Trojaner-Board - TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien (https://www.trojaner-board.de/87611-tr-psw-zbot-133169-y-alle-11-minuten-antivir-temp-dateien.html)

Kiesopfer

27.06.2010 17:54

TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien

Hallo,

ich habe schon einen ähnliches Thema gefunden, aber es hat mir nicht geholfen. Alle elf Minuten kommt Antivir und berichtet mir von:

TR/PSW.Zbot.133169.Y

Jedes mal, wenn auch die Meldung auftaucht wird ein temporärer Ordner unter windows/temp angelegt z.B. xmaq.tmp oder ihoa.tmp Antivir sperrt das Programm dann, aber alle elf Minuten kommt es mit einem neuen Ordner wieder:(

Das System möchte ich nicht neu aufsetzen. Habe auch Antivir und Spyboot in der neusten Version mit allen Updaten. XP mit SR-Pack 3. Temporäre Dateien von Java habe ich schon unterbunden und auch die Flash-Cookies gelöscht und abgestellt. Auch wenn ich die Ordner lösche, kommen immer wieder neue...
Habe nun auch schon diverse weitere Programme durchlaufen lassen. Die Protokolle reiche ich gleich nach, aber leider hat das nicht viel gebracht.

Der Virus scheint aktiv zu sein, obgleich ich nicht feststellen konnte was er befallen hat bzw. wo er aktiv ist.

Kiesopfer

27.06.2010 17:55

Das ist vom Quick-Scan aber der ausführliche hat auch nichts gezeigt:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4246

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.06.2010 18:41:05
mbam-log-2010-06-27 (18-41-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142634
Laufzeit: 7 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Kiesopfer

27.06.2010 17:57

Auch Combo-Fix habe ich probiert, danach wurden zwar einige Einträge in Spyboot wohl wieder repariert aber das Problem bleibt bestehen:

Combofix Logfile:

Code:

ComboFix 10-06-26.02 - Norman 27.06.2010  17:51:11.1.2 - x86 MINIMAL

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3070.2651 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Norman\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
 

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\Norman\Anwendungsdaten\EurekaLog

c:\windows\system32\Cache
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-27 bis 2010-06-27  ))))))))))))))))))))))))))))))

.
 

2010-06-27 15:40 . 2010-06-27 15:40        --------        d-----w-        C:\rsit

2010-06-27 11:37 . 2010-06-27 11:38        --------        dc-h--w-        c:\windows\ie8

2010-06-27 08:22 . 2010-06-27 08:22        --------        d-----w-        c:\programme\CCleaner

2010-06-27 07:52 . 2010-06-27 07:52        --------        d-----w-        c:\programme\Trend Micro

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Malwarebytes

2010-06-26 13:33 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-06-26 13:33 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-06-26 09:24 . 2010-06-27 08:34        411368        ----a-w-        c:\windows\system32\deployJava1.dll

2010-06-18 06:36 . 2010-06-18 08:01        --------        d-----w-        c:\programme\Microsoft ActiveSync

2010-06-17 15:04 . 2010-04-27 02:25        100352        ----a-w-        c:\windows\system32\drivers\ssceserd.sys

2010-06-17 15:04 . 2010-04-27 02:25        98560        ----a-w-        c:\windows\system32\drivers\sscebus.sys

2010-06-17 15:04 . 2010-04-27 02:25        14848        ----a-w-        c:\windows\system32\drivers\sscemdfl.sys

2010-06-17 15:04 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecmnt.sys

2010-06-17 15:04 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecm.sys

2010-06-17 15:04 . 2010-04-27 02:25        123648        ----a-w-        c:\windows\system32\drivers\sscemdm.sys

2010-06-17 15:04 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewhnt.sys

2010-06-17 15:04 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewh.sys

2010-06-17 10:23 . 2010-06-17 10:23        --------        d-----w-        c:\dokumente und einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth

2010-06-10 14:54 . 2010-06-10 14:54        34848        ----a-w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2010-06-10 14:54 . 2010-06-10 14:54        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\PrivacIE

2010-06-10 14:48 . 2010-06-10 14:48        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache

2010-06-10 06:30 . 2010-05-06 10:31        743424        ------w-        c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 08:53 . 2010-06-17 10:41        --------        d-----w-        c:\programme\MyFree Codec

2010-06-04 08:06 . 2010-06-04 08:06        --------        d-----w-        c:\windows\system32\KB905474
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-27 15:28 . 2008-01-06 11:48        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-06-27 11:46 . 2008-04-25 07:06        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

2010-06-27 08:37 . 2010-06-27 08:37        503808        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcp71.dll

2010-06-27 08:37 . 2010-06-27 08:37        499712        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\jmc.dll

2010-06-27 08:37 . 2010-06-27 08:37        348160        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcr71.dll

2010-06-27 08:37 . 2010-06-27 08:37        61440        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-sse.dll

2010-06-27 08:37 . 2010-06-27 08:37        12800        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-d3d.dll

2010-06-27 06:55 . 2008-09-11 06:58        --------        d-----w-        c:\programme\Eusing Free Registry Cleaner

2010-06-27 06:14 . 2010-05-27 21:02        --------        d-----w-        c:\programme\PC Connectivity Solution

2010-06-27 06:05 . 2010-02-21 22:38        --------        d-----w-        c:\programme\PC-Doctor

2010-06-26 22:00 . 2007-09-07 17:06        5427        ----a-w-        c:\windows\system32\EGATHDRV.SYS

2010-06-26 17:45 . 2010-02-21 22:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr

2010-06-26 17:10 . 2007-09-08 15:32        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-06-26 13:03 . 2008-02-28 13:08        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\IBP

2010-06-26 09:25 . 2007-09-07 16:54        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java

2010-06-26 09:24 . 2007-09-07 16:54        --------        d-----w-        c:\programme\Java

2010-06-23 07:02 . 2007-09-07 16:43        --------        d--h--w-        c:\programme\InstallShield Installation Information

2010-06-23 06:19 . 2006-01-27 01:01        521298        ----a-w-        c:\windows\system32\perfh007.dat

2010-06-23 06:19 . 2006-01-27 01:01        105016        ----a-w-        c:\windows\system32\perfc007.dat

2010-06-18 08:17 . 2010-05-27 21:02        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung

2010-06-17 07:34 . 2007-09-09 06:14        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\LPC

2010-06-17 07:32 . 2007-09-09 06:14        --------        d-----w-        c:\programme\Link Popularity Check

2010-06-13 12:03 . 2010-06-13 12:03        1465512        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe

2010-06-13 12:03 . 2010-05-20 05:07        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update

2010-06-09 09:26 . 2010-05-27 21:05        36608        ----a-w-        c:\windows\system32\FsUsbExDisk.Sys

2010-06-09 09:26 . 2010-05-27 21:05        233472        ----a-w-        c:\windows\system32\FsUsbExService.Exe

2010-06-05 03:54 . 2010-06-22 11:22        265528        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe

2010-06-05 03:52 . 2010-06-22 11:22        6144        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\de-DE\MCS.Thunder.Update.resources.dll

2010-06-05 03:50 . 2010-06-22 11:22        47616        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll

2010-06-05 03:49 . 2010-06-22 11:22        12288        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll

2010-06-04 10:02 . 2010-06-22 11:22        9728        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll

2010-06-04 10:00 . 2010-06-22 11:22        204288        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\CabLib.dll

2010-06-04 09:59 . 2010-06-22 11:22        6656        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll

2010-05-28 08:52 . 2007-09-07 16:43        --------        d-----w-        c:\programme\ThinkPad

2010-05-28 08:52 . 2007-09-07 16:46        --------        d-----w-        c:\programme\Lenovo

2010-05-27 21:05 . 2010-05-27 21:05        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite

2010-05-27 21:05 . 2010-05-27 21:05        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\PC Suite

2010-05-27 21:04 . 2010-05-27 21:04        --------        d-----w-        c:\programme\DIFX

2010-05-27 21:02 . 2010-05-27 21:02        --------        d-----w-        c:\programme\Common Files

2010-05-27 21:02 . 2010-05-27 21:02        --------        d-----w-        c:\programme\MarkAny

2010-05-27 20:54 . 2010-05-27 20:54        --------        d-----w-        c:\programme\Gemeinsame Dateien\Samsung

2010-05-22 07:49 . 2010-05-22 07:49        --------        d-----w-        c:\programme\eBay

2010-05-21 15:41 . 2007-09-08 13:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet

2010-05-14 08:42 . 2009-05-27 12:51        --------        d-----w-        c:\programme\IBP 11

2010-05-02 08:05 . 2009-04-24 21:47        1851392        ----a-w-        c:\windows\system32\win32k.sys

2010-05-01 06:51 . 2010-05-27 21:05        110592        ------w-        c:\windows\system32\FsUsbExDevice.Dll

2010-04-23 14:59 . 2010-04-23 14:59        49152        ------r-        c:\windows\system32\inetwh32.dll

2010-04-23 14:59 . 2010-04-23 14:59        1044480        ------r-        c:\windows\system32\roboex32.dll

2010-04-20 05:29 . 2006-01-27 01:00        285696        ----a-w-        c:\windows\system32\atmfd.dll

2010-04-14 06:27 . 2010-04-14 06:27        96768        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\iGO8\SDS\saipservice.dll

2010-04-14 06:15 . 2010-04-14 06:15        152088        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\NNGStart.exe

2010-04-14 06:15 . 2010-04-14 06:15        39632        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\MSVCR80.DLL

2010-03-31 07:59 . 2010-03-31 07:59        1925088        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2010-03-30 22:16 . 2010-03-30 22:16        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2010-03-30 22:10 . 2010-03-30 22:10        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]

"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]

"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]

"TpShocks"="TpShocks.exe" [2009-02-02 181536]

"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]

"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688]

"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2007-02-02 419376]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]

"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]

"Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]

"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]

"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]

"TP4EX"="tp4ex.exe" [2005-10-16 65536]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]

"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]

"Adobe Acrobat Speed Launcher"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]

"Acrobat Assistant 8.0"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]

"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104]

hpoddt01.exe.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

officejet 6100.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]

sipgate X-Lite.lnk - c:\programme\sipgate X-Lite\sipgateXLite.exe [2007-10-31 3227648]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-08-16 17:07        49152        ------w-        c:\programme\Lenovo\AwayTask\AwayNotify.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Programme\\IBP 10\\IBP.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"e:\\Programme\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=

"c:\\Programme\\sipgate X-Lite\\sipgateXLite.exe"=

"c:\\Programme\\Mozilla Thunderbird\\thunderbird.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
 

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.01.2009 17:57 20520]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [28.05.2010 10:51 13480]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.10.2009 11:55 108289]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [21.05.2009 20:48 44984]

S2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [24.10.2008 10:05 53248]

S2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]

S2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]

S2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [02.03.2007 14:07 63928]

S2 XAMPP;XAMPP Service; [x]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 06:46 288112]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27.05.2010 23:05 36608]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]

S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [17.06.2010 17:04 98560]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [17.06.2010 17:04 14848]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [17.06.2010 17:04 123648]

S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [17.06.2010 17:04 100352]

.

Inhalt des "geplante Tasks" Ordners
 

2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
 

2010-06-27 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job

- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
 

2010-06-27 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8190378331.job

- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
 

2010-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\programme\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
 

2010-06-27 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-07 11:41]
 

2010-06-26 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\programme\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
 

2010-06-27 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm

IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

Handler: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - c:\programme\Haufe\HaufeReader\HRInstmon.dll

FF - ProfilePath - c:\dokumente und einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\

FF - prefs.js: network.proxy.http - hxxp://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

Notify-ACNotify - ACNotify.dll

Notify-NavLogon - (no file)

Notify-psfus - (no file)
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-06-27 18:01

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,

   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\
 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,

   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(308)

c:\programme\THINKPAD\CONNECTUTILITIES\ACNotify.dll

c:\programme\THINKPAD\CONNECTUTILITIES\AcSvcStub.dll

c:\programme\THINKPAD\CONNECTUTILITIES\AcLocSettings.dll

c:\programme\THINKPAD\CONNECTUTILITIES\ACHelper.dll

c:\windows\system32\Ati2evxx.dll

c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\programme\Lenovo\AwayTask\AwayNotify.dll
 

- - - - - - - > 'explorer.exe'(728)

c:\programme\PC-Doctor\ATLPcdToolbar551452.dll

c:\windows\system32\ieframe.dll

.

Zeit der Fertigstellung: 2010-06-27  18:10:32 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-06-27 16:10
 

Vor Suchlauf: 8.496.275.456 Bytes frei

Nach Suchlauf: 8.338.980.864 Bytes frei
 

- - End Of File - - 14B9F19BDF697453CC082543C8481C1B

--- --- ---

Kiesopfer

27.06.2010 18:00

Hier noch das Protokoll von HiJackThis aber hier wird laut der Website auch nichts schlimmes festgestellt:

HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:11, on 27.06.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programme\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\TpShocks.exe

C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Programme\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

C:\Programme\Lenovo\AwayTask\AwaySch.EXE

C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe

C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Programme\Picasa2\PicasaMediaDetector.exe

C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe

C:\Programme\Lenovo\Client Security Solution\cssauth.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe

E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE

C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe

C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Programme\Synaptics\SynTP\SynTPLpr.exe

C:\Programme\Lenovo\HOTKEY\TPONSCR.exe

C:\Programme\Lenovo\Zoom\TpScrex.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe

C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe

c:\programme\lenovo\system update\suservice.exe

C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Programme\Alice\Signup\AliceCnn.exe

C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Spybot - Search & Destroy\SpybotSD.exe

C:\Programme\Mozilla Thunderbird\thunderbird.exe

C:\Programme\Internet Explorer\IEXPLORE.EXE

C:\Programme\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe"

O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe

O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: officejet 6100.lnk = ?

O4 - Global Startup: sipgate X-Lite.lnk = C:\Programme\sipgate X-Lite\sipgateXLite.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937

O17 - HKLM\System\CCS\Services\Tcpip\..\{0498C351-E77C-4AB4-9D02-E0C50E0E954A}: NameServer = 213.191.74.11 213.191.92.82

O17 - HKLM\System\CS1\Services\Tcpip\..\{0498C351-E77C-4AB4-9D02-E0C50E0E954A}: NameServer = 213.191.74.11 213.191.92.82

O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll

O20 - Winlogon Notify: ACNotify - C:\WINDOWS\

O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Lenovo (United States) Inc. - (no file)

O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
 

--

End of file - 16537 bytes

--- --- ---

Larusso

27.06.2010 18:05

Wie kommt man auf die Idee, trotz ständiger Hinweise ComboFix nicht einfach so laufen zu lassen, es trotzdem zu tun ?

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://image.hijackthis.eu/upload/hjt1-021.jpg Textbox.

Code:

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

%systemroot%\system32\user32.dll /md5

%systemroot%\system32\ws2_32.dll /md5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Kiesopfer

27.06.2010 18:09

Bei HiJackThis gibt es folgende Neutrale Einträge:

O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) - Unnötiger (unwirksamer) Eintrag der entfernt werden kann! AvkWebIE.dll - G DATA Internet Security, hxxp://www.gdata.de/trade/productview/56 8/28/

und

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) - Unnötiger (unwirksamer) Eintrag der entfernt werden kann! AvkWebIE.dll - G DATA Internet Security, hxxp://www.gdata.de/trade/productview/56 8/28/

Mit Fragezeichen sind:

O20 - Winlogon Notify: ACNotify - C:\WINDOWS\

und

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Lenovo (United States) Inc. - (no file)

Letzterer ist aber vermutlich OK, da ich einen Lenovo Rechner habe. Für den ersten Eintrag bin ich mir aber unsicher, da ich irgenwo schon gelesen habe, dass sich dahinter gern Trojaner verbergen.

Ich habe von dieser Materie wirklich keine Ahnung, kann mir jemand BITTE einen Tipp geben?

Hier noch ein Beispiel aus dem AntiVir Protokoll:
"In der Datei 'C:\WINDOWS\temp\cfrx.tmp\svchost.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.133169.Y' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern"

undoreal

27.06.2010 18:11

Halli hallo.

Als erstes das Wichtigste:

Ändere von einem sauberen PC aus alle deine Passwörter und Zugangsaccounts!!! Das ist bei einer Infizierung mit einem ZBot sehr wichtig!

Lade dir dieses Tool herunter.
Nach dem Download starte die MWAV.exe als Administrator.
Danach klicke im Hauptfenster auf Aktuallisieren!
Setze danach die Haken genau wie in diesem Bild:
http://img696.imageshack.us/img696/8639/mwav.png
Danach drückst du scannen.
Die Untersuchung kann sehr lange dauern!
Nach dem Scan kannst du auf "Log ansehen" drücken. Die Datei speichere bitte auf deinem Desktop und hänge sie an deinen nächsten Post an.

PS: Es wäre übrigens wirklich besser wenn du neuaufsetzen würdest! Mit einer ZBot Backddor Infektion ist nicht zu spaßen!

