:41.0078 7060        Rdbss - ok
21:50:41.0093 7060        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:50:41.0234 7060        RDPCDD - ok
21:50:41.0250 7060        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:50:41.0296 7060        rdpdr - ok
21:50:41.0328 7060        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:50:41.0343 7060        RDPWD - ok
21:50:41.0375 7060        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
21:50:41.0421 7060        RDSessMgr - ok
21:50:41.0437 7060        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:50:41.0484 7060        redbook - ok
21:50:41.0531 7060        RegSrvc        (af9d9c8a2f6e4841673f59dc47b0d943) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
21:50:41.0546 7060        RegSrvc - ok
21:50:41.0625 7060        Remote Management Agent (cd1f0f292423e3b14aca57c7a45a1892) C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
21:50:41.0640 7060        Remote Management Agent ( UnsignedFile.Multi.Generic ) - warning
21:50:41.0640 7060        Remote Management Agent - detected UnsignedFile.Multi.Generic (1)
21:50:41.0671 7060        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
21:50:41.0718 7060        RemoteAccess - ok
21:50:41.0750 7060        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
21:50:41.0796 7060        RemoteRegistry - ok
21:50:41.0828 7060        RESMGR          (382ec29aa5bbd5ea7e959167f9cdada2) C:\WINDOWS\system32\NetWare\resmgr.sys
21:50:41.0828 7060        RESMGR ( UnsignedFile.Multi.Generic ) - warning
21:50:41.0828 7060        RESMGR - detected UnsignedFile.Multi.Generic (1)
21:50:41.0875 7060        risdxc          (9ebc0f4b55ec20e91fe40ac83825836c) C:\WINDOWS\system32\DRIVERS\risdxc86.sys
21:50:41.0890 7060        risdxc - ok
21:50:41.0906 7060        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
21:50:41.0984 7060        RpcLocator - ok
21:50:42.0062 7060        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
21:50:42.0078 7060        RpcSs - ok
21:50:42.0125 7060        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
21:50:42.0218 7060        RSVP - ok
21:50:42.0265 7060        S24EventMonitor (0acf9b6bbd8b0f45f1b9a1f6c48c8e9f) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
21:50:42.0328 7060        S24EventMonitor - ok
21:50:42.0390 7060        s24trans        (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:50:42.0390 7060        s24trans ( UnsignedFile.Multi.Generic ) - warning
21:50:42.0390 7060        s24trans - detected UnsignedFile.Multi.Generic (1)
21:50:42.0421 7060        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
21:50:42.0515 7060        SamSs - ok
21:50:42.0531 7060        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
21:50:42.0578 7060        SCardSvr - ok
21:50:42.0625 7060        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
21:50:42.0687 7060        Schedule - ok
21:50:42.0703 7060        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:50:42.0734 7060        Secdrv - ok
21:50:42.0750 7060        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
21:50:42.0812 7060        seclogon - ok
21:50:42.0843 7060        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
21:50:42.0968 7060        SENS - ok
21:50:43.0000 7060        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:50:43.0078 7060        serenum - ok
21:50:43.0093 7060        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
21:50:43.0250 7060        Serial - ok
21:50:43.0265 7060        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:50:43.0421 7060        Sfloppy - ok
21:50:43.0437 7060        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
21:50:43.0546 7060        SharedAccess - ok
21:50:43.0578 7060        ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
21:50:43.0671 7060        ShellHWDetection - ok
21:50:43.0703 7060        Shockprf        (df6a84dd19d3c0858d707b5e64938d60) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
21:50:43.0703 7060        Shockprf - ok
21:50:43.0734 7060        Simbad - ok
21:50:43.0750 7060        SkypeUpdate    (17eab7852ff9f15fbaab4e95efc0b812) C:\Programme\Skype\Updater\Updater.exe
21:50:43.0875 7060        SkypeUpdate - ok
21:50:43.0906 7060        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:50:44.0046 7060        SLIP - ok
21:50:44.0156 7060        SMART Mirror Driver Monitor Service (a79877a2c614503b93c9a3e87b25f8da) C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe
21:50:44.0281 7060        SMART Mirror Driver Monitor Service ( UnsignedFile.Multi.Generic ) - warning
21:50:44.0281 7060        SMART Mirror Driver Monitor Service - detected UnsignedFile.Multi.Generic (1)
21:50:44.0343 7060        SmcService      (0dc94380be7d36ae241029c72807692e) C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe
21:50:44.0437 7060        SmcService - ok
21:50:44.0500 7060        smihlp          (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys
21:50:44.0515 7060        smihlp - ok
21:50:44.0562 7060        smrtdrv        (947154112d318885026dedeaa13489ca) C:\WINDOWS\system32\DRIVERS\smrtdrv.sys
21:50:44.0562 7060        smrtdrv - ok
21:50:44.0593 7060        smsmdd          (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
21:50:44.0593 7060        smsmdd - ok
21:50:44.0640 7060        smstsmgr - ok
21:50:44.0671 7060        SNAC            (65e1ebf379856b677979802c8d5bcd87) C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE
21:50:44.0734 7060        SNAC - ok
21:50:44.0750 7060        Sony_EricssonWWSC (deaf30a1a325168bf823ecda2fb89f6e) C:\WINDOWS\system32\DRIVERS\lnvoscard.sys
21:50:44.0765 7060        Sony_EricssonWWSC - ok
21:50:44.0765 7060        Sparrow - ok
21:50:44.0828 7060        SPBBCDrv        (e87cf104f12c92401c4d33c50a3d5dc8) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
21:50:44.0859 7060        SPBBCDrv - ok
21:50:44.0890 7060        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:50:44.0984 7060        splitter - ok
21:50:45.0046 7060        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:50:45.0078 7060        Spooler - ok
21:50:45.0109 7060        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:50:45.0156 7060        sr - ok
21:50:45.0187 7060        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
21:50:45.0218 7060        srservice - ok
21:50:45.0234 7060        SRTSP          (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
21:50:45.0250 7060        SRTSP - ok
21:50:45.0296 7060        SRTSPL          (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
21:50:45.0328 7060        SRTSPL - ok
21:50:45.0343 7060        SRTSPX          (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
21:50:45.0359 7060        SRTSPX - ok
21:50:45.0375 7060        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:50:45.0390 7060        Srv - ok
21:50:45.0421 7060        SRVLOC          (9a44b2bacf48abba25cbd043770a7fcb) C:\WINDOWS\system32\NetWare\srvloc.sys
21:50:45.0437 7060        SRVLOC ( UnsignedFile.Multi.Generic ) - warning
21:50:45.0437 7060        SRVLOC - detected UnsignedFile.Multi.Generic (1)
21:50:45.0453 7060        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
21:50:45.0515 7060        SSDPSRV - ok
21:50:45.0562 7060        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
21:50:45.0625 7060        stisvc - ok
21:50:45.0656 7060        stmtpm          (8afa1b80366276f8345a6b61e0df2f3e) C:\WINDOWS\system32\DRIVERS\stm_tpm.sys
21:50:45.0656 7060        stmtpm - ok
21:50:45.0687 7060        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:50:45.0734 7060        streamip - ok