EDIT: Hey Larusso! :party: Garnicht gesehen... :dummguck:

Kiesopfer

27.06.2010 18:21

Hier noch das Protokoll vom OTL:
OTL logfile created on: 27.06.2010 19:13:35 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Norman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,17 Gb Total Space | 4,59 Gb Free Space | 6,54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: Norman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
PRC - [2010.04.03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- E:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.03.24 20:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010.03.18 03:39:19 | 011,957,424 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009.10.01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009.04.14 19:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.02 20:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009.01.29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009.01.29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008.10.27 11:03:32 | 000,135,168 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008.10.27 10:56:38 | 000,143,360 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008.07.04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008.06.05 02:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.26 03:06:00 | 000,059,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.26 16:58:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007.04.25 17:59:08 | 000,408,432 | ---- | M] (Hansenet) -- C:\Programme\Alice\Signup\AliceCnn.exe
PRC - [2007.02.02 03:00:02 | 000,419,376 | ---- | M] (LENOVO) -- C:\Programme\ThinkVantage\AMSG\Amsg.exe
PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006.08.16 19:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.07.14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006.07.04 03:05:00 | 000,229,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.03.16 01:07:06 | 000,421,888 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2006.03.13 16:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005.05.20 02:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003.04.06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003.04.06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003.04.06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

========== Modules (SafeList) ==========

MOD - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008.03.13 18:46:24 | 000,079,224 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2007.11.26 16:55:46 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007.11.26 16:53:36 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAMPP)
SRV - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009.11.17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009.01.02 20:51:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.09.07 19:07:22 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009.12.11 10:17:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009.07.12 09:40:48 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009.06.18 01:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009.01.28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009.01.28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.01.03 12:12:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2009.01.02 15:31:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2008.12.09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008.11.11 01:52:08 | 003,301,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.10.24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2008.10.24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008.07.03 23:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.05.12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.11.27 16:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.11.27 16:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.11.21 11:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.11.01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.11.01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.11.01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.09.07 19:06:32 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007.06.29 12:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.03.23 10:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.07.14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006.07.14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006.07.14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2)
DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006.03.01 03:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.18 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005.05.17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004.11.30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "hxxp://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 09:12:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.27 09:12:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 10:21:49 | 000,000,000 | ---D | M]

[2010.04.02 11:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions
[2010.04.02 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.27 10:11:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions
[2010.06.13 23:28:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.24 17:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}
[2010.02.05 22:34:39 | 000,000,000 | ---D | M] (IE View) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.04.11 23:11:29 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009.07.01 21:20:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.04.24 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.02.15 08:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2008.07.31 20:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org
[2009.10.08 09:29:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009.04.24 17:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com
[2010.04.09 10:15:28 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\searchplugins\ixquickde-https.xml
[2010.06.27 12:05:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.27 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.27 10:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.06.27 18:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\sipgate X-Lite.lnk = C:\Programme\sipgate X-Lite\sipgateXLite.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1400_1050 Think EMEA Map.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.11 18:07:58 | 000,000,000 | ---D | M] - E:\Automobilia -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Kiesopfer

27.06.2010 18:21

Hier nun noch Teil II vom OTL Scan:

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.01.26 00:17:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days ==========

[2010.06.27 18:39:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
[2010.06.27 18:32:53 | 166,440,096 | ---- | C] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe
[2010.06.27 18:24:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.27 18:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.27 17:47:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.27 17:47:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.27 17:47:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.27 17:47:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.27 17:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.27 17:44:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.27 17:40:29 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.27 17:28:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Norman\Recent
[2010.06.27 13:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.06.27 12:12:58 | 036,598,544 | ---- | C] (PC Tools ) -- C:\Dokumente und Einstellungen\Norman\Desktop\sdsetup.exe
[2010.06.27 10:22:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.27 09:52:44 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.27 09:51:21 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HJTInstall.exe
[2010.06.26 15:33:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Malwarebytes
[2010.06.26 15:33:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.26 15:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.26 15:33:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.26 15:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.26 14:37:19 | 001,870,056 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HousecallLauncher.exe
[2010.06.26 14:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.06.26 11:25:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.06.26 11:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.26 10:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.06.18 08:36:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync
[2010.06.17 17:04:08 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys
[2010.06.17 17:04:07 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys
[2010.06.17 17:04:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys
[2010.06.17 17:04:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys
[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys
[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys
[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys
[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys
[2010.06.17 16:32:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\SelfMV
[2010.06.17 12:23:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.06.14 14:34:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Galileo Press
[2010.06.09 10:53:28 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec
[2010.06.04 10:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010.05.27 23:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.05.27 23:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\PC Suite
[2010.05.27 23:05:20 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010.05.27 23:04:10 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.05.27 23:04:09 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010.05.27 23:02:54 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.05.27 23:02:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Samsung
[2010.05.27 23:02:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files
[2010.05.27 23:02:14 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny
[2010.05.27 22:54:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Samsung
[2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Programme\eBay
[2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\eBay
[2010.05.20 07:07:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Update
[2010.04.23 16:59:54 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2010.04.05 08:11:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\elsterformular
[2010.04.02 12:30:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\Thunderbird

========== Files - Modified Within 90 Days ==========

[2010.06.27 18:45:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
[2010.06.27 18:35:09 | 166,440,096 | ---- | M] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe
[2010.06.27 18:20:42 | 000,010,027 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010.06.27 18:18:33 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010.06.27 18:18:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.06.27 18:17:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.27 18:17:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.27 18:17:01 | 000,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.06.27 18:16:54 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.27 18:16:10 | 015,466,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.dat
[2010.06.27 18:16:10 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.ini
[2010.06.27 18:16:03 | 004,768,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.27 18:01:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.27 18:01:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.27 17:29:48 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_172942.reg
[2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job
[2010.06.27 13:56:11 | 000,027,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_135544.reg
[2010.06.27 12:13:18 | 036,598,544 | ---- | M] (PC Tools ) -- C:\Dokumente und Einstellungen\Norman\Desktop\sdsetup.exe
[2010.06.27 12:09:29 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\RSIT.exe
[2010.06.27 10:22:05 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\CCleaner.lnk
[2010.06.27 10:15:19 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\bc05n1t2.exe
[2010.06.27 10:07:18 | 003,721,252 | R--- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe
[2010.06.27 09:52:44 | 000,001,705 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HijackThis.lnk
[2010.06.27 09:51:03 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HJTInstall.exe
[2010.06.27 09:12:23 | 000,001,573 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.06.27 09:06:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.27 08:39:07 | 002,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\esetsmartinstaller_enu.exe
[2010.06.27 08:36:27 | 000,000,727 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Eusing Free Registry Cleaner.lnk
[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010.06.26 15:33:11 | 000,000,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.26 14:37:09 | 001,870,056 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HousecallLauncher.exe
[2010.06.26 10:29:39 | 000,409,923 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100626-131548.backup
[2010.06.26 10:10:13 | 000,000,246 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010.06.24 20:36:35 | 010,560,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Börge-Hendrik Spröde.QBW
[2010.06.24 20:31:43 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010.06.24 20:28:21 | 000,018,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf
[2010.06.23 20:09:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.06.23 19:07:21 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc
[2010.06.23 18:56:34 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc
[2010.06.23 15:09:25 | 000,018,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf
[2010.06.23 08:59:50 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010.06.23 08:19:00 | 001,179,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 08:19:00 | 000,521,298 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.23 08:19:00 | 000,491,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 08:19:00 | 000,105,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.23 08:19:00 | 000,089,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.22 21:19:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.22 14:31:53 | 000,072,314 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg
[2010.06.18 09:26:33 | 007,844,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi
[2010.06.17 15:51:36 | 000,018,287 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf
[2010.06.17 10:19:45 | 000,247,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB
[2010.06.16 20:46:57 | 000,018,502 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf
[2010.06.12 00:28:06 | 000,070,995 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg
[2010.06.10 19:34:49 | 004,376,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.09 11:27:44 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\abrechnung.xlr
[2010.06.09 11:26:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010.06.09 11:26:50 | 000,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.05.30 00:27:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.05.28 12:07:28 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Home.LNK
[2010.05.28 07:08:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.05.27 23:03:40 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\$_hpcst$.hpc
[2010.05.19 18:34:20 | 000,033,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Transfers PB.pdf
[2010.05.18 23:27:58 | 000,017,220 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Bestellung-Samsung-Wave.pdf
[2010.05.14 10:42:43 | 000,001,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\IBP starten.lnk
[2010.05.07 16:53:51 | 000,148,830 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Business-Viano.pdf
[2010.05.02 16:42:55 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.01 08:51:28 | 000,110,592 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys
[2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys
[2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys
[2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys
[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys
[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys
[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys
[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.24 11:36:18 | 029,312,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - invoice-1.psd
[2010.04.24 11:35:30 | 000,142,765 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - in....pdf
[2010.04.23 16:59:54 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2010.04.23 14:02:20 | 000,067,193 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Nachweis-Zustellung.pdf
[2010.04.20 21:44:43 | 000,361,459 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HEBUX-Bestätigung.pdf
[2010.04.16 10:37:16 | 000,020,732 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Alfa-Romeo.pdf
[2010.04.05 08:10:53 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2010.04.02 12:21:39 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk
[2010.03.31 15:28:25 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Link Popularity Check.lnk

========== Files Created - No Company Name ==========

[2010.06.27 18:16:54 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.27 17:47:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.27 17:47:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.27 17:47:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.27 17:47:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.27 17:47:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.27 17:29:45 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_172942.reg
[2010.06.27 13:55:57 | 000,027,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_135544.reg
[2010.06.27 12:09:43 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\RSIT.exe
[2010.06.27 10:22:05 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\CCleaner.lnk
[2010.06.27 10:15:22 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\bc05n1t2.exe
[2010.06.27 10:07:17 | 003,721,252 | R--- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe
[2010.06.27 09:52:44 | 000,001,705 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HijackThis.lnk
[2010.06.27 08:39:14 | 002,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\esetsmartinstaller_enu.exe
[2010.06.27 08:36:27 | 000,000,727 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Eusing Free Registry Cleaner.lnk
[2010.06.26 19:57:59 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.26 19:57:57 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010.06.26 15:33:11 | 000,000,683 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.24 20:28:21 | 000,018,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf
[2010.06.23 19:01:08 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc
[2010.06.23 18:56:33 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc
[2010.06.23 15:09:25 | 000,018,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf
[2010.06.23 08:49:26 | 010,529,280 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.23 08:35:28 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\log.log
[2010.06.22 14:31:52 | 000,072,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg
[2010.06.18 09:50:55 | 000,247,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB
[2010.06.18 09:26:33 | 007,844,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi
[2010.06.17 15:51:36 | 000,018,287 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf
[2010.06.16 20:46:57 | 000,018,502 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf
[2010.06.12 00:28:06 | 000,070,995 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg
[2010.06.04 10:06:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.05.28 12:07:28 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Home.LNK
[2010.05.27 23:05:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.05.27 23:05:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.05.27 23:03:40 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\$_hpcst$.hpc
[2010.05.27 22:53:27 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010.05.19 18:34:20 | 000,033,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Transfers PB.pdf
[2010.05.18 23:27:58 | 000,017,220 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Bestellung-Samsung-Wave.pdf
[2010.05.14 10:42:43 | 000,001,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\IBP starten.lnk
[2010.05.07 16:53:51 | 000,148,830 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Business-Viano.pdf
[2010.04.24 11:35:30 | 000,142,765 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - in....pdf
[2010.04.23 14:02:20 | 000,067,193 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Nachweis-Zustellung.pdf
[2010.04.23 11:12:11 | 029,312,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - invoice-1.psd
[2010.04.20 21:44:43 | 000,361,459 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HEBUX-Bestätigung.pdf
[2010.04.16 10:37:16 | 000,020,732 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Alfa-Romeo.pdf
[2010.04.05 08:10:53 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.01.03 17:58:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.01.03 17:58:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.01.03 17:58:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008.07.04 10:02:26 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Backup.INI
[2008.02.09 20:16:29 | 000,000,246 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.02.04 21:30:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008.01.23 14:57:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.01.23 14:57:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.01.23 14:57:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.11.26 16:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.11.26 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2007.10.07 13:21:17 | 000,003,325 | ---- | C] () -- C:\WINDOWS\tm.ini
[2007.10.01 00:07:57 | 000,000,076 | ---- | C] () -- C:\WINDOWS\my.ini
[2007.09.30 09:47:10 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007.09.30 09:47:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007.09.30 09:46:41 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007.09.30 09:46:41 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007.09.30 09:46:40 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007.09.08 00:42:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll
[2007.09.08 00:33:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.09.08 00:08:57 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007.09.07 19:13:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.09.07 19:05:58 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007.09.07 18:55:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007.09.07 18:55:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007.09.07 18:55:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007.09.07 18:55:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007.09.07 18:47:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007.09.07 18:46:20 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007.09.07 18:44:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007.09.07 18:44:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007.09.07 18:43:56 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2006.08.17 10:00:13 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.06.12 12:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2005.05.04 14:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000.12.04 20:27:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[1999.05.14 15:05:22 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL
[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008.07.31 20:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Backup
[2008.01.24 12:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2008.06.02 13:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eDocPrintPro
[2010.01.20 18:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009.05.19 22:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2008.07.31 21:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.07.31 20:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2009.01.03 17:58:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software
[2010.05.27 23:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.06.26 19:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel
[2010.06.27 13:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.10.17 09:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2010.04.14 08:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\becker
[2008.07.31 20:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\DataDesign
[2008.07.31 20:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\digital publishing
[2008.06.02 13:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\eDocPrintPro
[2010.04.05 08:11:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\elsterformular
[2010.06.26 15:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\IBP
[2008.07.31 20:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\InterVideo
[2008.07.31 21:45:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Lenovo
[2008.07.31 20:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Lexware
[2010.06.17 09:34:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\LPC
[2007.09.08 16:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Opera
[2009.12.02 23:30:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Passware
[2010.05.27 23:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\PC Suite
[2010.06.18 10:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Samsung
[2008.07.31 20:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\ThinkVantage
[2010.04.02 11:12:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird
[2010.06.13 14:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Update
[2010.06.27 18:45:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job
[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.27 18:18:33 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2010.06.27 18:18:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008.12.29 00:54:08 | 000,001,688 | ---- | M] () -- C:\AdobeRenderServerLog.txt
[2010.06.23 08:59:50 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2006.01.27 04:18:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007.09.07 19:43:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2004.08.04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2010.06.27 18:10:32 | 000,024,447 | ---- | M] () -- C:\ComboFix.txt
[2006.01.27 04:18:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007.09.07 18:56:58 | 000,001,931 | ---- | M] () -- C:\drivez.log
[2010.06.27 18:16:54 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.24 20:31:43 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2007.09.07 19:01:17 | 003,855,798 | ---- | M] () -- C:\install.log
[2010.05.22 10:07:32 | 000,001,796 | ---- | M] () -- C:\InstallHelper.log
[2006.01.27 04:18:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.07.12 10:06:28 | 000,042,606 | ---- | M] () -- C:\Log.txt
[2007.12.26 10:52:52 | 000,000,032 | ---- | M] () -- C:\moduleName.txt
[2006.01.27 04:18:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009.04.13 00:44:16 | 000,003,575 | ---- | M] () -- C:\nospam.log
[2004.08.04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.07.17 10:28:26 | 000,251,712 | RHS- | M] () -- C:\NTLDR
[2010.06.27 18:16:52 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009.04.13 08:53:07 | 000,095,254 | ---- | M] () -- C:\spam.log
[2007.09.08 02:31:04 | 000,000,093 | ---- | M] () -- C:\syslevel.lgl
[2008.03.13 09:13:50 | 000,006,648 | ---- | M] () -- C:\TPHKLOCK.TXT

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.11.10 22:30:06 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009.03.08 04:31:56 | 000,183,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006.01.26 20:08:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.01.26 20:08:21 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.01.26 20:08:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscebus.sys
[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscecm.sys
[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscecmnt.sys
[2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscemdfl.sys
[2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscemdm.sys
[2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\ssceserd.sys
[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscewh.sys
[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscewhnt.sys

< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 04:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >

Kiesopfer

27.06.2010 18:27

Den Code von Larusso habe ich beim OTL Scan verwendet und bedanke mich für die schnelle Rückmeldung. Hatte einige Programme probiert und Combo Fix war der letzte Versuch. Mach jetzt e Scan fertig und poste es dann. Vielen Dank für die schnelle Hilfe!!!

Kiesopfer

27.06.2010 21:55

Hier nun das Protokoll vom eScan: Teil I

27 Jun 2010 19:30:27 - **********************************************************

27 Jun 2010 19:30:27 - eScan-Antiviren- und Antispyware-Werkzeugsatz.

27 Jun 2010 19:30:27 - Copyright © MicroWorld

27 Jun 2010 19:30:27 - **********************************************************

27 Jun 2010 19:30:27 - Source: C:\DOKUME~1\Norman\Desktop\mwav.exe

27 Jun 2010 19:30:27 - Version 12.0.29 (C:\DOKUMENTE UND EINSTELLUNGEN\NORMAN\LOKALE EINSTELLUNGEN\TEMP\MEXETMP.EX~)

27 Jun 2010 19:30:27 - Logdatei: C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\temp\MWAV.LOG

27 Jun 2010 19:30:27 - MWAV Registered: TRUE

27 Jun 2010 19:30:27 - User Account: Norman (Administrator Mode)

27 Jun 2010 19:30:27 - OS Type: Windows Workstation

27 Jun 2010 19:30:27 - OS: Windows XP [OS Install Date: 07 Sep 2007 19:43:14]

27 Jun 2010 19:30:27 - Ver: Service Pack 3 (Build 2600)

27 Jun 2010 19:30:27 - System Up Time: 1 Hour, 13 Minutes, 51 Seconds

27 Jun 2010 19:30:27 - Parent Process Name : C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\temp\mexe.com

27 Jun 2010 19:30:27 - Windows Root Folder: C:\WINDOWS

27 Jun 2010 19:30:27 - Windows Sys32 Folder: C:\WINDOWS\system32

27 Jun 2010 19:30:28 - Interface0 NameServer: 213.191.74.11 213.191.92.82

27 Jun 2010 19:30:28 - Local Fixed Drives: c:\,e:\

27 Jun 2010 19:30:28 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

27 Jun 2010 19:30:28 - [CREATED ZIP FILE: C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\temp\pinfect.zip]

27 Jun 2010 19:30:28 - ********** Die in den letzten 14 Tagen im Windows- und ROOT-Ordner erstellten/modifizierten Dateien **********

27 Jun 2010 19:30:29 - C:\WINDOWS\MBR.exe (77312), 27-Jun-2010

27 Jun 2010 19:30:29 - C:\WINDOWS\NIRCMD.exe (31232), 27-Jun-2010, NirSoft, NirCmd

27 Jun 2010 19:30:29 - C:\WINDOWS\R.COM (153600), 27-Jun-2010, Microsoft Corporation, Betriebssystem Microsoft® Windows®

27 Jun 2010 19:30:29 - C:\WINDOWS\SWREG.exe (161792), 27-Jun-2010, SteelWerX, SteelWerX Registry Editor

27 Jun 2010 19:30:29 - C:\WINDOWS\SWSC.exe (136704), 27-Jun-2010, SteelWerX, SteelWerX Service Controller

27 Jun 2010 19:30:29 - C:\WINDOWS\SWXCACLS.exe (212480), 27-Jun-2010, SteelWerX, SteelWerX Extended Configurator ACLists

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\deployJava1.dll (411368), 27-Jun-2010, Sun Microsystems, Inc., Java(TM) Platform SE 6 U20

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\eEmpty.exe (34048), 27-Jun-2010, MicroWorld Technologies Inc., eScan For Windows

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\javacpl.cpl (73728), 27-Jun-2010, Sun Microsystems, Inc., Java(TM) Platform SE 6 U20

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\T.COM (140800), 27-Jun-2010, Microsoft Corporation, Betriebssystem Microsoft® Windows®

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\TASKMGR.COM (140800), 27-Jun-2010, Microsoft Corporation, Betriebssystem Microsoft® Windows®

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\mbam.sys (20952), 26-Jun-2010, Malwarebytes Corporation, Malwarebytes' Anti-Malware

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (38224), 26-Jun-2010, Malwarebytes Corporation, Malwarebytes' Anti-Malware

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\sscebus.sys (98560), 17-Jun-2010, MCCI Corporation, SAMSUNG USB Composite Device V2

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\sscecm.sys (12416), 17-Jun-2010, MCCI Corporation, SAMSUNG Mobile Modem Diagnostic Serial Port V2

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\sscecmnt.sys (12416), 17-Jun-2010, MCCI Corporation, SAMSUNG Mobile Modem Diagnostic Serial Port V2

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\sscemdfl.sys (14848), 17-Jun-2010, MCCI Corporation, SAMSUNG Mobile Modem V2 Filter Driver

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\sscemdm.sys (123648), 17-Jun-2010, MCCI Corporation, SAMSUNG Mobile Modem V2

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\ssceserd.sys (100352), 17-Jun-2010, MCCI Corporation, SAMSUNG Mobile Modem Diagnostic Serial Port V2

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\sscewh.sys (12288), 17-Jun-2010, MCCI Corporation, SAMSUNG USB Composite Device V2

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\drivers\sscewhnt.sys (12288), 17-Jun-2010, MCCI Corporation, SAMSUNG USB Composite Device V2

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\BACKUP.62507537.mexe.com (2353736), 27-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\bdc.exe (91904), 27-Jun-2010, MicroWorld Tech, eScan

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\bdfltlib2k.dll (231944), 27-Jun-2010, MicroWorld Technologies Inc., eScan for Windows

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\clean.bat (11), 27-Jun-2010 [Added C:\DOKUME~1\Norman\LOKALE~1\Temp\clean.bat to ZIP FILE]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\DEVCON.EXE (61184), 27-Jun-2010, Microsoft Corporation, Microsoft® Windows® Operating System

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\download.exe (934920), 27-Jun-2010, MicroWorld Technologies Inc., eScan

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\eEmpty.exe (34048), 27-Jun-2010, MicroWorld Technologies Inc., eScan For Windows

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\encdec.dll (120328), 27-Jun-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\erootdrv.sys (13832), 27-Jun-2010, MicroWorld Technologies Inc., eScan/MWAV

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\mexe.com (2476616), 27-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\msvclnt.dll (236040), 27-Jun-2010, MicroWorld Technologies Inc., MailScan

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\MWAVSCAN.COM (2353736), 27-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\plugins.htm (3498), 27-Jun-2010 [Added C:\DOKUME~1\Norman\LOKALE~1\Temp\plugins.htm to ZIP FILE]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\red32.dll (10248), 27-Jun-2010, Microsoft Corporation, Microsoft® Windows® Operating System

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\reload.exe (154632), 27-Jun-2010, MicroWorld Technologies Inc., eScan for Windows

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\setpriv.exe (64008), 27-Jun-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\unregx.exe (61960), 27-Jun-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\UPDLL10.DLL (846344), 27-Jun-2010, MicroWorld Technologies Inc., eScan/MailScan/MWAV

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\viewtcp.exe (573960), 27-Jun-2010, MicroWorld Technologies Inc., ViewTCP

Kiesopfer

27.06.2010 21:56

Hier eScan Teil 2:

27 Jun 2010 19:30:29 - C:\WINDOWS\$hf_mig$, 25-Jan-2006 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\$MSI31Uninstall_KB893803v2$, 15-Feb-2006 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$, 07-Sep-2007 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$, 07-Sep-2007 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\$NtUninstallMSCompPackV1$, 02-Jan-2009 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\$NtUninstallWMCSetup$, 07-Sep-2007 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\$NtUninstallWMFDist11$, 27-May-2010 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\$NtUninstallWudf01000$, 02-Jan-2009 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\ERDNT, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\Fonts, 25-Jan-2006 [SR] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\ftpcache, 15-Dec-2008 [HS] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\ie7, 07-Sep-2007 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\ie8, 27-Jun-2010 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\inf, 25-Jan-2006 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\logo_1.exe, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\PIF, 10-Sep-2007 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\RUNDL132.EXE, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\VDLL.DLL, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\dllcache, 25-Jan-2006 [HS] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\Microsoft, 25-Jan-2006 [S] [Ordner]

27 Jun 2010 19:30:29 - C:\WINDOWS\system32\runouce.exe, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\Qoobox, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\RRbackups, 07-Sep-2007 [HSR] [Ordner]

27 Jun 2010 19:30:29 - C:\rsit, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\Acrobat Distiller 9, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\AVCBack, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\FtpTemp, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\FtpTempF, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\hsperfdata_Norman, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\Log, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\MozillaMailnews, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\plugins, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\tmp00003c41, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\WLTB Custom Button Feeds, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\DOKUME~1\Norman\LOKALE~1\Temp\WPDNSE, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Download Manager, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Malwarebytes, 26-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Microsoft, 07-Sep-2007 [S] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\Anwendungsdaten, 07-Sep-2007 [HR] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\Druckumgebung, 07-Sep-2007 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\IECompatCache, 11-Dec-2009 [HS] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\IETldCache, 11-Dec-2009 [HS] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\Lokale Einstellungen, 07-Sep-2007 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\Netzwerkumgebung, 07-Sep-2007 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\PrivacIE, 11-Dec-2009 [HS] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\Recent, 27-Jun-2010 [HR] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\SendTo, 07-Sep-2007 [HR] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\..\Vorlagen, 07-Sep-2007 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes, 26-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft, 25-Jan-2006 [S] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld, 27-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun, 26-Jun-2010 [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\..\Anwendungsdaten, 25-Jan-2006 [HR] [Ordner]

Kiesopfer

27.06.2010 22:04

Protokoll eScan Teil 3:

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\..\DRM, 25-Jan-2006 [HS] [Ordner]

27 Jun 2010 19:30:29 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\..\Vorlagen, 25-Jan-2006 [H] [Ordner]

27 Jun 2010 19:30:29 - C:\Programme\CCleaner, 27-Jun-2010 [Ordner]

Kiesopfer

27.06.2010 22:09

Protokoll eScan Teil 4:

27 Jun 2010 19:30:29 - *********************************************************************************************

27 Jun 2010 19:30:29 - Optionen für Kommandozeile angegeben: /xsign

27 Jun 2010 19:30:49 - Aktuellstes Datum der in MWAV enthaltenen Dateien: Sun Jun 27 19:02:37 2010.

27 Jun 2010 19:30:49 - Plugins FileCount: 682 Sign Version: 7.32442

27 Jun 2010 19:30:50 - Loading/Creating FileScan Database C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\temp\ESCANDB.LOG]

27 Jun 2010 19:30:50 - Loaded/Created FileScan Database...

27 Jun 2010 19:30:50 - Loading AV Library [DB]...

27 Jun 2010 19:30:51 - AV Library Loaded [DB-DIRECT].

27 Jun 2010 19:30:51 - MWAV doing self scanning...

27 Jun 2010 19:30:51 - MWAV files are clean.
27 Jun 2010 19:30:55 - Virendatenbankdatum: 27 Jun 2010
27 Jun 2010 19:30:55 - Virendatenbankzähler: 6326454

27 Jun 2010 19:31:17 - **********************************************************
27 Jun 2010 19:31:17 - eScan-Antiviren- und Antispyware-Werkzeugsatz.
27 Jun 2010 19:31:17 - Copyright © MicroWorld
27 Jun 2010 19:31:17 -
27 Jun 2010 19:31:17 - Support: support@escanav.com
27 Jun 2010 19:31:17 - Web: hxxp://www.escanav.com
27 Jun 2010 19:31:17 - **********************************************************
27 Jun 2010 19:31:17 - Version 12.0.29[DB] (C:\DOKUMENTE UND EINSTELLUNGEN\NORMAN\LOKALE EINSTELLUNGEN\TEMP\MEXETMP.EX~)
27 Jun 2010 19:31:17 - Logdatei: C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\temp\MWAV.LOG
27 Jun 2010 19:31:17 - User Account: Norman (Administrator Mode)
27 Jun 2010 19:31:17 - Parent Process Name : C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\temp\mexe.com
27 Jun 2010 19:31:17 - Windows Root Folder: C:\WINDOWS
27 Jun 2010 19:31:17 - Windows Sys32 Folder: C:\WINDOWS\system32
27 Jun 2010 19:31:17 - OS: Windows XP [OS Install Date: 07 Sep 2007 19:43:14]
27 Jun 2010 19:31:17 - Ver: Service Pack 3 (Build 2600)
27 Jun 2010 19:31:17 - Aktuellstes Datum der in MWAV enthaltenen Dateien: Sun Jun 27 19:02:37 2010.
27 Jun 2010 19:31:17 - Plugins FileCount: 682 Sign Version: 7.32442

27 Jun 2010 19:31:17 - Vom Benutzer gewählte Optionen:
27 Jun 2010 19:31:17 - Speicherüberprüfung: Aktiviert
27 Jun 2010 19:31:17 - Überprüfung der Registrierungsdatenbank: Aktiviert
27 Jun 2010 19:31:17 - Überprüfung des Startordners: Aktiviert
27 Jun 2010 19:31:17 - Überprüfung des Systemordners: Aktiviert
27 Jun 2010 19:31:17 - Überprüfung der Dienste: Aktiviert
27 Jun 2010 19:31:17 - Scannen Spyware: Aktiviert
27 Jun 2010 19:31:17 - Überprüfung der Laufwerke: Deaktiviert
27 Jun 2010 19:31:17 - Überprüfung aller Laufwerke:Aktiviert
27 Jun 2010 19:31:17 - Überprüfung der Ordner: Deaktiviert
27 Jun 2010 19:31:17 - SCAN: All_Files
27 Jun 2010 19:31:17 - MWAV Mode: Only Scan files (Do Not Clean)

27 Jun 2010 19:31:17 - ***** Speicherdateien werden gescannt *****
27 Jun 2010 19:31:48 - ScanFile took 9.88 Secs [C:\WINDOWS\system32\TpShocks.exe]...

27 Jun 2010 19:32:25 - ***** Dateien der Registrierungsdatenbank werden gescannt *****
27 Jun 2010 19:32:32 - ** NON-STANDARD WINLOGON NOTIFY KEY [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]

27 Jun 2010 19:32:37 - ***** Startordner werden gescannt *****

27 Jun 2010 19:32:49 - ***** Dateien bezüglich Dienste werden gescannt *****
27 Jun 2010 19:32:52 - ERROR!!! Invalid Entry \??\C:\ComboFix\catchme.sys in HKLM\SYSTEM\CurrentControlSet\Services\catchme. Action Taken: No Action Taken.
27 Jun 2010 19:32:53 - ERROR!!! Invalid Entry System32\drivers\dgderdrv.sys in HKLM\SYSTEM\CurrentControlSet\Services\dgderdrv. Action Taken: No Action Taken.
27 Jun 2010 19:33:01 - ERROR!!! Invalid Entry system32\DRIVERS\pcdrndisuio.sys in HKLM\SYSTEM\CurrentControlSet\Services\PcdrNdisuio. Action Taken: No Action Taken.
27 Jun 2010 19:33:05 - ERROR!!! Invalid Entry system32\DRIVERS\UIUSYS.SYS in HKLM\SYSTEM\CurrentControlSet\Services\UIUSys. Action Taken: No Action Taken.

27 Jun 2010 19:33:07 - ***** Registrierungsdatenbank und Dateisystem werden auf Schnüffelprogramme (Spyware) und werbefinanzierte Software (Adware) geprüft *****
27 Jun 2010 19:33:08 - Signaturen der Spionageprogramme werden aus einer neuen auswärtigen Datenbank geladen [Name: C:\DOKUME~1\Norman\LOKALE~1\temp\spydb.avs, Größe: 946743]...
27 Jun 2010 19:33:08 - Indexed Spyware Databases Successfully Created...

27 Jun 2010 19:33:08 - System found infected with CoreGuardAntivirus2009 Corrupted Adware/Spyware (HKEY_CLASSES_ROOT\clsid\{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: Keine Maßnahme ergriffen.
27 Jun 2010 19:35:09 - Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe\Adobe Digital Editions\Home Page.lnk
27 Jun 2010 19:35:09 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:09 - Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Link Popularity Check\Home Page.lnk
27 Jun 2010 19:35:09 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:09 - Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe\Adobe Digital Editions\Home Page.lnk
27 Jun 2010 19:35:09 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:09 - Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Link Popularity Check\Home Page.lnk
27 Jun 2010 19:35:09 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:11 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
27 Jun 2010 19:35:11 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:11 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
27 Jun 2010 19:35:11 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:11 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL
27 Jun 2010 19:35:11 - System found infected with RegSort Corrupted Adware/Spyware (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:12 - Offending file found: C:\WINDOWS\Downloaded Program Files\setup.inf
27 Jun 2010 19:35:12 - System found infected with combo Spyware/Adware (C:\WINDOWS\Downloaded Program Files\setup.inf)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:12 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
27 Jun 2010 19:35:12 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:12 - Offending Registry Entry found: HKCU\Software\Microsoft\Installer\Assemblies
27 Jun 2010 19:35:12 - System found infected with Spyware.KeyProwler Corrupted Adware/Spyware (HKCU\Software\Microsoft\Installer\Assemblies)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:12 - Offending file found: C:\Dokumente und Einstellungen\Norman\Recent\hijackthis.log.lnk
27 Jun 2010 19:35:12 - System found infected with Software Antivirus Spyware/Adware (C:\Dokumente und Einstellungen\Norman\Recent\hijackthis.log.lnk)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:12 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000}
27 Jun 2010 19:35:12 - System found infected with Your Protection Spyware/Adware (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:12 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
27 Jun 2010 19:35:12 - System found infected with Orifice2K.plugin Trojan (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:12 - Offending Registry Entry found: HKCU\Software\Local AppWizard-Generated Applications
27 Jun 2010 19:35:12 - System found infected with Joke.Program BadJoke (HKCU\Software\Local AppWizard-Generated Applications)! Action taken: Keine Maßnahme ergriffen.

27 Jun 2010 19:35:12 - ***** System32-Ordner werden gescannt *****
27 Jun 2010 19:35:13 - Datei C:\WINDOWS\NIRCMD.exe (????) wird gescannt
27 Jun 2010 19:35:13 - Datei C:\WINDOWS\NIRCMD.exe ist durch den Virus "Malware.Win32 (ES)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 19:37:27 - ***** Alle Laufwerke werden gescannt *****
27 Jun 2010 19:37:27 - Laufwerk C:\ wird gescannt ...
27 Jun 2010 19:55:07 - Datei C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c55e69d.qua wird gescannt
27 Jun 2010 19:55:07 - ScanFile took 1002.98 Secs [C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c55e69d.qua]...

27 Jun 2010 19:55:07 - Datei C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c55e69d.qua ist durch den Virus "Worm.Generic.255472 (DB)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 19:55:09 - Datei C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c55e93f.qua wird gescannt
27 Jun 2010 19:55:09 - Datei C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c55e93f.qua ist durch den Virus "Worm.Generic.255472 (DB)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 19:55:11 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\TEMP\avguard.tmp konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 19:56:13 - C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 19:56:36 - C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 19:56:37 - C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 19:56:37 - C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 20:26:47 - C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 20:26:58 - C:\Dokumente und Einstellungen\Norman\ntuser.dat.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:02:58 - ScanFile took 6.19 Secs [C:\Programme\Lenovo\System Update\session\79d164ww\79d164ww.exe]...