21:50:45.0765 7060        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:50:45.0843 7060        swenum - ok
21:50:45.0859 7060        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:50:45.0906 7060        swmidi - ok
21:50:45.0906 7060        SwPrv - ok
21:50:45.0984 7060        Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe
21:50:46.0093 7060        Symantec AntiVirus - ok
21:50:46.0109 7060        symc810 - ok
21:50:46.0109 7060        symc8xx - ok
21:50:46.0140 7060        SymEvent        (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:50:46.0156 7060        SymEvent - ok
21:50:46.0156 7060        sym_hi - ok
21:50:46.0171 7060        sym_u3 - ok
21:50:46.0203 7060        SynTP          (4db524dcd5cece0349d9f8c3738da0b2) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:50:46.0250 7060        SynTP - ok
21:50:46.0296 7060        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:50:46.0406 7060        sysaudio - ok
21:50:46.0437 7060        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
21:50:46.0546 7060        SysmonLog - ok
21:50:46.0562 7060        SysPlant        (5dcc2c7acc29dfba5ba82ed47d99c7e5) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
21:50:46.0578 7060        SysPlant - ok
21:50:46.0609 7060        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
21:50:46.0750 7060        TapiSrv - ok
21:50:46.0781 7060        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:50:46.0843 7060        Tcpip - ok
21:50:46.0875 7060        TcUsb          (58e3eb5a5c78740c5870eee6648ccc46) C:\WINDOWS\system32\Drivers\tcusb.sys
21:50:46.0906 7060        TcUsb - ok
21:50:46.0937 7060        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:50:47.0093 7060        TDPIPE - ok
21:50:47.0109 7060        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:50:47.0218 7060        TDTCP - ok
21:50:47.0234 7060        Teefer2        (1d3c046a9106de97ddc8276958700bf4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
21:50:47.0250 7060        Teefer2 - ok
21:50:47.0265 7060        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:50:47.0312 7060        TermDD - ok
21:50:47.0328 7060        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
21:50:47.0390 7060        TermService - ok
21:50:47.0406 7060        Themes          (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
21:50:47.0468 7060        Themes - ok
21:50:47.0500 7060        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
21:50:47.0531 7060        TlntSvr - ok
21:50:47.0531 7060        TosIde - ok
21:50:47.0562 7060        TPDIGIMN        (50b570e4209f6d401893720fc8ddce46) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
21:50:47.0562 7060        TPDIGIMN - ok
21:50:47.0593 7060        TPHDEXLGSVC    (1f98a2433555dd854cb4e2edc819deb4) C:\WINDOWS\system32\TPHDEXLG.exe
21:50:47.0609 7060        TPHDEXLGSVC - ok
21:50:47.0656 7060        TPHKDRV        (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
21:50:47.0671 7060        TPHKDRV - ok
21:50:47.0734 7060        TPHKLOAD        (88d609bfdeb7e013e9e491434190ba43) C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
21:50:47.0750 7060        TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
21:50:47.0750 7060        TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
21:50:47.0765 7060        TPHKSVC        (9e6e4a9789f76593cc5a6a5af8fc5929) C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
21:50:47.0781 7060        TPHKSVC - ok
21:50:47.0812 7060        TPPWRIF        (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
21:50:47.0828 7060        TPPWRIF - ok
21:50:47.0843 7060        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
21:50:47.0921 7060        TrkWks - ok
21:50:47.0968 7060        TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\WINDOWS\system32\DRIVERS\gtkdrv.sys
21:50:47.0968 7060        TrojanKillerDriver - ok
21:50:48.0000 7060        TSMAPIP        (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
21:50:48.0015 7060        TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
21:50:48.0015 7060        TSMAPIP - detected UnsignedFile.Multi.Generic (1)
21:50:48.0062 7060        uagqecsvc      (e212cd75c7558450c0890710f892084c) C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
21:50:48.0078 7060        uagqecsvc - ok
21:50:48.0125 7060        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:50:48.0203 7060        Udfs - ok
21:50:48.0218 7060        ultra - ok
21:50:48.0328 7060        UNS            (a69cd6bdb82872999d2e46f9324ada83) C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:50:48.0453 7060        UNS - ok
21:50:48.0515 7060        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:50:48.0609 7060        Update - ok
21:50:48.0656 7060        UPHClean        (3f9a3232e5f942874488981f3242c989) C:\Programme\UPHClean\uphclean.exe
21:50:48.0671 7060        UPHClean ( UnsignedFile.Multi.Generic ) - warning
21:50:48.0671 7060        UPHClean - detected UnsignedFile.Multi.Generic (1)
21:50:48.0718 7060        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
21:50:48.0765 7060        upnphost - ok
21:50:48.0781 7060        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
21:50:48.0843 7060        UPS - ok
21:50:48.0875 7060        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:50:48.0921 7060        usbccgp - ok
21:50:48.0937 7060        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:50:48.0984 7060        usbehci - ok
21:50:49.0000 7060        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:50:49.0093 7060        usbhub - ok
21:50:49.0125 7060        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:50:49.0234 7060        usbprint - ok
21:50:49.0250 7060        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:50:49.0296 7060        USBSTOR - ok
21:50:49.0296 7060        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:50:49.0343 7060        usbuhci - ok
21:50:49.0359 7060        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:50:49.0421 7060        usbvideo - ok
21:50:49.0437 7060        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:50:49.0531 7060        VgaSave - ok
21:50:49.0546 7060        ViaIde - ok
21:50:49.0562 7060        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:50:49.0687 7060        VolSnap - ok
21:50:49.0718 7060        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
21:50:49.0781 7060        VSS - ok
21:50:49.0796 7060        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
21:50:49.0843 7060        W32Time - ok
21:50:49.0859 7060        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:50:49.0906 7060        Wanarp - ok
21:50:49.0937 7060        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:50:49.0968 7060        Wdf01000 - ok
21:50:49.0968 7060        WDICA - ok
21:50:50.0015 7060        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:50:50.0062 7060        wdmaud - ok
21:50:50.0093 7060        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
21:50:50.0125 7060        WebClient - ok
21:50:50.0156 7060        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:50:50.0203 7060        winmgmt - ok
21:50:50.0234 7060        WMCoreService - ok
21:50:50.0281 7060        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:50:50.0281 7060        WmdmPmSN - ok
21:50:50.0312 7060        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
21:50:50.0343 7060        Wmi - ok
21:50:50.0390 7060        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:50:50.0437 7060        WmiAcpi - ok
21:50:50.0453 7060        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:50:50.0515 7060        WmiApSrv - ok