27 Jun 2010 21:03:48 - ScanFile took 5.14 Secs [C:\Programme\Lenovo\System Update\session\79d172ww\79d172ww.exe]...

27 Jun 2010 21:05:21 - ScanFile took 5.31 Secs [C:\Programme\Lenovo\System Update\session\7jba10ww\7jba10ww.exe]...

27 Jun 2010 21:07:59 - Datei C:\Programme\Lenovo\System Update\session\7ku712ww\SV\PWRMGRRD.DLL (????) wird gescannt
27 Jun 2010 21:07:59 - Datei C:\Programme\Lenovo\System Update\session\7ku712ww\SV\PWRMGRRD.DLL ist durch den Virus "Exe.Corrupted" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 21:07:59 - Datei C:\Programme\Lenovo\System Update\session\7ku712ww\SV\PWRMGRRP.DLL (????) wird gescannt
27 Jun 2010 21:07:59 - Datei C:\Programme\Lenovo\System Update\session\7ku712ww\SV\PWRMGRRP.DLL ist durch den Virus "Exe.Corrupted" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 21:11:03 - ScanFile took 5.16 Secs [C:\Programme\Lenovo\System Update\session\7zuz03aw\7zuz03aw.exe]...

27 Jun 2010 21:23:44 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000036.exe (????) wird gescannt
27 Jun 2010 21:23:44 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000036.exe ist durch den Virus "Malware.Win32 (ES)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 21:23:44 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000042.pif (????) wird gescannt
27 Jun 2010 21:23:44 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000042.pif ist durch den Virus "Malware.Win32 (ES)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 21:23:45 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000045.exe (????) wird gescannt
27 Jun 2010 21:23:45 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000045.exe ist durch den Virus "Malware.Win32 (ES)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 21:34:21 - Datei C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23D.tmp\System.dll wird gescannt
27 Jun 2010 21:34:21 - Datei C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23D.tmp\System.dll ist durch den Virus "Exe.Corrupted" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 21:42:43 - Datei C:\WINDOWS\NIRCMD.exe (????) wird gescannt
27 Jun 2010 21:42:43 - Datei C:\WINDOWS\NIRCMD.exe ist durch den Virus "Malware.Win32 (ES)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 21:45:55 - C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:45:56 - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:45:56 - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:46 - C:\WINDOWS\system32\CatRoot2\edb.log konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:46 - C:\WINDOWS\system32\CatRoot2\tmp.edb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\default konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\default.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\SAM konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\SAM.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\SECURITY konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\SECURITY.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\software konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\software.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\system konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:46:47 - C:\WINDOWS\system32\config\system.LOG konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist...
27 Jun 2010 21:48:51 - INVALID ATTRIBUTES FOR FOLDER [C:\WINDOWS\system32\ReinstallBackups\??]. IGNORING.
27 Jun 2010 21:49:45 - Laufwerk E:\ wird gescannt ...
27 Jun 2010 22:27:07 - ScanFile took 6.13 Secs [E:\Programme\Adobe\Adobe Flash CS4\Players\Release\Install Flash Player 10 UB.dmg.zip]...

27 Jun 2010 22:43:54 - *****Auf bestimmte ITW-Viren wird geprüft *****

27 Jun 2010 22:43:54 - ***** Scannen abgeschlossen *****

27 Jun 2010 22:43:54 - Zahl der gescannten Objekte: 337810
27 Jun 2010 22:43:54 - Zahl der kritischen Objekte: 24
27 Jun 2010 22:43:54 - Zahl der desinfizierten Objekte: 0
27 Jun 2010 22:43:54 - Zahl der umbenannten Objekte: 0
27 Jun 2010 22:43:54 - Zahl der gelöschten Objekte: 0
27 Jun 2010 22:43:54 - Gesamtzahl der Fehler: 4
27 Jun 2010 22:43:54 - Zeit verstrichen: 03:12:37
27 Jun 2010 22:43:54 - Virendatenbankdatum: 27 Jun 2010
27 Jun 2010 22:43:54 - Virendatenbankzähler: 6326454

27 Jun 2010 22:43:54 - Scannen abgeschlossen.

Kiesopfer

27.06.2010 22:14

Hier noch einige Fragen:

1) Solle ich auch gespeicherte Passwörter wie z.B. in FTP Programmen erneuern?

2) Die folgenden Einträge zeigen - wie es scheint - als ob sogar die Programmdateien zur Systemherstellung von XP betroffen sind oder?

27 Jun 2010 21:23:44 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000036.exe (????) wird gescannt
27 Jun 2010 21:23:44 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000036.exe ist durch den Virus "Malware.Win32 (ES)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 21:23:44 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000042.pif (????) wird gescannt
27 Jun 2010 21:23:44 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000042.pif ist durch den Virus "Malware.Win32 (ES)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

27 Jun 2010 21:23:45 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000045.exe (????) wird gescannt
27 Jun 2010 21:23:45 - Datei C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP0\A0000045.exe ist durch den Virus "Malware.Win32 (ES)" infiziert! Maßnahme ergriffen: Keine Maßnahme ergriffen.

3) Es scheinen keine Daten und auch nicht E betroffen zu sein, das bedeutet ich könnte alle Daten auf E speichern und dann C neu erstellen?

4) Das ist ja einiges, was gefunden wurde. Könnte Ihr mir da noch weiterhelfen?

Vielen Dank und einen guten Wochenstart! ! !

Larusso

27.06.2010 22:17

Schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Schritt 2

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Entferne rechts den Haken bei
- Sections
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt 3

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Bitte poste in Deiner nächsten Antwort
Gmer.txt
OTL.txt

Kiesopfer

28.06.2010 07:43

zHallo
wie lage soll day denn dauern.

Habe erst TFC dann GMER das ging relativ schnell
HABE das Protokoll gespeichert und OTtL gestartet.
Der pc arbeotet nun seit sieben Stunden
sollte ich otl quick mit oder ohne code von larusso starten?

Larusso

28.06.2010 07:45

Mit dem Handy Online ? :D

Hast Du den PC neu gestartet nach dem Gmer Scan ?
Und es steht nichts von nem Code oder sonst was.

Kiesopfer

28.06.2010 08:01

handy online ja

neustart nach tfc nicht nach gmer

Ganz unten steht" Getting User Info..."
Sonst ist nichts zu sehen. Hatte noch lop prüfung und purity prüfung mit an.
Online muss ich aber nicht für otl gehen?

Larusso

28.06.2010 08:04

ne musst du nicht.
Und steht nicht in der Gmer Anweisung den PC neu starten?

Es hat alles seinen Grund

Brich OTL.exe ab, starte den PC neu und starte OTL erneut

Kiesopfer

28.06.2010 08:18

Ist das peinlich:( Tut mir leid... Hier nun die Protokolle OTL:

OTL logfile created on: 28.06.2010 09:11:22 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Norman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,17 Gb Total Space | 4,36 Gb Free Space | 6,21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: Norman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
PRC - [2010.04.03 22:32:35 | 000,038,840 | ---- | M] (Adobe Systems Incorporated) -- E:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2010.04.03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- E:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009.10.01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009.04.14 19:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.02 20:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009.01.29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009.01.29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008.10.27 11:03:32 | 000,135,168 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008.10.27 10:56:38 | 000,143,360 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008.07.04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008.06.05 02:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.26 03:06:00 | 000,059,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.26 16:58:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007.02.02 03:00:02 | 000,419,376 | ---- | M] (LENOVO) -- C:\Programme\ThinkVantage\AMSG\Amsg.exe
PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006.08.16 19:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.07.14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006.07.04 03:05:00 | 000,229,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.03.16 01:07:06 | 000,421,888 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2006.03.13 16:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005.05.20 02:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003.04.06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003.04.06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003.04.06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

========== Modules (SafeList) ==========

MOD - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.11.26 16:55:46 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAMPP)
SRV - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009.11.17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009.01.02 20:51:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.09.07 19:07:22 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009.12.11 10:17:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009.07.12 09:40:48 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009.06.18 01:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009.01.28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009.01.28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.01.03 12:12:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2009.01.02 15:31:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2008.12.09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008.11.11 01:52:08 | 003,301,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.10.24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2008.10.24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008.07.03 23:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.05.12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.11.27 16:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.11.27 16:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.11.21 11:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.11.01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.11.01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.11.01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.09.07 19:06:32 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007.06.29 12:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.03.23 10:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.07.14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006.07.14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006.07.14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2)
DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006.03.01 03:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.18 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005.05.17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004.11.30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "hxxp://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 09:12:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.27 09:12:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 10:21:49 | 000,000,000 | ---D | M]

[2010.04.02 11:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions
[2010.04.02 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.27 10:11:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions
[2010.06.13 23:28:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.24 17:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}
[2010.02.05 22:34:39 | 000,000,000 | ---D | M] (IE View) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.04.11 23:11:29 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009.07.01 21:20:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.04.24 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.02.15 08:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2008.07.31 20:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org
[2009.10.08 09:29:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009.04.24 17:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com
[2010.04.09 10:15:28 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\searchplugins\ixquickde-https.xml
[2010.06.27 12:05:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.27 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.27 10:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

Kiesopfer

28.06.2010 08:19

Protokoll OTL Teil 2:

O1 HOSTS File: ([2010.06.27 18:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\sipgate X-Lite.lnk = C:\Programme\sipgate X-Lite\sipgateXLite.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 475
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 475
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1400_1050 Think EMEA Map.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.11 18:07:58 | 000,000,000 | ---D | M] - E:\Automobilia -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.06.27 23:43:52 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\TFC.exe
[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.06.27 19:27:59 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.27 19:27:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld
[2010.06.27 19:27:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2010.06.27 19:23:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Download Manager
[2010.06.27 18:39:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
[2010.06.27 18:32:53 | 166,440,096 | ---- | C] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe
[2010.06.27 18:24:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.27 18:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.27 17:47:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.27 17:47:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.27 17:47:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.27 17:47:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.27 17:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.27 17:44:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.27 17:40:29 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.27 17:28:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Norman\Recent
[2010.06.27 13:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.06.27 12:12:58 | 036,598,544 | ---- | C] (PC Tools ) -- C:\Dokumente und Einstellungen\Norman\Desktop\sdsetup.exe
[2010.06.27 10:22:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.27 09:52:44 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.27 09:51:21 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HJTInstall.exe
[2010.06.26 15:33:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Malwarebytes
[2010.06.26 15:33:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.26 15:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.26 15:33:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.26 15:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.26 14:37:19 | 001,870,056 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HousecallLauncher.exe
[2010.06.26 14:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.06.26 11:25:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.06.26 11:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.26 10:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.06.18 08:36:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync
[2010.06.17 17:04:08 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys
[2010.06.17 17:04:07 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys
[2010.06.17 17:04:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys
[2010.06.17 17:04:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys
[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys
[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys
[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys
[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys
[2010.06.17 16:32:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\SelfMV
[2010.06.17 12:23:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.06.14 14:34:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Galileo Press
[2010.06.09 10:53:28 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec
[2010.06.04 10:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010.05.27 23:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.05.27 23:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\PC Suite
[2010.05.27 23:05:20 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010.05.27 23:04:10 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.05.27 23:04:09 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010.05.27 23:02:54 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.05.27 23:02:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Samsung
[2010.05.27 23:02:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files
[2010.05.27 23:02:14 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny
[2010.05.27 22:54:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Samsung
[2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Programme\eBay
[2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\eBay
[2010.05.20 07:07:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Update
[2010.04.23 16:59:54 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2010.04.05 08:11:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\elsterformular
[2010.04.02 12:30:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\Thunderbird

========== Files - Modified Within 90 Days ==========

[2010.06.28 09:10:35 | 000,010,027 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010.06.28 09:08:20 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010.06.28 09:07:39 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.06.28 09:07:21 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.06.28 09:07:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.28 09:07:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.28 09:07:00 | 000,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.06.28 09:06:54 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.28 00:06:00 | 015,466,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.dat
[2010.06.28 00:05:38 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.ini
[2010.06.27 23:43:48 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\TFC.exe
[2010.06.27 23:36:24 | 006,456,900 | -H-- | M] () -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.27 23:21:52 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\qbron9eb.exe
[2010.06.27 23:18:53 | 000,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip
[2010.06.27 19:30:55 | 000,000,053 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.06.27 19:27:58 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.27 19:24:58 | 086,349,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\mwav.exe
[2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
[2010.06.27 18:35:09 | 166,440,096 | ---- | M] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe
[2010.06.27 18:01:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.27 18:01:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.27 17:29:48 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_172942.reg
[2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job
[2010.06.27 13:56:11 | 000,027,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_135544.reg
[2010.06.27 12:13:18 | 036,598,544 | ---- | M] (PC Tools ) -- C:\Dokumente und Einstellungen\Norman\Desktop\sdsetup.exe
[2010.06.27 12:09:29 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\RSIT.exe
[2010.06.27 10:22:05 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\CCleaner.lnk
[2010.06.27 10:07:18 | 003,721,252 | R--- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe
[2010.06.27 09:52:44 | 000,001,705 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HijackThis.lnk
[2010.06.27 09:51:03 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HJTInstall.exe
[2010.06.27 09:12:23 | 000,001,573 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.06.27 09:06:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.27 08:39:07 | 002,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\esetsmartinstaller_enu.exe
[2010.06.27 08:36:27 | 000,000,727 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Eusing Free Registry Cleaner.lnk
[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010.06.26 15:33:11 | 000,000,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.26 14:37:09 | 001,870,056 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HousecallLauncher.exe
[2010.06.26 10:29:39 | 000,409,923 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100626-131548.backup
[2010.06.26 10:10:13 | 000,000,246 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010.06.24 20:36:35 | 010,560,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Börge-Hendrik Spröde.QBW
[2010.06.24 20:31:43 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010.06.24 20:28:21 | 000,018,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf
[2010.06.23 20:09:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.06.23 19:07:21 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc
[2010.06.23 18:56:34 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc
[2010.06.23 15:09:25 | 000,018,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf
[2010.06.23 08:59:50 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010.06.23 08:19:00 | 001,179,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 08:19:00 | 000,521,298 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.23 08:19:00 | 000,491,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 08:19:00 | 000,105,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.23 08:19:00 | 000,089,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.22 21:19:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.22 14:31:53 | 000,072,314 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg
[2010.06.18 09:26:33 | 007,844,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi
[2010.06.17 15:51:36 | 000,018,287 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf
[2010.06.17 10:19:45 | 000,247,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB
[2010.06.16 20:46:57 | 000,018,502 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf
[2010.06.12 00:28:06 | 000,070,995 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg
[2010.06.10 19:34:49 | 004,376,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.09 11:27:44 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\abrechnung.xlr
[2010.06.09 11:26:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010.06.09 11:26:50 | 000,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.05.30 00:27:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.05.28 12:07:28 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Home.LNK
[2010.05.28 07:08:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.05.27 23:03:40 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\$_hpcst$.hpc
[2010.05.19 18:34:20 | 000,033,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Transfers PB.pdf
[2010.05.18 23:27:58 | 000,017,220 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Bestellung-Samsung-Wave.pdf
[2010.05.14 10:42:43 | 000,001,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\IBP starten.lnk
[2010.05.07 16:53:51 | 000,148,830 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Business-Viano.pdf
[2010.05.02 16:42:55 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.01 08:51:28 | 000,110,592 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys
[2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys
[2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys
[2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys
[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys
[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys
[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys
[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.24 11:36:18 | 029,312,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - invoice-1.psd
[2010.04.24 11:35:30 | 000,142,765 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - in....pdf
[2010.04.23 16:59:54 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2010.04.23 14:02:20 | 000,067,193 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Nachweis-Zustellung.pdf
[2010.04.20 21:44:43 | 000,361,459 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HEBUX-Bestätigung.pdf
[2010.04.16 10:37:16 | 000,020,732 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Alfa-Romeo.pdf
[2010.04.05 08:10:53 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2010.04.02 12:21:39 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk
[2010.03.31 15:28:25 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Link Popularity Check.lnk