21:50:50.0562 7060        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
21:50:50.0640 7060        WMPNetworkSvc - ok
21:50:50.0687 7060        WNTHW          (c214dd6d6905f01fe3e0a2c334e2244e) C:\WINDOWS\system32\DRIVERS\WNTHW.SYS
21:50:50.0703 7060        WNTHW ( UnsignedFile.Multi.Generic ) - warning
21:50:50.0703 7060        WNTHW - detected UnsignedFile.Multi.Generic (1)
21:50:50.0734 7060        WPS            (e8e745b8eee63c7cf7d34833d3b8ca7f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
21:50:50.0734 7060        WPS - ok
21:50:50.0765 7060        WpsHelper      (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
21:50:50.0781 7060        WpsHelper - ok
21:50:50.0812 7060        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
21:50:50.0906 7060        wscsvc - ok
21:50:50.0937 7060        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:50:50.0968 7060        WSTCODEC - ok
21:50:51.0000 7060        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
21:50:51.0046 7060        wuauserv - ok
21:50:51.0078 7060        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:50:51.0078 7060        WudfPf - ok
21:50:51.0093 7060        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:50:51.0109 7060        WudfRd - ok
21:50:51.0125 7060        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:50:51.0140 7060        WudfSvc - ok
21:50:51.0171 7060        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
21:50:51.0281 7060        WZCSVC - ok
21:50:51.0312 7060        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
21:50:51.0390 7060        xmlprov - ok
21:50:51.0453 7060        XTAgent        (0b6cd7f4ad6ae20f7585416f7cc3e09d) C:\WINDOWS\System32\Novell\XTAgent.exe
21:50:51.0500 7060        XTAgent ( UnsignedFile.Multi.Generic ) - warning
21:50:51.0500 7060        XTAgent - detected UnsignedFile.Multi.Generic (1)
21:50:51.0546 7060        ZENPreAgent    (144f2f6919403bfbb61e4e256bc9763f) C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe
21:50:51.0562 7060        ZENPreAgent ( UnsignedFile.Multi.Generic ) - warning
21:50:51.0562 7060        ZENPreAgent - detected UnsignedFile.Multi.Generic (1)
21:50:51.0578 7060        ZFDWM          (0cecef6cf073aad201b5d671a3c0cd60) C:\Programme\Novell\ZENworks\wm.exe
21:50:51.0609 7060        ZFDWM ( UnsignedFile.Multi.Generic ) - warning
21:50:51.0609 7060        ZFDWM - detected UnsignedFile.Multi.Generic (1)
21:50:51.0625 7060        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:50:51.0953 7060        \Device\Harddisk0\DR0 - ok
21:50:51.0953 7060        Boot (0x1200)  (3517c5b4fad91ffe6593ae16d5730873) \Device\Harddisk0\DR0\Partition0
21:50:51.0953 7060        \Device\Harddisk0\DR0\Partition0 - ok
21:50:51.0984 7060        Boot (0x1200)  (90099d54f6f832bec9f15797c1b37e3d) \Device\Harddisk0\DR0\Partition1
21:50:51.0984 7060        \Device\Harddisk0\DR0\Partition1 - ok
21:50:52.0031 7060        Boot (0x1200)  (c746c0b62a8272709e2bf62fc5daa784) \Device\Harddisk0\DR0\Partition2
21:50:52.0046 7060        \Device\Harddisk0\DR0\Partition2 - ok
21:50:52.0046 7060        ============================================================
21:50:52.0046 7060        Scan finished
21:50:52.0046 7060        ============================================================
21:50:52.0140 3840        Detected object count: 36
21:50:52.0140 3840        Actual detected object count: 36
21:51:44.0578 3840        ANC ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        BlankScr ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        BlankScr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        BM ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        BM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        cusrvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        cusrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        Darpan ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        Darpan ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        NALNTSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        NALNTSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        NetwareWorkstation ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        NetwareWorkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        NICICCS ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0593 3840        NICICCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0593 3840        NICM ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        NICM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        Novell Identity Store ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        Novell Identity Store ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        Novell ZENworks Agent Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        NWDHCP ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        NWDHCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        NWDNS ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        NWDNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        NWFILTER ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        NWFILTER ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        NWHOST ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        NWHOST ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        NWSAP ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        NWSAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        NWSAPAutoWorkstationUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        NWSAPAutoWorkstationUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        NWSIPX32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        NWSIPX32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0609 3840        NWSLP ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0609 3840        NWSLP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        NWSNS ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        NWSNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        PatchLink Update ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        PatchLink Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        Remote Management Agent ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        Remote Management Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        RESMGR ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        RESMGR ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        SMART Mirror Driver Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        SMART Mirror Driver Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        SRVLOC ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        SRVLOC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0625 3840        UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0625 3840        UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0640 3840        WNTHW ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0640 3840        WNTHW ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0640 3840        XTAgent ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0640 3840        XTAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0640 3840        ZENPreAgent ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0640 3840        ZENPreAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:44.0640 3840        ZFDWM ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:44.0640 3840        ZFDWM ( UnsignedFile.Multi.Generic ) - User select action: Skip
Ich warte auf eine Antwort.
Vielendank in Voraus!

cosinus 27.03.2012 10:12
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sravy 27.03.2012 21:17
Der log sieht so aus nach der CombiFix ausführung.
Danke in Voraus. Auf eine Rückmeldung würde ich mich freuen.

[CODE]
Combofix Logfile:
Code:
ComboFix 12-03-27.03 - Sravan Kumar Puppala 27.03.2012  22:01:28.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3569.2561 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sravan Kumar Puppala\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\TelevisionFanatic
c:\programme\TelevisionFanatic\bar\Cache\0007AA95
c:\programme\TelevisionFanatic\bar\Cache\0007BE8B.bmp
c:\programme\TelevisionFanatic\bar\Cache\0007BF27.bmp
c:\programme\TelevisionFanatic\bar\Cache\0007C0EC.bmp
c:\programme\TelevisionFanatic\bar\Cache\0007C2A2.bmp
c:\programme\TelevisionFanatic\bar\Cache\0007C2C1.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009CAF5.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009CECD.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009CEEC.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009CFC7.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009D0A2.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009D2D4.bmp
c:\programme\TelevisionFanatic\bar\Cache\0009D7B6.bmp
c:\programme\TelevisionFanatic\bar\Cache\000D0F52.jhtml
c:\programme\TelevisionFanatic\bar\Cache\files.ini
c:\programme\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\programme\TelevisionFanatic\bar\History\search3
c:\programme\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\programme\TelevisionFanatic\bar\Message\COMMON.T8S
c:\programme\TelevisionFanatic\bar\Message\COMMON\8_step1.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\anemone.js
c:\programme\TelevisionFanatic\bar\Message\COMMON\bd_grad.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpguard.js
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpguard1.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpguard2.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpp_ok.png
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpp_x.png
c:\programme\TelevisionFanatic\bar\Message\COMMON\hpp_x2.png
c:\programme\TelevisionFanatic\bar\Message\COMMON\index.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\mid_dots.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\mws_logo.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\protect.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\rebut4b.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\shield.png
c:\programme\TelevisionFanatic\bar\Message\COMMON\stop.gif
c:\programme\TelevisionFanatic\bar\Message\COMMON\systrayp.htm
c:\programme\TelevisionFanatic\bar\Message\COMMON\tp_grad.gif
c:\programme\TelevisionFanatic\bar\Settings\prevcfg2.htm
c:\programme\TelevisionFanatic\bar\Settings\s_pid.dat
c:\programme\TelevisionFanatic\bar\Settings\s_w1.dat
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100016728.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100016730.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100065028.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties200821787.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\Radio.html
c:\programme\TelevisionFanatic\TelevisionFanatic\Cache\VideosAffinityBtn.html
c:\windows\EventSystem.log
c:\windows\system32\default_user_class.dat.LOG
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TELEVISIONFANATICSERVICE
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-25 17:50 . 2012-03-25 17:50        --------        d-----w-        C:\_OTL
2012-03-25 16:48 . 2012-03-25 16:48        --------        d-----w-        c:\programme\ESET
2012-03-25 13:06 . 2012-03-25 13:06        --------        d-----w-        c:\dokumente und einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Malwarebytes
2012-03-25 13:06 . 2012-03-25 13:06        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-25 13:06 . 2012-03-25 13:06        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-03-25 13:06 . 2011-12-10 13:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-24 14:04 . 2012-03-24 15:19        --------        d-----w-        c:\programme\GridinSoft Trojan Killer
2012-03-19 12:14 . 2012-03-19 12:14        --------        d-----w-        c:\dokumente und einstellungen\Sravan Kumar Puppala\Anwendungsdaten\webex
2012-03-01 14:01 . 2012-03-01 14:01        2432        ----a-w-        c:\windows\system32\drivers\smrtdrv.sys
2012-03-01 14:01 . 2012-03-01 14:01        3584        ----a-w-        c:\windows\system32\smrtexp.dll
2012-03-01 14:01 . 2012-03-01 14:01        11648        ----a-w-        c:\windows\system32\smrtdrv.dll
2012-02-29 10:54 . 2012-02-29 10:54        --------        d-sh--w-        c:\dokumente und einstellungen\Sravan Kumar Puppala\IECompatCache
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 11:16 . 2012-01-03 18:14        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 07:13 . 2011-12-20 09:29        167936        ----a-w-        c:\windows\system32\drivers\wpshelper.sys
2012-01-14 10:54 . 2012-01-14 10:54        57344        ----a-r-        c:\dokumente und einstellungen\Sravan Kumar Puppala\Anwendungsdaten\Microsoft\Installer\{72E37E13-0FB8-4644-A8E8-F2900B9C7B67}\SeeAndShare.exe_72E37E130FB84644A8E8F2900B9C7B67.exe
2012-01-12 17:20 . 2009-08-14 15:10        1860096        ----a-w-        c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-19 14:12        3072        ------w-        c:\windows\system32\iacenc.dll
2012-01-04 14:28 . 2012-01-04 14:28        16128        ----a-w-        c:\windows\system32\drivers\gtkdrv.sys
2010-10-11 01:29 . 2010-10-11 01:29        114688        ----a-w-        c:\programme\ad_ff.dll
2009-07-12 05:24 . 2011-12-20 09:23        626688        ----a-w-        c:\programme\Gemeinsame Dateien\sapconsaccess.dll
2009-07-12 05:24 . 2011-12-20 09:23        40960        ----a-w-        c:\programme\Gemeinsame Dateien\DigitalSignature.ocx
2009-07-12 05:24 . 2011-12-20 09:23        3145728        ----a-w-        c:\programme\Gemeinsame Dateien\sapxlhelper.dll
2009-07-12 05:24 . 2011-12-20 09:23        192512        ----a-w-        c:\programme\Gemeinsame Dateien\sapconsr3.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMART Mirror Driver Monitor Service"="c:\dokumente und einstellungen\Sravan Kumar Puppala\" [X]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-05-05 2262312]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"EZEJMNAP"="c:\progra~2\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"AMSG"="c:\programme\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
"PWRMGRTR"="c:\progra~2\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-05-10 759144]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2011-01-07 62312]
"LPManager"="c:\progra~2\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~2\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-17 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-17 13887080]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"SAP_WUS_UNT"="c:\programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe" [2009-06-17 212992]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"Application Explorer"="c:\programme\Novell\ZENworks\naldesk.exe" [2006-06-13 7168]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2011-04-14 431464]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-04-14 189800]