========== Files Created - No Company Name ==========

[2010.06.27 23:22:01 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\qbron9eb.exe
[2010.06.27 23:18:53 | 000,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip
[2010.06.27 19:28:25 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.06.27 19:27:59 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.06.27 19:23:33 | 086,349,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\mwav.exe
[2010.06.27 18:16:54 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.27 17:47:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.27 17:47:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.27 17:47:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.27 17:47:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.27 17:47:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.27 17:29:45 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_172942.reg
[2010.06.27 13:55:57 | 000,027,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_135544.reg
[2010.06.27 12:09:43 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\RSIT.exe
[2010.06.27 10:22:05 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\CCleaner.lnk
[2010.06.27 10:07:17 | 003,721,252 | R--- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe
[2010.06.27 09:52:44 | 000,001,705 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HijackThis.lnk
[2010.06.27 08:39:14 | 002,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\esetsmartinstaller_enu.exe
[2010.06.27 08:36:27 | 000,000,727 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Eusing Free Registry Cleaner.lnk
[2010.06.26 19:57:59 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.26 19:57:57 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010.06.26 15:33:11 | 000,000,683 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.24 20:28:21 | 000,018,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf
[2010.06.23 19:01:08 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc
[2010.06.23 18:56:33 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc
[2010.06.23 15:09:25 | 000,018,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf
[2010.06.23 08:49:26 | 010,529,280 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.23 08:35:28 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\log.log
[2010.06.22 14:31:52 | 000,072,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg
[2010.06.18 09:50:55 | 000,247,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB
[2010.06.18 09:26:33 | 007,844,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi
[2010.06.17 15:51:36 | 000,018,287 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf
[2010.06.16 20:46:57 | 000,018,502 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf
[2010.06.12 00:28:06 | 000,070,995 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg
[2010.06.04 10:06:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.05.28 12:07:28 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Home.LNK
[2010.05.27 23:05:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.05.27 23:05:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.05.27 23:03:40 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\$_hpcst$.hpc
[2010.05.27 22:53:27 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010.05.19 18:34:20 | 000,033,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Transfers PB.pdf
[2010.05.18 23:27:58 | 000,017,220 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Bestellung-Samsung-Wave.pdf
[2010.05.14 10:42:43 | 000,001,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\IBP starten.lnk
[2010.05.07 16:53:51 | 000,148,830 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Business-Viano.pdf
[2010.04.24 11:35:30 | 000,142,765 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - in....pdf
[2010.04.23 14:02:20 | 000,067,193 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Nachweis-Zustellung.pdf
[2010.04.23 11:12:11 | 029,312,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - invoice-1.psd
[2010.04.20 21:44:43 | 000,361,459 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HEBUX-Bestätigung.pdf
[2010.04.16 10:37:16 | 000,020,732 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Alfa-Romeo.pdf
[2010.04.05 08:10:53 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.01.03 17:58:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.01.03 17:58:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.01.03 17:58:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008.07.04 10:02:26 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Backup.INI
[2008.02.09 20:16:29 | 000,000,246 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.02.04 21:30:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008.01.23 14:57:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.01.23 14:57:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.01.23 14:57:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.11.26 16:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.11.26 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2007.10.07 13:21:17 | 000,003,325 | ---- | C] () -- C:\WINDOWS\tm.ini
[2007.10.01 00:07:57 | 000,000,076 | ---- | C] () -- C:\WINDOWS\my.ini
[2007.09.30 09:47:10 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007.09.30 09:47:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007.09.30 09:46:41 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007.09.30 09:46:41 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007.09.30 09:46:40 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007.09.08 00:42:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll
[2007.09.08 00:33:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.09.08 00:08:57 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007.09.07 19:13:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.09.07 19:05:58 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007.09.07 18:55:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007.09.07 18:55:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007.09.07 18:55:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007.09.07 18:55:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007.09.07 18:47:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007.09.07 18:46:20 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007.09.07 18:44:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007.09.07 18:44:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007.09.07 18:43:56 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2006.08.17 10:00:13 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.06.12 12:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2005.05.04 14:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000.12.04 20:27:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[1999.05.14 15:05:22 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL
[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008.07.31 20:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Backup
[2008.01.24 12:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2008.06.02 13:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eDocPrintPro
[2010.01.20 18:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009.05.19 22:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2008.07.31 21:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.07.31 20:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010.06.27 19:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2009.01.03 17:58:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software
[2010.05.27 23:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.06.26 19:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel
[2010.06.27 13:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.10.17 09:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2010.04.14 08:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\becker
[2008.07.31 20:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\DataDesign
[2008.07.31 20:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\digital publishing
[2008.06.02 13:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\eDocPrintPro
[2010.04.05 08:11:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\elsterformular
[2010.06.26 15:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\IBP
[2008.07.31 20:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\InterVideo
[2008.07.31 21:45:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Lenovo
[2008.07.31 20:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Lexware
[2010.06.17 09:34:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\LPC
[2007.09.08 16:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Opera
[2009.12.02 23:30:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Passware
[2010.05.27 23:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\PC Suite
[2010.06.18 10:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Samsung
[2008.07.31 20:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\ThinkVantage
[2010.04.02 11:12:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird
[2010.06.13 14:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Update
[2010.06.28 09:07:21 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job
[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.28 09:08:20 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2010.06.28 09:07:39 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >

Kiesopfer

28.06.2010 08:27

Protokoll GMER Teil I:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-28 00:22:39
Windows 5.1.2600 Service Pack 3
Running: qbron9eb.exe; Driver: C:\DOKUME~1\Norman\LOKALE~1\Temp\ugtdipow.sys

---- System - GMER 1.0.15 ----

SSDT BA7B6B0E ZwCreateKey
SSDT BA7B6B04 ZwCreateThread
SSDT BA7B6B13 ZwDeleteKey
SSDT BA7B6B1D ZwDeleteValueKey
SSDT BA7B6B22 ZwLoadKey
SSDT BA7B6AF0 ZwOpenProcess
SSDT BA7B6AF5 ZwOpenThread
SSDT BA7B6B2C ZwReplaceKey
SSDT BA7B6B27 ZwRestoreKey
SSDT BA7B6B18 ZwSetValueKey
SSDT BA7B6AFF ZwTerminateProcess
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAcceptConnectPort [0x805A45F6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheck [0x805F0AD8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x805F430E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByType [0x805F0B0A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x805F4348]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x805F0B40]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x805F438C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x805F43D0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAddAtom [0x806153D4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAddBootEntry [0x80616108]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAdjustGroupsToken [0x805EBEBE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x805EBB16]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAlertResumeThread [0x805D4B1E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAlertThread [0x805D4ACE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x806159FA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x805B5F62]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateUuids [0x80615016]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateVirtualMemory [0x805A8A80]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805B0576]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805D65E2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCallbackReturn [0x8050189C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x805C861C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCancelIoFile [0x80576AE6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCancelTimer [0x80538BEE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwClearEvent [0x8060E5E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwClose [0x805BC4DC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x805F4848]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompactKeys [0x80623398]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompareTokens [0x805F8D5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompleteConnectPort [0x805A4CE4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompressKey [0x806235EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwConnectPort [0x805A4596]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwContinue [0x80544EA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateDebugObject [0x80642132]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateDirectoryObject [0x805BE48C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateEvent [0x8060E634]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateEventPair [0x8061697E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateFile [0x80579084]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateIoCompletion [0x80578A62]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateJobObject [0x805D55A6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateJobSet [0x805D52DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateMailslotFile [0x80579192]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateMutant [0x80616D76]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateNamedPipeFile [0x805790BE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreatePagingFile [0x805AB9B4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreatePort [0x805A50B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateProcess [0x805D11EA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateProcessEx [0x805D1134]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateProfile [0x80617196]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateSection [0x805AB38E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateSemaphore [0x80614734]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x805C39A6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateTimer [0x80616646]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateToken [0x805F9104]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateWaitablePort [0x805A50D6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDebugActiveProcess [0x8064320E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDebugContinue [0x8064335E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDelayExecution [0x80616058]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeleteAtom [0x8061588A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeleteFile [0x80576C2C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x805F4954]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeviceIoControlFile [0x8057924A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDisplayString [0x806126B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDuplicateObject [0x805BDFB4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDuplicateToken [0x805ECD6C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwEnumerateKey [0x80624014]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x806160FA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwEnumerateValueKey [0x8062427E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwExtendSection [0x805B3C82]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFilterToken [0x805ECF18]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFindAtom [0x8061563E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushBuffersFile [0x80576CF8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushInstructionCache [0x805B67F6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushKey [0x806244E8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushVirtualMemory [0x805AC6C8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushWriteBuffer [0x805B6798]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x805B6304]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFreeVirtualMemory [0x805B2F5E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFsControlFile [0x8057927E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetContextThread [0x805D14E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetDevicePowerState [0x805C863E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetPlugPlayEvent [0x80599116]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetWriteWatch [0x80521196]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x805F8A50]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwImpersonateClientOfPort [0x805A5140]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwImpersonateThread [0x805D77A2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwInitializeRegistry [0x8062190A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwInitiatePowerAction [0x805C8416]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwIsProcessInJob [0x805D51A2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x805C862A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwListenPort [0x805A534C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLoadDriver [0x8058413A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLoadKey2 [0x806255F8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockFile [0x805792B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockProductActivationKeys [0x80612CA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockRegistryKey [0x80623698]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockVirtualMemory [0x805B68FE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMakePermanentObject [0x805BE282]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMakeTemporaryObject [0x805BC580]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMapUserPhysicalPages [0x805B53C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x805B5912]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMapViewOfSection [0x805B1FE6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x80579ECA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwNotifyChangeKey [0x806259B6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x806245EA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenDirectoryObject [0x805BE55E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenEvent [0x8060E734]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenEventPair [0x80616A56]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenFile [0x8057A182]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenIoCompletion [0x80578B3A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenJobObject [0x805D572C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenKey [0x80624BA6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenMutant [0x80616E4E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x805F4416]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenProcessToken [0x805ED706]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenProcessTokenEx [0x805ED36A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenSection [0x805AA3B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenSemaphore [0x8061482E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x805C3B8C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenThreadToken [0x805ED724]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenThreadTokenEx [0x805ED4DA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenTimer [0x80616768]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPlugPlayControl [0x80645400]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPowerInformation [0x805C94AC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPrivilegeCheck [0x805F7B02]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805F3728]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805F3914]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwProtectVirtualMemory [0x805B83CA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPulseEvent [0x8060E7EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryAttributesFile [0x80576ED6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDebugFilterState [0x8053FBD6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDefaultLocale [0x806103DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8061103E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDirectoryFile [0x80579E64]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDirectoryObject [0x805BE5FE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryEaFile [0x8057A1B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryEvent [0x8060E8B4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryFullAttributesFile [0x8057702A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationAtom [0x806158B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationFile [0x8057AA1E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationJobObject [0x805D5BFE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationPort [0x805A53AA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationProcess [0x805CCF4E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationThread [0x805CBB7C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationToken [0x805ED804]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInstallUILanguage [0x806107DC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryIntervalProfile [0x80617618]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryIoCompletion [0x80578BE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryKey [0x80624EE8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryMultipleValueKey [0x80622916]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryMutant [0x80616EF6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryObject [0x805C5278]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryOpenSubKeys [0x80622FC2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryPerformanceCounter [0x806176A6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x8057B800]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySection [0x805B858C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySecurityObject [0x805C0046]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySemaphore [0x806148E6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x805C3C2C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x80616124]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x806160EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemInformation [0x806110BE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemTime [0x8061287E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryTimer [0x80616820]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryTimerResolution [0x80612910]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryValueKey [0x806219EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryVirtualMemory [0x805B8C1A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8057BCEA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueueApcThread [0x805D1230]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRaiseException [0x80544EEC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRaiseHardError [0x80614558]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadFile [0x8057C48A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadFileScatter [0x8057C9F4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadRequestData [0x805A5E32]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadVirtualMemory [0x805B426E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x805D2738]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReleaseMutant [0x8061702E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReleaseSemaphore [0x80614A16]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRemoveIoCompletion [0x80578EDA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRemoveProcessDebug [0x806432DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRenameKey [0x806231EA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyPort [0x805A54B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyWaitReceivePort [0x805A647A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x805A5E82]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyWaitReplyPort [0x805A579C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestDeviceWakeup [0x805C85AE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestPort [0x805A2A10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestWaitReplyPort [0x805A2D3C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestWakeupLatency [0x805C83BC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwResetEvent [0x8060E9C6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwResetWriteWatch [0x8052167E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwResumeProcess [0x805D4A78]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwResumeThread [0x805D495A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSaveKey [0x806252A4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSaveKeyEx [0x8062538A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSaveMergedKeys [0x806254B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSecureConnectPort [0x805A3D2A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetContextThread [0x805D16F4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDebugFilterState [0x80645F96]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x80614402]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDefaultLocale [0x8061052E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDefaultUILanguage [0x80610DA0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetEaFile [0x8057A6C6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetEvent [0x8060EA86]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetEventBoostPriority [0x8060EB50]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetHighEventPair [0x80616D12]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x80616C42]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationDebugObject [0x80642CA8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationFile [0x8057B010]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationJobObject [0x805D690C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationKey [0x806224E2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationObject [0x805C47EE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationProcess [0x805CDE44]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationThread [0x805CC0C8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationToken [0x805F9E7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetIntervalProfile [0x8061717A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetIoCompletion [0x80578E78]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetLdtEntries [0x805D38A4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetLowEventPair [0x80616CAE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x80616BD6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetQuotaInformationFile [0x8057B7DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSecurityObject [0x805C05DA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x806163A8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemInformation [0x8060F3EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemPowerState [0x80652E18]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemTime [0x80613B86]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetThreadExecutionState [0x805C82D0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetTimer [0x80538D7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetTimerResolution [0x80613058]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetUuidSeed [0x80614ECC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetVolumeInformationFile [0x8057C0F4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwShutdownSystem [0x80612676]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x80526774]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwStartProfile [0x806173C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwStopProfile [0x8061756E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSuspendProcess [0x805D4A22]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSuspendThread [0x805D4894]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSystemDebugControl [0x80617792]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTerminateJobObject [0x805D74A0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTerminateThread [0x805D2B7C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTestAlert [0x805D4BE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTraceEvent [0x80535114]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTranslateFilePath [0x80616116]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnloadDriver [0x805842CE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnloadKey [0x80622064]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnloadKeyEx [0x80622286]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnlockFile [0x80579656]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnlockVirtualMemory [0x805B6E8C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnmapViewOfSection [0x805B2DF4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwVdmControl [0x805FB236]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForDebugEvent [0x80642A10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805C0790]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForSingleObject [0x805C06A6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitHighEventPair [0x80616B72]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitLowEventPair [0x80616B0E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteFile [0x8057CEF2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteFileGather [0x8057D4D6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteRequestData [0x805A5E5A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteVirtualMemory [0x805B4378]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwYieldExecution [0x80504AF4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateKeyedEvent [0x80617BEA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenKeyedEvent [0x80617CD4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReleaseKeyedEvent [0x80617D86]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForKeyedEvent [0x80617FE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

Kiesopfer

28.06.2010 08:28

Protokoll GMER Teil II:

INT 0x00 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805421C0
INT 0x01 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054233C
INT 0x03 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80542750
INT 0x04 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805428D0
INT 0x05 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80542A30
INT 0x06 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80542BA4
INT 0x07 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054321C
INT 0x09 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543620
INT 0x0A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543740
INT 0x0B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543880
INT 0x0C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543AE0
INT 0x0D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543DCC
INT 0x0E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805444E0
INT 0x0F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x10 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544938
INT 0x11 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544A74
INT 0x12 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x13 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544BDC
INT 0x14 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x15 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x16 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x17 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x18 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x19 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E710C
INT 0x2A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805419EE
INT 0x2B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541AF0
INT 0x2C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541CA0
INT 0x2D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054262C
INT 0x2E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541471
INT 0x2F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x30 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B30
INT 0x31 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B3A
INT 0x32 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B44
INT 0x33 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B4E
INT 0x34 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B58
INT 0x35 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B62
INT 0x36 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B6C
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E6864
INT 0x38 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B80
INT 0x39 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B8A
INT 0x3A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B94
INT 0x3B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B9E
INT 0x3C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BA8
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E7E2C
INT 0x3E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BBC
INT 0x3F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BC6
INT 0x40 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BD0
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E7C88
INT 0x42 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BE4
INT 0x43 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BEE
INT 0x44 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BF8
INT 0x45 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C02
INT 0x46 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C0C
INT 0x47 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C16
INT 0x48 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C20
INT 0x49 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C2A
INT 0x4A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C34
INT 0x4B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C3E
INT 0x4C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C48
INT 0x4D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C52
INT 0x4E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C5C
INT 0x4F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C66
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E693C
INT 0x51 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C7A
INT 0x52 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C84
INT 0x53 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C8E
INT 0x54 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C98
INT 0x55 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CA2
INT 0x56 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CAC
INT 0x57 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CB6
INT 0x58 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CC0
INT 0x59 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CCA
INT 0x5A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CD4
INT 0x5B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CDE
INT 0x5C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CE8
INT 0x5D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CF2
INT 0x5E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CFC
INT 0x5F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D06
INT 0x60 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D10
INT 0x61 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D1A
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9EF167E
INT 0x63 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D2E
INT 0x64 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D38
INT 0x65 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D42
INT 0x66 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D4C
INT 0x67 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D56
INT 0x68 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D60
INT 0x69 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D6A
INT 0x6A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D74
INT 0x6B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D7E
INT 0x6C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D88
INT 0x6D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D92
INT 0x6E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D9C
INT 0x6F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DA6
INT 0x70 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DB0
INT 0x71 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DBA
INT 0x72 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DC4
INT 0x73 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DCE
INT 0x74 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B93F4E54
INT 0x75 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DE2
INT 0x76 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DEC
INT 0x77 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DF6
INT 0x78 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E00
INT 0x79 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E0A
INT 0x7A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E14
INT 0x7B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E1E
INT 0x7C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E28
INT 0x7D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E32
INT 0x7E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E3C
INT 0x7F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E46
INT 0x80 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E50
INT 0x81 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E5A
INT 0x82 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E64
INT 0x83 pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation) B9F4A046
INT 0x83 iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) B9E55264
INT 0x83 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B9680CB8
INT 0x83 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9CFDE10
INT 0x83 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B93F4E54
INT 0x83 pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation) B9F4A046
INT 0x84 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B93F4E54
INT 0x85 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E82
INT 0x86 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E8C
INT 0x87 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E96
INT 0x88 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EA0
INT 0x89 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EAA
INT 0x8A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EB4
INT 0x8B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EBE
INT 0x8C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EC8
INT 0x8D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540ED2
INT 0x8E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EDC
INT 0x8F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EE6
INT 0x90 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EF0
INT 0x91 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EFA
INT 0x92 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F04
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation) BA248495
INT 0x94 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9659DFC
INT 0x94 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9CFDE10
INT 0x94 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B93F4E54
INT 0x94 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9659DFC
INT 0x95 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F22
INT 0x96 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F2C
INT 0x97 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F36
INT 0x98 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F40
INT 0x99 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F4A
INT 0x9A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F54
INT 0x9B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F5E
INT 0x9C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F68
INT 0x9D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F72
INT 0x9E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F7C
INT 0x9F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F86
INT 0xA0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F90
INT 0xA1 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F9A
INT 0xA2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FA4
INT 0xA3 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation) BA24FC90
INT 0xA4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FB8
INT 0xA5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FC2
INT 0xA6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FCC
INT 0xA7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FD6
INT 0xA8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FE0
INT 0xA9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FEA
INT 0xAA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FF4
INT 0xAB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FFE
INT 0xAC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541008
INT 0xAD \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541012
INT 0xAE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054101C
INT 0xAF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541026
INT 0xB0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541030
INT 0xB1 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation) B9F8331E
INT 0xB2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541044
INT 0xB3 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054104E
INT 0xB4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541058
INT 0xB5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541062
INT 0xB6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054106C
INT 0xB7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541076
INT 0xB8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541080
INT 0xB9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054108A
INT 0xBA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541094
INT 0xBB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054109E
INT 0xBC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410A8
INT 0xBD \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410B2
INT 0xBE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410BC
INT 0xBF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410C6
INT 0xC0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410D0
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E6AC0
INT 0xC2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410E4
INT 0xC3 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410EE
INT 0xC4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410F8
INT 0xC5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541102
INT 0xC6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054110C
INT 0xC7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541116
INT 0xC8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541120
INT 0xC9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054112A
INT 0xCA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541134
INT 0xCB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054113E
INT 0xCC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541148
INT 0xCD \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541152
INT 0xCE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054115C
INT 0xCF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541166
INT 0xD0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541170
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E5E54
INT 0xD2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541184
INT 0xD3 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054118E
INT 0xD4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541198
INT 0xD5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411A2
INT 0xD6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411AC
INT 0xD7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411B6
INT 0xD8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411C0
INT 0xD9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411CA
INT 0xDA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411D4
INT 0xDB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411DE
INT 0xDC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411E8
INT 0xDD \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411F2
INT 0xDE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411FC
INT 0xDF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541206
INT 0xE0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541210
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E7048
INT 0xE2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541224
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E6DAC
INT 0xE4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541238
INT 0xE5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541242
INT 0xE6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054124C
INT 0xE7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541256
INT 0xE8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541260
INT 0xE9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054126A
INT 0xEA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541274
INT 0xEB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054127E
INT 0xEC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541288
INT 0xED \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541292
INT 0xEE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541299
INT 0xEF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412A0
INT 0xF0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412A7
INT 0xF1 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412AE
INT 0xF2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412B5
INT 0xF3 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412BC
INT 0xF4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412C3
INT 0xF5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412CA
INT 0xF6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412D1
INT 0xF7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412D8
INT 0xF8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412DF
INT 0xF9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412E6
INT 0xFA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412ED
INT 0xFB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412F4
INT 0xFC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412FB
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E75A8
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E7748
INT 0xFF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541310

SYSENTER \WINDOWS\system32\ntkrnlpa.exe

Larusso

28.06.2010 08:28

Braucht nichts peinlich zu sein.