"PDDM"="c:\programme\PatchLink\Update Agent\pddm.exe" [2009-07-28 401408]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\programme\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-9 636256]
Connected TaskBar Icon.LNK - c:\programme\Connected\CBSysTray.exe [2011-12-20 114688]
SnagIt 8.lnk - c:\programme\TechSmith\SnagIt 8\SnagIt32.exe [2006-5-10 5517312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\programme\Novell\ZENworks\NalShell.dll" [2007-08-08 458752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LCredMgr]
2010-10-11 01:29        61440        ----a-w-        c:\programme\Novell\CASA\bin\lcredmgr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2007-01-10 11:52        24576        ----a-w-        c:\windows\system32\novell\xtnotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-07 10:57        100176        ----a-w-        c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages        REG_MULTI_SZ          msv1_0 nwv1_0
Notification Packages        REG_MULTI_SZ          scecli c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%WINDIR%\\system32\\dpmw32.exe"=
"%WINDIR%\\system32\\vpnstats.exe"=
"%WINDIR%\\system32\\ikeapp.exe"=
"c:\programme\Connected\AgentSrv.exe"= c:\programme\Connected\AgentSrv.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector
"c:\programme\Connected\COBackup.exe"= c:\programme\Connected\COBackup.exe:10.0.0.0/255.0.0.0,193.26.252.0/255.255.255.0:Enabled:Connected DataProtector
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\WINDOWS\\system32\\ikeapp.exe"=
"c:\\WINDOWS\\system32\\vpnstats.exe"=
"c:\\Programme\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Programme\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3024:UDP"= 3024:UDP:Novell Bordermanager Proxy Services
"1761:TCP"= 1761:TCP:Novell ZENworks Services
"1761:UDP"= 1761:UDP:Novell ZENworks Services
"2967:TCP"= 2967:TCP:Symantec Client Security 1
"2967:UDP"= 2967:UDP:Symantec Client Security 2
"38293:UDP"= 38293:UDP:Symantec Client Security 3
"7461:TCP"= 7461:TCP:Novell Asset Management
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [20.12.2011 13:23 25968]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [09.11.2011 10:10 21504]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [13.01.2011 10:32 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [09.11.2011 10:17 13680]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [23.05.2005 15:47 6899]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [20.12.2011 13:23 292200]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\programme\Intel\Services\IPT\jhi_service.exe [07.02.2011 12:45 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\programme\Lenovo\Communications Utility\CamMute.exe [20.12.2011 13:25 40808]
R2 Lenovo.micmute;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [09.11.2011 10:17 45496]
R2 NICICCS;NICICCS;c:\windows\system32\drivers\niciccs.sys [20.12.2011 18:07 456080]
R2 Novell Identity Store;Novell Identity Store;c:\programme\Novell\CASA\bin\micasad.exe [11.10.2010 03:29 245760]
R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\programme\Novell\ZENworks\bin\ZenworksWindowsService.exe [01.04.2011 18:03 28672]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\programme\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [20.12.2011 11:22 253952]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [20.12.2011 13:23 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\programme\ThinkPad\Utilities\PWMEWSVC.exe [20.12.2011 13:23 148840]
R2 Remote Management Agent;Novell ZENworks-Fernverwaltungsagent;c:\programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [09.05.2006 11:59 167936]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [09.11.2011 10:10 75264]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [13.03.2009 10:17 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [09.11.2011 10:17 99328]
R2 TPHKSVC;On Screen Display;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [09.11.2011 10:17 64440]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [10.01.2012 14:03 150928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [20.12.2011 13:22 2656280]
R2 WMCoreService;Mobile Broadband Service;c:\programme\Mobile Broadband drivers\WMCore\WMCore.exe servicemode --> c:\programme\Mobile Broadband drivers\WMCore\WMCore.exe servicemode [?]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [20.12.2011 11:18 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [10.01.2007 13:52 61440]
R3 BM;Novell Virtual Private Network Miniport;c:\windows\system32\drivers\vptunnel.sys [20.12.2011 18:05 217164]
R3 BrYNSvc;BrYNSvc;c:\programme\Browny02\BrYNSvc.exe [15.01.2012 21:55 245760]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [23.05.2005 15:11 2773]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [09.11.2011 10:02 174248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [04.02.2012 22:54 106104]
R3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\drivers\l36wgps.sys [20.12.2011 12:36 87592]
R3 Mbm4bus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [20.12.2011 12:36 122824]
R3 Mbm4mdfl; Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [20.12.2011 12:36 14920]
R3 Mbm4mdm; Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [20.12.2011 12:36 138952]
R3 Mbm4mgmt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [20.12.2011 12:36 132808]
R3 Mbm4NNd5;F5521gw Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\Mbm4NNd5.sys [20.12.2011 12:36 24904]
R3 Mbm4NUn;F5521gw Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [20.12.2011 12:36 149960]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [09.11.2011 10:10 41088]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows XP 32-Bit;c:\windows\system32\drivers\NETwNx32.sys [09.11.2011 10:02 7391104]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [09.11.2011 10:03 119528]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [01.03.2012 16:01 2432]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [20.12.2011 12:36 24232]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [31.01.2012 16:09 158856]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service;c:\dokumente und einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe [01.03.2012 16:01 135680]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [02.12.2009 17:02 23888]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [10.01.2012 14:02 487312]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [04.01.2012 16:28 16128]
S3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [20.12.2011 11:17 196608]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\PMTask.job
- c:\progra~2\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-12-20 00:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.steria-mummert.de/intern/
mStart Page = https://www.steria-mummert.de/intern/
IE: Send to &Bluetooth Device... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: hotmail.de
Trusted Zone: live.com\login
Trusted Zone: srv7vie07
Trusted Zone: steria.com\chgpwd.hq
TCP: DhcpNameServer = 192.168.178.1
DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} - hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-ACNotify - ACNotify.dll
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-27 22:10
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\NETWIN32.DLL
c:\programme\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\msi.dll
c:\windows\system32\ZenMup.dll
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\qlbase.dll
.