Zwischenfrage. Kommt die Virenmeldung mit den verschiedenen .tmp Ordnern noch ?

Kiesopfer

28.06.2010 08:31

Protokoll Gmer Teil 3:
ZwQueryPortInformationProcess [0x805CB8FC]

80541540
---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)

Device \FileSystem\Fastfat \FatCdrom Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Mup \Dfs Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\DLAIFS_M \TfsCd DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\DLAIFS_M \TfsCd ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\DLAIFS_M \TfsCd ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\WudfPf \Device\WUDFLpcDevice WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009b usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009b ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \Driver\smi2 \Device\SMI2Services smi2.sys (SMI BIOS driver/IBM Corp.)
Device \Driver\smi2 \Device\SMI2Services ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios netbios.sys (NetBIOS interface driver/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\AFS2K \Device\OAKAFSUI AFS2K.SYS (Audio File System/Oak Technology Inc.)
Device \Driver\AFS2K \Device\OAKAFSUI ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000009c ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000008f ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Device\00000033
Device \Device\00000026
Device \Driver\IBMPMDRV \Device\PMDRV ibmpmdrv.sys (ThinkPad Power Management Driver/Lenovo.)
Device \Driver\IBMPMDRV \Device\PMDRV ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009d usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009d ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\psadd \Device\PsaDD0 psadd.sys (SMBIOS Driver/Lenovo (United States) Inc.)
Device \Driver\psadd \Device\PsaDD0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE0 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000040
Device \Device\00000034
Device \Device\00000027
Device \Driver\Tcpip \Device\Ip tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000002 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000002 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Fips \Device\Fips Fips.SYS (FIPS-Verschlüsselungstreiber/Microsoft Corporation)
Device \Driver\Fips \Device\Fips ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Video0
Device \Driver\avgio \Device\avgio avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)
Device \Driver\ACPI \Device\0000009e ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE1 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000041
Device \Device\00000035
Device \Device\00000028
Device \Driver\WudfPf \Device\ProcessManagement WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Device\Video1
Device \Driver\usbhub \Device\0000009f usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\00000042
Device \Device\00000036
Device \Device\00000029
Device \Driver\NDProxy \Device\NDProxy NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Device\0000000a
Device \Device\00000037
Device \Device\00000043
Device \Device\00000050
Device \Device\RdpDrDvMgr
Device \Driver\Mouclass \Device\PointerClass0 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Video2
Device \Device\0000000b
Device \Device\00000038
Device \Device\00000044
Device \Device\00000051
Device \Driver\Mouclass \Device\PointerClass1 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Processor
Device \Driver\Compbatt \Device\CompositeBattery compbatt.sys (Composite Battery Driver/Microsoft Corporation)
Device \Driver\Compbatt \Device\CompositeBattery ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Video3
Device \Driver\PROCDD \Device\ProcDD PROCDD.SYS (IPS Helper Driver/Lenovo Group Limited)
Device \Driver\PROCDD \Device\ProcDD ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\0000000c
Device \Device\00000039
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\00000045
Device \Driver\usbuhci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Video4
Device \Driver\dmio \Device\DmControl\DmIoDaemon dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmIoDaemon ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmConfig dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmConfig ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmPnP dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmPnP ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmInfo dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmInfo ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\i
Device \Driver\ACPI_HAL \Device\00000053 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000053 hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDrPort rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\BTKRNL \Device\BTKRNL btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.)
Device \Driver\BTKRNL \Device\BTKRNL ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\BTKRNL \Device\BTKRNL btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.)
Device \Driver\PnpManager \Device\00000047 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000047 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{9253803D-A826-462C-95FB-54E6608C3F1A} netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{9253803D-A826-462C-95FB-54E6608C3F1A} ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0002 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0002 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000048 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000048 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbhub \Device\000000a0 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\000000a0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\DLACDBHM \Device\sscdbhook1 DLACDBHM.SYS (Shared Driver Component/Sonic Solutions)
Device \Driver\IpNat \Device\IPNAT ipnat.sys (IP Network Address Translator/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Tcpip \Device\Tcp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000049 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000049 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0010 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0010 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\i2omgmt \Device\I2OExec i2omgmt.SYS (I2O Utility Filter/Microsoft Corporation)
Device \Driver\i2omgmt \Device\I2OExec ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TcUsb \Device\000000a1 tcusb.sys (TouchChip USB Kernel Driver/UPEK Inc.)
Device \Driver\TcUsb \Device\000000a1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-5 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-5 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TVTPktFilter \Device\{B536963E-0DF4-41DD-985D-60FC12384228} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\tvtfilter \Device\TVTFilter tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)
Device \Driver\ACPI \Device\00000057 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDr rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0011 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0011 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\ugtdipow \Device\ugtdipow ugtdipow.sys
Device \Driver\ugtdipow \Device\ugtdipow ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\mdmxsdk \Device\ConexantDiagnosticsServer mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant)
Device \Driver\mdmxsdk \Device\ConexantDiagnosticsServer ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000058 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\CmBatt \Device\AcAdapter0 CmBatt.sys (Control Method Battery Driver/Microsoft Corporation)
Device \Driver\CmBatt \Device\AcAdapter0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Http\Filter
Device \Device\Http\AppPool
Device \Device\Http\Control
Device \Driver\Ftdisk \Device\HarddiskVolume2 ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0013 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0013 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000065 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ks.sys (Kernel CSA Library/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio sysaudio.sys (System Audio WDM Filter/Microsoft Corporation)
Device \Driver\TVTPktFilter \Device\TVTPktFilter NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0020 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0020 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0007 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0007 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume3 ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume3 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0

Die Anti Vir Meldung war zwischendurch mal wieder da!

Kiesopfer

28.06.2010 08:31

Protokoll GMER Teil 4:

Device \Device\Ide\PciIde0
Device \Driver\atmeltpm \Device\TPM0 atmeltpm.sys (Atmel TPM Driver/Atmel, Inc.)
Device \Driver\atmeltpm \Device\TPM0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000067 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPIEC \Device\ACPIEC ACPIEC.sys (ACPI Embedded Controllertreiber/Microsoft Corporation)
Device \Driver\ACPIEC \Device\ACPIEC ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0015 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0015 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\PptpMiniport \Device\{AD96B222-A779-47A1-A146-0DC129E2E8A8} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\00000068 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\Pcmcia \Device\Pcmcia0 pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation)
Device \Driver\Pcmcia \Device\Pcmcia0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PxHelp20 \Device\PxHelperDevice0 PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)
Device \Driver\CmBatt \Device\ControlMethodBattery0 CmBatt.sys (Control Method Battery Driver/Microsoft Corporation)
Device \Driver\CmBatt \Device\ControlMethodBattery0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0009 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0009 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \FileSystem\DRVNDDM \Device\drvnddm DRVNDDM.SYS (Device Driver Manager/Sonic Solutions)
Device \FileSystem\DRVNDDM \Device\drvnddm ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000069 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0017 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0017 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000077 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000090 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0018 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0018 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\HSF_DPV \Device\HSF_MDMDevice0 HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.)
Device \Driver\HSF_DPV \Device\HSF_MDMDevice0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003e ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003e ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TSMAPIP \Device\TSMAPIP TSMAPIP.SYS
Device \Driver\TSMAPIP \Device\TSMAPIP ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\RasPppoe \Device\{9EB255F7-2D72-47A6-AB33-CC1AA0618E35} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\adfs \Device\ADVirtualDisk\Volume adfs.SYS (Adobe Drive File System Driver/Adobe Systems, Inc.)
Device \Driver\adfs \Device\ADVirtualDisk\Volume ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\adfs \Device\ADVirtualDisk\Volume ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\adfs \Device\ADVirtualDisk\Control adfs.SYS (Adobe Drive File System Driver/Adobe Systems, Inc.)
Device \Driver\adfs \Device\ADVirtualDisk\Control ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\adfs \Device\ADVirtualDisk\Control ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000091 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\TVTPktFilter \Device\{BDF03991-86F2-4481-A746-86A45DCDE557} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TDSMAPI \Device\TDSMAPI TDSMAPI.SYS
Device \Driver\TDSMAPI \Device\TDSMAPI ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000078 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0019 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0019 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\NETw4x32 \Device\{9253803D-A826-462C-95FB-54E6608C3F1A} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\00000092 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000079 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004c ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004c ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\AEAudioService \Device\DsdaFilter AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation)
Device \Driver\ACPI \Device\0000005a ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000093 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\Shockprf \Device\Shockpf0 Apsx86.sys (Shockproof Disk Driver/Lenovo.)
Device \Driver\PnpManager \Device\0000004d ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004d ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TPPWRIF \Device\TPPWRIF Tppwrif.sys
Device \Driver\TPPWRIF \Device\TPPWRIF ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager MountMgr.sys (Mount Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004e ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004e ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005b ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\BTKRNL \Device\00000094 btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.)
Device \Driver\BTKRNL \Device\00000094 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\BTKRNL \Device\00000094 btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.)
Device \Driver\ssmdrv \Device\ssmctl ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\ssmdrv \Device\ssmctl ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\EGATHDRV \Device\egathdrv EGATHDRV.SYS (IBM eGatherer Kernel Module/IBM Corporation)
Device \Driver\EGATHDRV \Device\egathdrv ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\e1express \Device\{08D58BAD-64B7-468C-97BD-67603609B453} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005c ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\Srv \Device\LanmanServer srv.sys (Server driver/Microsoft Corporation)
Device \Driver\Wanarp \Device\WANARP wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)
Device \Driver\Shockprf \Device\ShockMgr Apsx86.sys (Shockproof Disk Driver/Lenovo.)
Device \Driver\ACPI \Device\0000005d ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\HDAudBus \Device\00000096 HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider)
Device \Driver\e1express \Device\INTELPRO_{08D58BAD-64B7-468C-97BD-67603609B453} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Smapint \Device\Smapi0 Smapint.sys (SMAPI I/O/Microsoft Corporation)
Device \Driver\Smapint \Device\Smapi0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Device\Harddisk0\DP(1)0x7e00-0x1bf267a200+2
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006a ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWanIp NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\irda \Device\IrDA irda.sys (IRDA Protocol Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\RawIp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Device\Harddisk1\DP(1)0x7e00-0x118b0e2200+3
Device \Driver\Disk \Device\Harddisk1\DR1 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk1\DR1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Harddisk1\DP(2)0x118b0ea000-0x116b38000+4
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006b ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\Modem \Device\00000098 Modem.SYS (Modemgerätetreiber/Microsoft Corporation)
Device \Driver\Modem \Device\00000098 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006c ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\usbhub \Device\00000099 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000099 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\pmem \Device\PMEM pmemnt.sys (Physical Memory Driver/Microsoft Corporation)
Device \Driver\pmem \Device\PMEM ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006d ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ANC \Device\{9253803D-A826-462C-95FB-54E6608C3F1A}_ANC83Monitor ANC.SYS (IBM Access Connections - ANC/IBM Corp.)
Device \Driver\ANC \Device\{9253803D-A826-462C-95FB-54E6608C3F1A}_ANC83Monitor ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ipsec.sys (IPSec Driver/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006e ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000007b ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\dmload \Device\DmLoader dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.)
Device \Driver\dmload \Device\DmLoader ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000005 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000005 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\BTDriver \Device\BtPort0 btport.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation.)
Device \Driver\BTDriver \Device\BtPort0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\HSFHWAZL \Device\MICH_AZ0 HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.)
Device \Driver\HSFHWAZL \Device\MICH_AZ0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWan NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\isapnp \Device\0000006f isapnp.sys (PNP-ISA-Bustreiber/Microsoft Corporation)
Device \Driver\isapnp \Device\0000006f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000007c ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\lenovo.smi \Device\lenovo.smi smiif32.sys (SMI Driver for Lenovo system/Lenovo Group Limited)
Device \Driver\lenovo.smi \Device\lenovo.smi ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\DRVMCDB \Device\drvmcdb DRVMCDB.SYS (Device Driver/Sonic Solutions)
Device \Driver\DRVMCDB \Device\drvmcdb ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \Driver\Gpc \Device\Gpc msgpc.sys (MS General Packet Classifier/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000007d ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-4 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PrivateDisk \Device\PrivateDisk PrivateDiskM.sys (SafeGuard® PrivateDisk Driver/Utimaco Safeware AG)
Device \Driver\PrivateDisk \Device\PrivateDisk ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TPHKDRV \Device\TPHKDRV TPHKDRV.sys (ThinkPad Hotkey Driver/Lenovo Group Limited)
Device \Driver\TPHKDRV \Device\TPHKDRV ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\winachsf \Device\Winachsf0 HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.)
Device \Driver\winachsf \Device\Winachsf0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \Driver\IBMTPCHK \Device\IBMBLDID IBMBLDID.sys
Device \Driver\IBMTPCHK \Device\IBMBLDID ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Mup \Device\WinDfs\Root Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000009a ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\avipbb \Device\avipbb avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)
Device \Driver\avipbb \Device\avipbb ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \
Device \FileSystem\Fastfat \Fat Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat

Kiesopfer

28.06.2010 08:32

Protokoll GMER Teil 5:

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\avgntflt \FileSystem\Filters\avgntflt avgntflt.sys (Avira Minifilter Driver/Avira GmbH)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\Filters\SystemRestore
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\DLAIFS_M \GLOBAL??\DLAIFS DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\DLAIFS_M \GLOBAL??\DLAIFS ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\DLAIFS_M \GLOBAL??\DLAIFS ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 804D7000-806E5000 (2154496 bytes)
Module \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E5000-80705D00 (134400 bytes)
Module \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation) BA5A8000-BA5AA000 (8192 bytes)
Module \WINDOWS\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) BA4B8000-BA4BB000 (12288 bytes)
Module ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation) B9F78000-B9FA7000 (192512 bytes)
Module \WINDOWS\system32\DRIVERS\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) BA5AA000-BA5AC000 (8192 bytes)
Module pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation) B9F67000-B9F78000 (69632 bytes)
Module isapnp.sys (PNP-ISA-Bustreiber/Microsoft Corporation) BA0A8000-BA0B2000 (40960 bytes)
Module compbatt.sys (Composite Battery Driver/Microsoft Corporation) BA4BC000-BA4BF000 (12288 bytes)
Module \WINDOWS\system32\DRIVERS\BATTC.SYS (Battery Class Driver/Microsoft Corporation) BA4C0000-BA4C4000 (16384 bytes)
Module pciide.sys (Allgemeiner PCI IDE Bustreiber/Microsoft Corporation) BA670000-BA671000 (4096 bytes)
Module \WINDOWS\system32\DRIVERS\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) BA328000-BA32F000 (28672 bytes)
Module pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation) B9F49000-B9F67000 (122880 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) BA0B8000-BA0C3000 (45056 bytes)
Module ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation) B9F2A000-B9F49000 (126976 bytes)
Module dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) BA5AC000-BA5AE000 (8192 bytes)
Module dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software) B9F04000-B9F2A000 (155648 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) BA330000-BA335000 (20480 bytes)
Module ACPIEC.sys (ACPI Embedded Controllertreiber/Microsoft Corporation) BA4C4000-BA4C7000 (12288 bytes)
Module \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS (ACPI Operation Registration Driver/Microsoft Corporation) BA671000-BA672000 (4096 bytes)
Module VolSnap.sys (Volumeschattenkopie-Treiber/Microsoft Corporation) BA0C8000-BA0D6000 (57344 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9EEC000-B9F04000 (98304 bytes)
Module iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) B9E11000-B9EEC000 (897024 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) BA0D8000-BA0E1000 (36864 bytes)
Module \WINDOWS\system32\DRIVERS\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) BA0E8000-BA0F5000 (53248 bytes)
Module fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) B9DF1000-B9E11000 (131072 bytes)
Module sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation) B9DDF000-B9DF1000 (73728 bytes)
Module DRVMCDB.SYS (Device Driver/Sonic Solutions) B9DC9000-B9DDF000 (90112 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) BA0F8000-BA102000 (40960 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) B9DB2000-B9DC9000 (94208 bytes)
Module WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) B9D9F000-B9DB2000 (77824 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) B9D12000-B9D9F000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9CE5000-B9D12000 (184320 bytes)
Module Apsx86.sys (Shockproof Disk Driver/Lenovo.) B9CC5000-B9CE5000 (131072 bytes)
Module ApsHM86.sys (ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver/Lenovo.) BA108000-BA111000 (36864 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) B9CAB000-B9CC5000 (106496 bytes)
Module \SystemRoot\system32\DRIVERS\intelppm.sys (Prozessorgerätetreiber/Microsoft Corporation) BA218000-BA222000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B9693000-B9BA2000 (5304320 bytes)
Module \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B967F000-B9693000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9657000-B967F000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\e1e5132.sys (Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver/Intel Corporation) B961A000-B9657000 (249856 bytes)
Module \SystemRoot\system32\DRIVERS\NETw4x32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) B93FE000-B961A000 (2211840 bytes)
Module \SystemRoot\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) BA440000-BA446000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B93DA000-B93FE000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) BA470000-BA478000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation) BA248000-BA255000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation) BA490000-BA497000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) B93A2000-B93DA000 (229376 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) BA5D0000-BA5D2000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mausklassentreiber/Microsoft Corporation) BA368000-BA36E000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\atmeltpm.sys (Atmel TPM Driver/Atmel, Inc.) BA370000-BA378000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) B9BAA000-B9BAE000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\ibmpmdrv.sys (ThinkPad Power Management Driver/Lenovo.) BA380000-BA385000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.) B92D1000-B93A2000 (856064 bytes)
Module \SystemRoot\system32\DRIVERS\tvtpktfilter.sys (TVT NDIS 5.1 Intermediate Miniport Filter Driver/Lenovo Group Limited) BA3F8000-BA3FD000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) BA6F3000-BA6F4000 (4096 bytes)
Module \SystemRoot\system32\DRIVERS\rasirda.sys (IrDA WAN Miniport Driver/Microsoft Corporation) BA408000-BA40D000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) BA418000-BA41D000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) BA258000-BA265000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) BA5A0000-BA5A3000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) B92BA000-B92D1000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) BA268000-BA273000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) BA278000-BA284000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) BA468000-BA46D000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) BA480000-BA485000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) B9262000-B9292000 (196608 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) BA288000-BA292000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\psadd.sys (SMBIOS Driver/Lenovo (United States) Inc.) BA360000-BA366000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) BA5D8000-BA5DA000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) B923F000-B9262000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) B91E1000-B923F000 (385024 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) B9C6F000-B9C73000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\btport.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation.) BA428000-BA42F000 (28672 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) BA2C8000-BA2D2000 (40960 bytes)
Module \SystemRoot\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver(Release Candidate 1)/Analog Devices, Inc.) B1168000-B1197000 (192512 bytes)
Module \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) B1144000-B1168000 (147456 bytes)
Module \SystemRoot\system32\drivers\drmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) BA2F8000-BA307000 (61440 bytes)
Module \SystemRoot\system32\drivers\AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation) B112D000-B1144000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) B10F9000-B112D000 (212992 bytes)
Module \SystemRoot\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) B1007000-B10F9000 (991232 bytes)
Module \SystemRoot\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) B0F54000-B1007000 (733184 bytes)
Module \SystemRoot\System32\Drivers\Modem.SYS (Modemgerätetreiber/Microsoft Corporation) BA350000-BA358000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) BA138000-BA147000 (61440 bytes)
Module \SystemRoot\System32\Drivers\i2omgmt.SYS (I2O Utility Filter/Microsoft Corporation) B92AE000-B92B1000 (12288 bytes)
Module \SystemRoot\System32\Drivers\AFS2K.SYS (Audio File System/Oak Technology Inc.) BA148000-BA152000 (40960 bytes)
Module \SystemRoot\System32\Drivers\DLACDBHM.SYS (Shared Driver Component/Sonic Solutions) BA5EA000-BA5EC000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) BA5EE000-BA5F0000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) BA75F000-BA760000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) BA5F2000-BA5F4000 (8192 bytes)
Module \SystemRoot\System32\Drivers\DLARTL_N.SYS (Shared Driver Component/Sonic Solutions) BA3C0000-BA3C6000 (24576 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) BA3D0000-BA3D6000 (24576 bytes)
Module \SystemRoot\System32\Drivers\mnmdd.SYS (Frame buffer simulator/Microsoft Corporation) BA5F6000-BA5F8000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) BA5FA000-BA5FC000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) BA3E0000-BA3E5000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) BA3F0000-BA3F8000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) B929E000-B92A1000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) B0E39000-B0E4C000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) BA168000-BA171000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) B0DE0000-B0E39000 (364544 bytes)
Module \SystemRoot\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) B0DB8000-B0DE0000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) B0D92000-B0DB8000 (155648 bytes)
Module \SystemRoot\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) BA178000-BA181000 (36864 bytes)
Module \SystemRoot\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) B0D70000-B0D92000 (139264 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) BA188000-BA191000 (36864 bytes)
Module \SystemRoot\System32\drivers\TSMAPIP.SYS BA448000-BA44D000 (20480 bytes)
Module \SystemRoot\System32\drivers\Tppwrif.sys BA450000-BA455000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\TPHKDRV.sys (ThinkPad Hotkey Driver/Lenovo Group Limited) BA460000-BA465000 (20480 bytes)
Module \SystemRoot\System32\drivers\TDSMAPI.SYS BA478000-BA47E000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) BA498000-BA49E000 (24576 bytes)
Module \SystemRoot\System32\drivers\Smapint.sys (SMAPI I/O/Microsoft Corporation) BA4A8000-BA4B0000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) B0D25000-B0D50000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) B0CB5000-B0D25000 (458752 bytes)
Module \SystemRoot\system32\DRIVERS\smiif32.sys (SMI Driver for Lenovo system/Lenovo Group Limited) BA608000-BA60A000 (8192 bytes)
Module \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys BA60C000-BA60E000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Fips.SYS (FIPS-Verschlüsselungstreiber/Microsoft Corporation) BA1D8000-BA1E3000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) B0C79000-B0C95000 (114688 bytes)
Module \SystemRoot\System32\Drivers\tcusb.sys (TouchChip USB Kernel Driver/UPEK Inc.) BA1F8000-BA203000 (45056 bytes)
Module \??\C:\Programme\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) BA614000-BA616000 (8192 bytes)
Module \SystemRoot\System32\drivers\ANC.SYS (IBM Access Connections - ANC/IBM Corp.) B91B9000-B91BC000 (12288 bytes)
Module \SystemRoot\System32\Drivers\dump_iaStor.sys B0B76000-B0C51000 (897024 bytes)
Module \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation) BF800000-BF9C4000 (1851392 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) B0C6D000-B0C70000 (12288 bytes)
Module \SystemRoot\System32\watchdog.sys (Watchdog Driver/Microsoft Corporation) BA3E8000-BA3ED000 (20480 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) BF000000-BF012000 (73728 bytes)
Module \SystemRoot\System32\drivers\dxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) BA7A8000-BA7A9000 (4096 bytes)
Module \SystemRoot\System32\ati2dvag.dll (ATI Radeon WindowsNT Display Driver/ATI Technologies Inc.) BF012000-BF062000 (327680 bytes)
Module \SystemRoot\System32\ati2cqag.dll (Central Memory Manager / Queue Server Module/ATI Technologies Inc.) BF062000-BF0EB000 (561152 bytes)
Module \SystemRoot\System32\atikvmag.dll (Virtual Command And Memory Manager/ATI Technologies Inc.) BF0EB000-BF158000 (446464 bytes)
Module \SystemRoot\System32\atiok3x2.dll (Ring 0 x2 component/ATI Technologies Inc.) BF158000-BF19B000 (274432 bytes)
Module \SystemRoot\System32\ati3duag.dll (ati3duag.dll/ATI Technologies Inc. ) BF19B000-BF55B000 (3932160 bytes)
Module \SystemRoot\System32\ativvaxx.dll (Radeon Video Acceleration Universal Driver/ATI Technologies Inc. ) BF55B000-BF7A0000 (2379776 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) AE7D2000-AE7E6000 (81920 bytes)
Module \SystemRoot\System32\Drivers\DRVNDDM.SYS (Device Driver Manager/Sonic Solutions) AE8F6000-AE900000 (40960 bytes)
Module \SystemRoot\System32\DLA\DLADResN.SYS (Drive Letter Access Component/Sonic Solutions) BA753000-BA754000 (4096 bytes)
Module \SystemRoot\System32\DLA\DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) AE7BC000-AE7D2000 (90112 bytes)
Module \SystemRoot\System32\DLA\DLAOPIOM.SYS (Drive Letter Access Component/Sonic Solutions) AE812000-AE816000 (16384 bytes)
Module \SystemRoot\System32\DLA\DLAPoolM.SYS (Drive Letter Access Component/Sonic Solutions) BA5CA000-BA5CC000 (8192 bytes)
Module \SystemRoot\System32\DLA\DLABOIOM.SYS (Drive Letter Access Component/Sonic Solutions) BA390000-BA397000 (28672 bytes)
Module \SystemRoot\System32\DLA\DLAUDFAM.SYS (Drive Letter Access Component/Sonic Solutions) AE77C000-AE794000 (98304 bytes)
Module \SystemRoot\System32\DLA\DLAUDF_M.SYS (Drive Letter Access Component/Sonic Solutions) AE766000-AE77C000 (90112 bytes)
Module \SystemRoot\system32\DRIVERS\irda.sys (IRDA Protocol Driver/Microsoft Corporation) AE4A8000-AE4BE000 (90112 bytes)
Module \SystemRoot\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) B0C71000-B0C75000 (16384 bytes)
Module \SystemRoot\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) AE303000-AE318000 (86016 bytes)
Module \SystemRoot\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) AE400000-AE40F000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) AE028000-AE055000 (184320 bytes)
Module \SystemRoot\system32\DRIVERS\PROCDD.SYS (IPS Helper Driver/Lenovo Group Limited) BA410000-BA417000 (28672 bytes)
Module \SystemRoot\System32\Drivers\adfs.SYS (Adobe Drive File System Driver/Adobe Systems, Inc.) ACD3A000-ACD4B000 (69632 bytes)
Module \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS (IBM eGatherer Kernel Module/IBM Corporation) BA5BC000-BA5BE000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) AC898000-AC8EF000 (356352 bytes)
Module \SystemRoot\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) ACAAD000-ACAB1000 (16384 bytes)
Module \??\C:\WINDOWS\System32\drivers\pmemnt.sys (Physical Memory Driver/Microsoft Corporation) BA5DE000-BA5E0000 (8192 bytes)
Module \??\C:\Programme\Lenovo\SafeGuard_PrivateDisk\PrivateDiskM.sys (SafeGuard® PrivateDisk Driver/Utimaco Safeware AG) ACB15000-ACB24000 (61440 bytes)
Module \??\C:\Programme\SMI2\smi2.sys (SMI BIOS driver/IBM Corp.) BA7DF000-BA7E0000 (4096 bytes)
Module \??\C:\WINDOWS\system32\drivers\tvtfilter.sys (Rescue and Recovery filter driver/Lenovo) AC768000-AC76C000 (16384 bytes)
Module \SystemRoot\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) AC19F000-AC1E0000 (266240 bytes)
Module \??\C:\DOKUME~1\Norman\LOKALE~1\Temp\ugtdipow.sys (GMER) ABB05000-ABB1C000 (94208 bytes)
Module \SystemRoot\System32\Drivers\Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) ABAB6000-ABADA000 (147456 bytes)
Module \SystemRoot\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) ABA8B000-ABAB6000 (176128 bytes)
Module \WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 7C910000-7C9C9000 (757760 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Update Service Scheduler/InstallShield Software Corporation) 244
Library C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Update Service Scheduler/InstallShield Software Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000

Process C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (scheduler_proxy Application/Lenovo Group Limited) 276
Library C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (scheduler_proxy Application/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\MFC71U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x00480000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC71DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\sensapi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x72240000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation)

Kiesopfer

28.06.2010 08:33

Protokoll GMER Teil 6:

Process C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (ThinkPad EasyEject Support Application/Lenovo Group Ltd.) 356
Library C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (ThinkPad EasyEject Support Application/Lenovo Group Ltd.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\oledlg.dll (Unterstützung für die Microsoft Windows(R) OLE 2.0-Benutzeroberfläche/Microsoft Corporation) 0x74CB0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEPRO32.DLL (Microsoft Corporation) 0x5F1A0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\GR\EzMApRes.dll (Resources for EzEjMnAp.exe/Lenovo Group Ltd.) 0x10000000
Library C:\WINDOWS\system32\CfgMgr32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000

Process C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Access Connections Tray Status Application/Lenovo ) 380
Library C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Access Connections Tray Status Application/Lenovo ) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll (Access Connections Location Settings Module/Lenovo ) 0x0A000000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\Programme\ThinkPad\ConnectUtilities\ACGUIHlpr.dll (Access Connections GUI Helper Module/Lenovo ) 0x10000000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll (Access Connections Main Service Stub Module/Lenovo ) 0x00380000
Library C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll (Access Connections Helper Module/Lenovo ) 0x003B0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll (Access Connections Crypt Helper Module/Lenovo ) 0x00430000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MFC71U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x004B0000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76320000
Library C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll (Access Connections Profile Manager Module/Lenovo ) 0x08000000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC71DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll 0x00B30000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00C50000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll 0x00FD0000

Process C:\WINDOWS\system32\wuauclt.exe (Windows Update/Microsoft Corporation) 456
Library C:\WINDOWS\system32\wuauclt.exe (Windows Update/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003C0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\wsock32.dll (Windows Socket-32-Bit-DLL/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\wuaueng.dll (Windows Update Agent/Microsoft Corporation) 0x50040000
Library C:\WINDOWS\system32\ESENT.dll (Server-Datenbankspeichermodul/Microsoft Corporation) 0x5E200000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\IPHLPAPI.DLL (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D5C0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x750D0000
Library C:\WINDOWS\system32\mspatcha.dll (Microsoft(R) Patch Engine/Microsoft Corporation) 0x604A0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00FC0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\wups2.dll (Windows Update client proxy stub 2/Microsoft Corporation) 0x50F00000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 484
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00760000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x008D0000
Library c:\windows\system32\webclnt.dll (Web DAV Service DLL/Microsoft Corporation) 0x5AA50000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000

Process C:\WINDOWS\System32\smss.exe (Windows NT-Sitzungs-Manager/Microsoft Corporation) 580
Library C:\WINDOWS\System32\smss.exe (Windows NT-Sitzungs-Manager/Microsoft Corporation) 0x48580000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000

Process C:\Programme\Picasa2\PicasaMediaDetector.exe (Picasa/Google Inc.) 604
Library C:\Programme\Picasa2\PicasaMediaDetector.exe (Picasa/Google Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\STI.dll (Digitalbildgeräte-Client-DLL/Microsoft Corporation) 0x73B10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\setupapi.DLL (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003C0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00DB0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation)

Kiesopfer

28.06.2010 08:34

Protokoll GMER Teil 7:

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 628
Library C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A680000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75AE0000
Library C:\WINDOWS\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75AF0000
Library C:\WINDOWS\system32\winsrv.dll (Windows-Server-DLL/Microsoft Corporation) 0x75B00000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x76970000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation) 660
Library C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\NDdeApi.dll (Netzwerk-DDE Share Management-APIs/Microsoft Corporation) 0x758E0000
Library C:\WINDOWS\system32\PROFMAP.dll (Userenv/Microsoft Corporation) 0x758D0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76B70000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x005F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\MSGINA.dll (Windows-Anmeldungs-GINA-DLL/Microsoft Corporation) 0x75910000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x745D0000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Ressourcen/Microsoft Corporation) 0x1F840000
Library C:\WINDOWS\system32\SHSVCS.dll (Windows-Shelldienste-DLL/Microsoft Corporation) 0x776B0000
Library C:\WINDOWS\system32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76B60000
Library C:\WINDOWS\system32\sfc_os.dll (Windows-Dateischutz/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\WINSCARD.DLL (Microsoft Smartcard-API/Microsoft Corporation) 0x72360000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x76970000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\Ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x10000000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\cscdll.dll (Offlinenetzwerk-Agent/Microsoft Corporation) 0x765A0000
Library C:\WINDOWS\System32\dimsntfy.dll (DIMS Notification Handler/Microsoft Corporation) 0x47120000
Library C:\WINDOWS\system32\WlNotify.dll (Common DLL to receive Winlogon notifications/Microsoft Corporation) 0x758F0000
Library C:\WINDOWS\system32\MPR.dll (Router-DLL für Mehrfachanbieter/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll (Adobe Drive Network Provider/Adobe Systems Incorporated) 0x01F30000
Library C:\WINDOWS\system32\cscui.dll (Clientseitige Cachebenutzeroberfläche/Microsoft Corporation) 0x779F0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C40000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76740000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x01790000
Library C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Away Manager notification package./Lenovo Group Limited) 0x014D0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72C90000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Soundmapper/Microsoft Corporation) 0x72C80000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI-Mapper/Microsoft Corporation) 0x77BA0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000