- - - - - - - > 'lsass.exe'(832)
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(7112)
c:\windows\system32\btmmhook.dll
c:\programme\Novell\ZENworks\NLS\deutsch\NalUIRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Intel\WiFi\bin\S24EvMon.exe
c:\programme\Symantec\Symantec Endpoint Protection\Smc.exe
c:\programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\progra~2\Lenovo\HOTKEY\tpnumlk.exe
c:\programme\Connected\AgentSrv.EXE
c:\windows\system32\CCM\CcmExec.exe
c:\programme\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Novell\ZENworks\bin\TSUsage32.exe
c:\programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\notes\nslsvice.exe
c:\programme\Novell\ZENworks\nalntsrv.exe
c:\programme\PatchLink\Update Agent\GravitixService.exe
c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
c:\programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\programme\UPHClean\uphclean.exe
c:\programme\Mobile Broadband drivers\WMCore\WMCore.exe
c:\programme\Novell\ZENworks\wm.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\programme\Novell\ZENworks\WMRUNDLL.EXE
c:\windows\system32\rundll32.exe
c:\progra~2\Lenovo\Zoom\TPSCREX.EXE
c:\progra~2\Lenovo\HOTKEY\TPONSCR.EXE
c:\progra~2\Lenovo\HOTKEY\tpnumlkd.exe
c:\programme\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\NWTRAY.EXE
c:\programme\Synaptics\SynTP\SynTPLpr.exe
c:\programme\Brother\ControlCenter3\brccMCtl.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\progra~2\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programme\TechSmith\SnagIt 8\TSCHelp.exe
c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
c:\programme\Novell\ZENworks\NalAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-27  22:12:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-27 20:12
.
Vor Suchlauf: 10 Verzeichnis(se), 19.232.137.216 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 19.290.296.320 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3DA874CFE4AB57653DA79FFF4B179FFB
--- --- ---

cosinus 27.03.2012 21:24
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

sravy 27.03.2012 22:28
OSAM Log
[CODE]
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:34:32 on 27.03.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"PMTask.job" - ? - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMIDTSK.EXE  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"GravitixControlPanel.cpl" - "Novell, Inc." - C:\WINDOWS\system32\GravitixControlPanel.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nCredps.cpl" - "Novell, Inc." - C:\WINDOWS\system32\nCredps.cpl
"PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl
"sapfcpl.cpl" - "SAP AG, Walldorf" - C:\WINDOWS\system32\sapfcpl.cpl
"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)
"TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl
"TweakUI.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\TweakUI.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl
"SMSCFGRC" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\SMSCFGRC.cpl
"SMSPDM" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\SMSPDM.cpl
"SMSRAP" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\SMSRAP.cpl
"SMSRCCPL" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\clicomp\RemCtrl\smsrc.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
"aswMBR" (aswMBR) - ? - D:\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Darpan" (Darpan) - "Novell, Inc." - C:\WINDOWS\System32\DRIVERS\Darpan.sys
"DNS-Namespace-Service-Anbieter von Novell" (NWDNS) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwdns.sys
"DozeHDD" (DozeHDD) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\DozeHDD.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"fwddrfog" (fwddrfog) - ? - D:\Temp\fwddrfog.sys  (Hidden registry entry, rootkit activity | File not found)
"HBDevice" (BlankScr) - "Novell Inc." - C:\WINDOWS\system32\drivers\BlankScr.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - D:\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Namespace-Service-Anbieter der Hostdatei von Novell" (NWHOST) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\NWHOST.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\PROGRA~2\GEMEIN~1\SYMANT~1\VIRUSD~1\20120326.019\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\PROGRA~2\GEMEIN~1\SYMANT~1\VIRUSD~1\20120326.019\NAVEX15.SYS
"NICICCS" (NICICCS) - ? - C:\WINDOWS\system32\drivers\NICICCS.sys  (File found, but it contains no detailed information)
"Novell Client für Windows" (NetwareWorkstation) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwfs.sys
"Novell DHCP-Informations-Client" (NWDHCP) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwdhcp.sys
"Novell InterService-Kommunikationstreiber" (NICM) - "Novell, Inc." - C:\WINDOWS\System32\drivers\nicm.sys
"Novell NetWare-IPX/SPX-Transport-Schnittstelle" (NWSIPX32) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwsipx32.sys
"Novell NetWare-Ressourcen-Manager" (RESMGR) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\resmgr.sys
"Novell SAP-Namespace-Anbieter" (NWSAP) - ? - C:\WINDOWS\System32\NetWare\NWSAP.sys  (File found, but it contains no detailed information)
"Novell Servicestandort" (SRVLOC) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\srvloc.sys
"Novell Simple Naming Services (NWSNS)" (NWSNS) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\NWSNS.sys
"Novell Virtual Private Network Miniport" (BM) - "Novell, Inc." - C:\WINDOWS\System32\DRIVERS\vptunnel.sys
"Novell-UNC-Pfadfilter" (NWFILTER) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwfilter.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys
"SLP-Namespace-Service-Anbieter von Novell" (NWSLP) - "Novell, Inc." - C:\WINDOWS\System32\NetWare\nwslp.sys
"SMS Process Event Driver" (prepdrvr) - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\prepdrv.sys
"SPBBCDrv" (SPBBCDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
"SRTSP" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SRTSP.SYS
"SRTSPL" (SRTSPL) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SRTSPL.SYS
"SRTSPX" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\SRTSPX.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"TPPWRIF" (TPPWRIF) - "Lenovo Group Limited" - C:\WINDOWS\System32\drivers\Tppwrif.sys
"TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
"WNTHW" (WNTHW) - ? - C:\WINDOWS\system32\DRIVERS\WNTHW.SYS  (File found, but it contains no detailed information)
"WPS" (WPS) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\wpsdrvnt.sys
"WpsHelper" (WpsHelper) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\WpsHelper.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0BC1E559-9D68-4E99-AFD9-98D27DAB971D} "ColHandler" - "JAM Software" - C:\PROGRA~2\JAMSOF~1\TREESI~1\FSizeCol.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~2\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} "QVPPlugProt Class" - "QlikTech AB" - C:\Programme\QlikView\QvProtocol\qvp.dll
{D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP AG, Walldorf" - c:\programme\sap\frontend\sapgui\saphtmlp.dll
{D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP AG, Walldorf" - c:\programme\sap\frontend\sapgui\saphtmlp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{763370C4-268E-4308-A60C-D8DA0342BE32} "{763370C4-268E-4308-A60C-D8DA0342BE32}" - "Novell, Inc" - C:\Programme\Novell\ZENworks\NalShell.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "My Bluetooth Places" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL
{04c23aa0-3d34-11d2-b788-008029605ac7} "NDPS Shell Extension" - "Novell, Inc." - C:\WINDOWS\system32\ndpsprop.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{AF8DE18D-9065-4102-BC40-EB294A95BB07} "Novell-Verbindungen" - ? - C:\WINDOWS\system32\nwshlxnt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{C612F052-C85C-4156-B974-87947FAA7569} "SMS ARP Publisher" - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\SMSARPPub.dll
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
{CF74B903-3389-469c-B3B6-0204D204FCBD} "SnagItShellExt Class" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll
{8BEEE74D-455E-4616-A97A-F6E86C317F32} "VpshellEx Class" - "Symantec Corporation" - C:\Programme\Symantec\Symantec Endpoint Protection\vpshell2.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{983A9C21-8207-4B58-BBB8-0EBC3D7C5505} "Domino Web Access 8 Control" - "IBM Corporation" - C:\WINDOWS\DOWNLO~1\dwa8W.dll / https://domino.koeln.steria-mummert.de/dwa8W.cab
{7114683A-020D-4D16-80FD-6ACE384B66DF} "FarPoint Spread 7.0 (OLEDB)" - "FarPoint Technologies, Inc." - C:\WINDOWS\DOWNLO~1\FPSPR70.ocx / hxxp://vsrv1gasx01:9080/gasx/activex/FPSPR70.ocx
{8D9563A9-8D5F-459B-87F2-BA842255CB9A} "Forefront UAG client components" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\WhlMgr.dll / https://external.econgas.com/InternalSite/WhlCompMgr.cab
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} "GpcContainer Class" - "Cisco WebEx LLC" - C:\WINDOWS\Downloaded Program Files\ieatgpc.dll / https://qliktech.webex.com/client/T27LD/nbr/ieatgpc.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} "Java Plug-in 1.4.2_05" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} "ClsidExtension" - ? -  (File not found | COM-object registry key not found)
{4B5F7606-8666-4D5A-9780-DB92A9D8812B} "Novell delivered applications" - "Novell, Inc" - C:\Programme\Novell\ZENworks\AxNalServer.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "SnagIt" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{00C6482D-C502-44C8-8409-FCE54AD9C208} "HelperObject Class" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll
"Authentication packages" - "Novell, Inc." - C:\WINDOWS\system32\nwv1_0.dll
"Notification packages" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll
"Security Packages" - "Microsoft Corporation" - C:\WINDOWS\system32\msv1_0.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Connected TaskBar Icon.LNK" - "Connected Corporation" - C:\Programme\Connected\CBSysTray.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"SnagIt 8.lnk" - "TechSmith Corporation" - C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ACTray" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
"ACWLIcon" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AMSG" - "LENOVO" - C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup
"Application Explorer" - "Novell, Inc." - C:\Programme\Novell\ZENworks\naldesk.exe /ns
"BrStsMon00" - "Brother Industries, Ltd." - C:\Programme\Browny02\Brother\BrStMonW.exe /AUTORUN
"ccApp" - "Symantec Corporation" - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun
"EZEJMNAP" - "Lenovo Group Ltd." - C:\PROGRA~2\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"IMSS" - "Intel Corporation" - "C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"LenovoAutoScrollUtility" - "Lenovo Group Limited" - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
"LPMailChecker" - "Lenovo Group Limited" - C:\PROGRA~2\THINKV~2\PrdCtr\LPMLCHK.exe
"LPManager" - "Lenovo Group Limited" - C:\PROGRA~2\THINKV~2\PrdCtr\LPMGR.exe
"NDPS" - "Novell, Inc." - C:\WINDOWS\system32\dpmw32.exe
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NWTRAY" - "Novell, Inc." - NWTRAY.EXE
"PDDM" - "Novell, Inc." - C:\Programme\PatchLink\Update Agent\pddm.exe
"PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
"SAP_WUS_UNT" - "SAP AG" - "C:\Programme\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
"SMART Mirror Driver Monitor Service" - ? - "C:\Dokumente und Einstellungen\Sravan Kumar Puppala\  (File not found)
"TPFNF7" - "Lenovo Group Limited" - C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
"TpShocks" - "Lenovo." - TpShocks.exe
"ZENRC Tray Icon" - "Novell, Inc." - C:\WINDOWS\system32\zentray.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"LoginCapture Credential Provider" - ? - C:\Programme\Novell\CASA\bin\lcredmgr.dll  (File found, but it contains no detailed information)
"Lotus Notes Single Logon" - "Lotus Development" - C:\Notes\npnotes.dll
"NetWare Services" - "Novell, Inc." - C:\WINDOWS\system32\NOVNPNT.DLL
"Novell NetIdentity Credential Provider" - "Novell, Inc." - C:\WINDOWS\system32\Novell\NCredMgr.dll
"Symantec SNAC Network Provider" - "Symantec Corporation" - C:\Programme\Symantec\Symantec Endpoint Protection\SnacNp.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth Printer Port" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Umgeleiteter Anschluß" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
"Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
"Arbeitsstations-Manager" (ZFDWM) - "Novell, Inc." - C:\Programme\Novell\ZENworks\wm.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
"BrYNSvc" (BrYNSvc) - "Brother Industries, Ltd." - C:\Programme\Browny02\BrYNSvc.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
"Client Update Service for Novell" (cusrvc) - "Novell, Inc." - C:\WINDOWS\system32\cusrvc.exe
"Connected Agent Service" (AgentSrv) - "Connected Corporation" - C:\Programme\Connected\AgentSrv.EXE
"Intel(R) Identity Protection Technology Host Interface Service" (jhi_service) - "Intel Corporation" - C:\Programme\Intel\Services\IPT\jhi_service.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lenovo Camera Mute" (LENOVO.CAMMUTE) - "Lenovo Group Limited" - C:\Programme\Lenovo\Communications Utility\CAMMUTE.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
"Lenovo Microphone Mute" (Lenovo.micmute) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
"Lotus Notes - Gemeinsame Anmeldung" (Lotus Notes Single Logon) - "IBM Corp" - C:\Notes\nslsvice.exe
"Microsoft Forefront UAG Endpoint Component Manager" (DMService) - "Microsoft Corporation" - C:\WINDOWS\DOWNLO~1\DMService.exe
"Microsoft Forefront UAG Quarantine Enforcement Client" (uagqecsvc) - "Microsoft Corporation" - C:\Programme\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
"Mobile Broadband Service" (WMCoreService) - "Ericsson AB" - C:\Programme\Mobile Broadband drivers\WMCore\WMCore.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"Novell Application Launcher" (NALNTSERVICE) - "Novell, Inc." - C:\Programme\Novell\ZENworks\nalntsrv.exe
"Novell Identity Store" (Novell Identity Store) - "Novell, Inc" - C:\Programme\Novell\CASA\bin\micasad.exe
"Novell XTier Agent Services" (XTAgent) - "Novell, Inc." - C:\WINDOWS\System32\Novell\XTAgent.exe
"Novell ZENworks Agent Service" (Novell ZENworks Agent Service) - "Novell, Inc." - C:\Programme\Novell\ZENworks\bin\ZenworksWindowsService.exe
"Novell ZENworks Pre Agent" (ZENPreAgent) - ? - C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe  (File found, but it contains no detailed information)
"Novell ZENworks-Fernverwaltungsagent" (Remote Management Agent) - "Novell, Inc." - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"On Screen Display" (TPHKSVC) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
"Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
"SAPSetup Automatic Workstation Update Service" (NWSAPAutoWorkstationUpdateSvc) - "SAP AG" - C:\Programme\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"SMART Mirror Driver Monitor Service" (SMART Mirror Driver Monitor Service) - "SMART Technologies" - C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Anwendungsdaten\TANDBERG\See&Share\monitorservice.exe
"SMS-Agent-Host" (CcmExec) - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\CcmExec.exe
"SMS-Tasksequenz-Agent" (smstsmgr) - "Microsoft Corporation" - C:\WINDOWS\system32\CCM\TSManager.exe
"Symantec Endpoint Protection" (Symantec AntiVirus) - "Symantec Corporation" - C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe
"Symantec Event Manager" (ccEvtMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
"Symantec Management Client" (SmcService) - "Symantec Corporation" - C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe
"Symantec Settings Manager" (ccSetMgr) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe
"User Profile Hive Cleanup" (UPHClean) - "Microsoft Corporation" - C:\Programme\UPHClean\uphclean.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"ZENworks Patch Management Update" (PatchLink Update) - "Novell, Inc." - C:\Programme\PatchLink\Update Agent\GravitixService.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "                                                                                                                                                                                                                                                              " - C:\WINDOWS\system32\SMC_SC~1.SCR
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "Novell, Inc." - C:\WINDOWS\system32\NWGINA.DLL
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LCredMgr" - ? - C:\Programme\Novell\CASA\bin\lcredmgr.dll  (File found, but it contains no detailed information)
"NetIdentity Notification" - "Novell, Inc." - C:\WINDOWS\system32\Novell\XtNotify.dll
"psfus" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Novell Directory Services Name Provider" - "Novell, Inc." - C:\WINDOWS\system32\netware\NWWS2NDS.DLL
"Novell IPX/SPX SAP Name Provider" - "Novell, Inc." - C:\WINDOWS\system32\netware\NWWS2SAP.DLL
"Novell SLP Provider" - "Novell, Inc." - C:\WINDOWS\system32\netware\NWWS2SLP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
AswMBR log

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 23:41:44
-----------------------------
23:41:44.000    OS Version: Windows 5.1.2600 Service Pack 3
23:41:44.000    Number of processors: 4 586 0x2A07
23:41:44.000    ComputerName: MC00019325  UserName:
23:41:44.359    Initialize success
23:51:10.812    AVAST engine defs: 12032701
23:51:14.609    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:51:14.609    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
23:51:14.796    Disk 0 MBR read successfully
23:51:14.796    Disk 0 MBR scan
23:51:14.828    Disk 0 Windows XP default MBR code
23:51:14.859    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        40960 MB offset 2048
23:51:14.906    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      435465 MB offset 83888128
23:51:14.953    Disk 0 Partition 3 00    0C    FAT32 LBA MSDOS5.0      513 MB offset 975720448
23:51:14.984    Disk 0 scanning sectors +976771072
23:51:15.187    Disk 0 scanning C:\WINDOWS\system32\drivers
23:51:38.046    Service scanning
23:51:57.250    Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
23:51:57.640    Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
23:52:00.000    Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
23:52:00.062    Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
23:52:01.250    Modules scanning
23:52:25.453    Disk 0 trace - called modules:
23:52:25.500    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
23:52:25.500    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a829030]
23:52:25.500    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000008c[0x8a845908]
23:52:25.500    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a83e028]
23:52:26.031    AVAST engine scan C:\WINDOWS
23:52:48.640    AVAST engine scan C:\WINDOWS\system32
23:57:59.953    AVAST engine scan C:\WINDOWS\system32\drivers
23:58:26.250    AVAST engine scan C:\Dokumente und Einstellungen\Sravan Kumar Puppala
00:00:18.546    AVAST engine scan C:\Dokumente und Einstellungen\All Users
00:02:20.984    Scan finished successfully
00:02:32.562    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\MBR.dat"
00:02:32.562    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Sravan Kumar Puppala\Desktop\aswMBR.txt"
Alles funktioniert aber ich wollte nur sicher sein dass der Virus weg ist.
Eine Rückmeldung wäre gut.
Danke nochmal

cosinus 28.03.2012 10:42
Was ist mit GMER?

sravy 28.03.2012 20:59
GMER stürzt häufiger ab
ich habe mehrmals versucht aber es stürzt zwischendurch und ist nie eine ende.

cosinus 29.03.2012 12:14
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:13 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129