Process C:\WINDOWS\system32\services.exe (Anwendung für Dienste und Controller/Microsoft Corporation) 708
Library C:\WINDOWS\system32\services.exe (Anwendung für Dienste und Controller/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5FB60000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\SCESRV.dll (Windows-Sicherheitskonfigurations-Editormodul/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\umpnpmgr.dll (Plug & Play-Dienst (Benutzermodus)/Microsoft Corporation) 0x7DBB0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcAdProc.dll (Windows Compatibility DLL/Microsoft Corporation) 0x47440000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003B0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\eventlog.dll (Ereignisprotokolldienst/Microsoft Corporation) 0x772D0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 720
Library C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\LSASRV.dll (LSA-Server-DLL/Microsoft Corporation) 0x753D0000
Library C:\WINDOWS\system32\MPR.dll (Router-DLL für Mehrfachanbieter/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76750000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\SAMSRV.dll (SAM Server-DLL/Microsoft Corporation) 0x743C0000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76740000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00680000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\msprivs.dll (Microsoft Privilege Translations/Microsoft Corporation) 0x4D200000
Library C:\WINDOWS\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x71C70000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C40000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\netlogon.dll (Net Logon Services DLL/Microsoft Corporation) 0x74430000
Library C:\WINDOWS\system32\w32time.dll (Windows-Zeitdienst/Microsoft Corporation) 0x76770000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\wdigest.dll (Microsoft Digest Access/Microsoft Corporation) 0x7F000000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\scecli.dll (Clientmodul für Windows-Sicherheitskonfigurations-Editor/Microsoft Corporation) 0x7D520000
Library C:\WINDOWS\system32\ipsecsvc.dll (Windows IPSec-SPD-Server-DLL/Microsoft Corporation) 0x74350000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\oakley.DLL (Oakley-Schlüssel-Manager/Microsoft Corporation) 0x756C0000
Library C:\WINDOWS\system32\WINIPSEC.DLL (Windows IPSec SPD Client DLL/Microsoft Corporation) 0x742E0000
Library C:\WINDOWS\system32\pstorsvc.dll (Server für den Dienst für den geschützten Speicher/Microsoft Corporation) 0x74310000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\dssenh.dll (Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider/Microsoft Corporation) 0x68100000
Library C:\WINDOWS\system32\psbase.dll (Standardanbieter für den geschützten Speicher/Microsoft Corporation)

Kiesopfer

28.06.2010 08:34

Protokoll GMER Teil 8:

Process C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (PrivateDisk Service/Utimaco Safeware AG) 724
Library C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (PrivateDisk Service/Utimaco Safeware AG) 0x1C400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\Programme\Lenovo\SafeGuard PrivateDisk\PDLib.dll (PDLib DLL/Utimaco Safeware AG) 0x1C000000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\MFC71U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x7C250000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x00380000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC71DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\Programme\Lenovo\SafeGuard PrivateDisk\PDLib0407.dll (PDLib DLL/Utimaco Safeware AG) 0x10000000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00980000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice0407.dll (PrivateDisk Service/Utimaco Safeware AG) 0x00270000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Process C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (ThinkVantage Productivity Center Manager/Lenovo Group Limited) 792
Library C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (ThinkVantage Productivity Center Manager/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\MFC42u.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x5F800000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC42LOC.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x61DC0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00D00000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74E70000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75210000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74E50000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75620000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76750000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\PROGRA~1\THINKV~2\PrdCtr\GR\LPRESMGR.DLL (ThinkVantage Productivity Center Manager/Lenovo Group Limited) 0x10000000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x01420000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x74900000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\MFC71U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x01BA0000
Library C:\WINDOWS\system32\MFC71DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\Programme\ThinkPad\ConnectUtilities\Res\GR\TrayRes.dll (Access Connections Tray Resource/Lenovo ) 0x01CC0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\sensapi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x72240000

Process C:\WINDOWS\system32\ibmpmsvc.exe (ThinkPad Power Management Service/Lenovo.) 924
Library C:\WINDOWS\system32\ibmpmsvc.exe (ThinkPad Power Management Service/Lenovo.) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x008C0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000

Process C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 960
Library C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\powrprof.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74A50000
Library C:\WINDOWS\system32\cfgMgr32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x00E80000
Library C:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.) 0x10000000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 984
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00760000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A30000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00950000
Library c:\windows\system32\termsrv.dll (Terminaldienste/Microsoft Corporation) 0x761D0000
Library c:\windows\system32\ICAAPI.dll (DLL Interface to TermDD Device Driver/Microsoft Corporation) 0x74EF0000
Library c:\windows\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library c:\windows\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library c:\windows\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library c:\windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x77690000
Library c:\windows\system32\mstlsapi.dll (Microsoft® Terminal Server Licensing/Microsoft Corporation) 0x75090000
Library c:\windows\system32\ACTIVEDS.dll (ADs Router-Ebene-DLL/Microsoft Corporation) 0x77C90000
Library c:\windows\system32\adsldpc.dll (DLL für ADs LDAP Provider C/Microsoft Corporation) 0x76DD0000
Library c:\windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76AD0000
Library C:\WINDOWS\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76B70000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

Kiesopfer

28.06.2010 08:35

Protokoll GMER Teil 9:

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1092
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00760000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A30000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00950000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76F70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76F80000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000

Process C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Access Connections Main Service/Lenovo ) 1104
Library C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Access Connections Main Service/Lenovo ) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll (Access Connections Location Settings Module/Lenovo ) 0x0A000000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll (Access Connections Profile Manager Module/Lenovo ) 0x08000000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll (Access Connections Crypt Helper Module/Lenovo ) 0x10000000
Library C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll (Access Connections Helper Module/Lenovo ) 0x00360000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\Programme\ThinkPad\ConnectUtilities\ACON.dll (Access Connections ACON Module/Lenovo ) 0x09000000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00380000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\RASAPI32.dll (RAS-API/Microsoft Corporation) 0x76EA0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E50000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telefonie-API-Client-DLL/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E40000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll (Access Connections Turin Support Module/Lenovo ) 0x00390000
Library C:\Programme\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll (ThinkVantage Access Connections SMBIOS Helper Module/Lenovo) 0x003A0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\Programme\ThinkPad\ConnectUtilities\AcSvcHlpr.dll (Access Connections Main Service Helper Module/Lenovo ) 0x06000000
Library C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll (Access Connections Adapters Info Module/Lenovo ) 0x003C0000
Library C:\Programme\ThinkPad\ConnectUtilities\ANCA.dll (IBM Access Connections - ANC/IBM Corp.) 0x00440000
Library C:\Programme\ThinkPad\ConnectUtilities\ANC.dll (IBM Access Connections - ANC/IBM Corp.) 0x003F0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll (Access Connections Main Service Stub Module/Lenovo ) 0x00460000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x012F0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x018D0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1152
Library C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\System32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\System32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\System32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\System32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00760000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\System32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\System32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\System32\wsock32.dll (Windows Socket-32-Bit-DLL/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\System32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\System32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00B90000
Library c:\windows\system32\shsvcs.dll (Windows-Shelldienste-DLL/Microsoft Corporation) 0x776B0000
Library C:\WINDOWS\System32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\System32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\System32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\System32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\System32\atl.dll (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76AD0000
Library c:\windows\system32\dhcpcsvc.dll (DHCP Clientdienst/Microsoft Corporation) 0x7D4C0000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library c:\windows\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library c:\windows\system32\wzcsvc.dll (Konfigurationsfreier Dienst für drahtlose Verbindung/Microsoft Corporation) 0x7DB20000
Library c:\windows\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E40000
Library c:\windows\system32\WMI.dll (WMI DC and DP functionality/Microsoft Corporation) 0x76CF0000
Library c:\windows\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library c:\windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library c:\windows\system32\EapolQec.dll (Microsoft EAPOL NAP-Erzwingungsclient/Microsoft Corporation) 0x745C0000
Library c:\windows\system32\QUtil.dll (Quarantänedienstprogramme/Microsoft Corporation) 0x61900000
Library c:\windows\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library c:\windows\system32\dot3api.dll (API für 802.3-Autokonfiguration/Microsoft Corporation) 0x5F8F0000
Library c:\windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library c:\windows\system32\ESENT.dll (Server-Datenbankspeichermodul/Microsoft Corporation) 0x5E200000
Library c:\windows\system32\irmon.dll (Infrarotmonitor/Microsoft Corporation) 0x663A0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C40000
Library C:\WINDOWS\System32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76740000
Library C:\WINDOWS\System32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\System32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\System32\rastls.dll (Remote Access-PPP/Microsoft Corporation) 0x7D4F0000
Library C:\WINDOWS\System32\CRYPTUI.dll (Microsoft Vertrauens-UI-Anbieter/Microsoft Corporation) 0x76880000
Library C:\WINDOWS\System32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\System32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D00000
Library C:\WINDOWS\System32\ACTIVEDS.dll (ADs Router-Ebene-DLL/Microsoft Corporation) 0x77C90000
Library C:\WINDOWS\System32\adsldpc.dll (DLL für ADs LDAP Provider C/Microsoft Corporation) 0x76DD0000
Library C:\WINDOWS\System32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\System32\RASAPI32.dll (RAS-API/Microsoft Corporation) 0x76EA0000
Library C:\WINDOWS\System32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E50000
Library C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows(TM) Telefonie-API-Client-DLL/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\System32\SCHANNEL.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\System32\WinSCard.dll (Microsoft Smartcard-API/Microsoft Corporation) 0x72360000
Library C:\WINDOWS\System32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\System32\wshirda.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x590A0000
Library c:\windows\system32\schedsvc.dll (Taskplaner-Engine/Microsoft Corporation) 0x76B20000
Library c:\windows\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76750000
Library C:\WINDOWS\System32\raschap.dll (Remote Access PPP CHAP/Microsoft Corporation) 0x76CA0000
Library C:\WINDOWS\System32\MSIDLE.DLL (User Idle Monitor/Microsoft Corporation) 0x74ED0000
Library c:\windows\system32\audiosrv.dll (Windows Audio Service/Microsoft Corporation) 0x70DC0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library c:\windows\system32\wkssvc.dll (Workstation Service DLL/Microsoft Corporation) 0x76E00000
Library c:\windows\system32\qmgr.dll (Intelligenter Hintergrundübertragungsdienst/Microsoft Corporation) 0x5AF90000
Library C:\WINDOWS\system32\MPR.dll (Router-DLL für Mehrfachanbieter/Microsoft Corporation) 0x71A80000
Library c:\windows\system32\SHFOLDER.dll (Shell Folder Service/Microsoft Corporation) 0x76730000
Library c:\windows\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D5C0000
Library c:\windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x76CD0000
Library c:\windows\system32\certcli.dll (Microsoft® Zertifikatsdienste-Client/Microsoft Corporation) 0x752D0000
Library C:\WINDOWS\System32\netman.dll (Netzwerkverbindungs-Manager/Microsoft Corporation) 0x77CD0000
Library C:\WINDOWS\System32\netshell.dll (Shell für Netzwerkverbindungen/Microsoft Corporation) 0x763A0000
Library C:\WINDOWS\System32\credui.dll (Benutzerschnittstelle für Anmeldeinformationsverwaltung/Microsoft Corporation) 0x76BC0000
Library C:\WINDOWS\System32\dot3dlg.dll (802.3-UI-Hilfsprogramm/Microsoft Corporation) 0x71260000
Library C:\WINDOWS\System32\OneX.DLL (IEEE 802.1X-Bittstellerbibliothek/Microsoft Corporation) 0x72760000
Library C:\WINDOWS\System32\eappcfg.dll (EAP-Peerkonfiguration/Microsoft Corporation) 0x6DB40000
Library C:\WINDOWS\System32\eappprxy.dll (Microsoft EAPHost Peer Client DLL/Microsoft Corporation) 0x47700000
Library C:\WINDOWS\System32\WZCSAPI.DLL (Wireless Zero Configuration service API/Microsoft Corporation) 0x72FA0000
Library c:\windows\system32\dmserver.dll (LDM-Dienst-DLL (Logical Disk Manager)/Microsoft Corp.) 0x74F10000
Library c:\windows\system32\ersvc.dll (Windows Error Reporting Service/Microsoft Corporation) 0x74F00000
Library c:\windows\system32\es.dll (Microsoft Corporation) 0x776E0000
Library c:\windows\pchealth\helpctr\binaries\pchsvc.dll (Microsoft PCHealth Service Holder/Microsoft Corporation) 0x74EC0000
Library C:\WINDOWS\System32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x76970000
Library C:\WINDOWS\system32\comsvcs.dll (Microsoft Corporation) 0x76090000
Library C:\WINDOWS\system32\colbact.DLL (Microsoft Corporation) 0x750B0000
Library C:\WINDOWS\system32\MTXCLU.DLL (MS DTC amd MTS clustering support DLL/Microsoft Corporation) 0x75070000
Library C:\WINDOWS\System32\CLUSAPI.DLL (Cluster API Library/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\System32\RESUTILS.DLL (Microsoft Cluster Resource Utility DLL/Microsoft Corporation) 0x75030000
Library c:\windows\system32\srvsvc.dll (Server Service DLL/Microsoft Corporation) 0x75010000
Library c:\windows\system32\seclogon.dll (DLL für sekundären Anmeldedienst/Microsoft Corporation) 0x73C90000
Library c:\windows\system32\sens.dll (System Event Notification Service (SENS)/Microsoft Corporation) 0x72260000
Library c:\windows\system32\srsvc.dll (Systemwiederherstellungsdienst/Microsoft Corporation) 0x75120000
Library c:\windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74A50000
Library c:\windows\system32\trkwks.dll (Distributed Link Tracking Client/Microsoft Corporation) 0x74FF0000
Library c:\windows\system32\w32time.dll (Windows-Zeitdienst/Microsoft Corporation) 0x76770000
Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x4F110000
Library C:\WINDOWS\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x75360000
Library c:\windows\system32\wuauserv.dll (Windows Update AutoUpdate Service/Microsoft Corporation) 0x50000000
Library C:\WINDOWS\system32\wuaueng.dll (Windows Update Agent/Microsoft Corporation) 0x50040000
Library C:\WINDOWS\System32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\System32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x750D0000
Library C:\WINDOWS\System32\mspatcha.dll (Microsoft(R) Patch Engine/Microsoft Corporation) 0x604A0000
Library c:\windows\system32\browser.dll (Computer Browser Service DLL/Microsoft Corporation) 0x772F0000
Library C:\WINDOWS\System32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76B60000
Library C:\WINDOWS\System32\sfc_os.dll (Windows-Dateischutz/Microsoft Corporation) 0x76C20000
Library c:\windows\system32\ipnathlp.dll (Microsoft NAT-Hilfskomponenten/Microsoft Corporation) 0x668D0000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x77690000
Library c:\windows\system32\wscsvc.dll (Windows Security Center Service/Microsoft Corporation) 0x4C170000
Library c:\windows\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75210000
Library C:\WINDOWS\system32\wbem\wbemcore.dll (WMI/Microsoft Corporation) 0x76260000
Library C:\WINDOWS\system32\wbem\esscli.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\system32\wbem\FastProx.dll (WMI/Microsoft Corporation) 0x75620000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74E50000
Library C:\WINDOWS\system32\upnp.dll (Universal Plug and Play API/Microsoft Corporation) 0x76DA0000
Library C:\WINDOWS\system32\SSDPAPI.dll (SSDP Client API DLL/Microsoft Corporation) 0x74E80000
Library C:\WINDOWS\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x74FA0000
Library C:\WINDOWS\system32\wups2.dll (Windows Update client proxy stub 2/Microsoft Corporation) 0x50F00000
Library C:\WINDOWS\system32\wbem\repdrvfs.dll (WMI/Microsoft Corporation) 0x75180000
Library c:\windows\system32\tapisrv.dll (Microsoft(R) Windows(R) Telefonieserver/Microsoft Corporation) 0x73350000
Library C:\WINDOWS\system32\netcfgx.dll (Netzwerkkonfigurationsobjekte/Microsoft Corporation) 0x75580000
Library C:\WINDOWS\system32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x42160000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5FB60000
Library c:\windows\system32\rasmans.dll (Remote Access Connection Manager/Microsoft Corporation) 0x7DEE0000
Library c:\windows\system32\WINIPSEC.DLL (Windows IPSec SPD Client DLL/Microsoft Corporation) 0x742E0000
Library C:\WINDOWS\system32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x75310000
Library C:\WINDOWS\System32\unimdm.tsp (Dienstanbieter für Universalmodem 5/Microsoft Corporation) 0x58030000
Library C:\WINDOWS\System32\uniplat.dll (Unimodem AT Mini Driver Platform Driver for Windows NT/Microsoft Corporation) 0x71F90000
Library C:\WINDOWS\System32\rastapi.dll (Remote Access TAPI Compliance Layer/Microsoft Corporation) 0x75490000
Library C:\WINDOWS\System32\unimdmat.dll (Unimodem Service Provider AT Minitreiber/Microsoft Corporation) 0x5B3F0000
Library C:\WINDOWS\system32\modemui.dll (Windows Modemeigenschaften/Microsoft Corporation) 0x61A70000
Library C:\WINDOWS\System32\kmddsp.tsp (TAPI-Kernelmodus-Dienstanbieter/Microsoft Corporation) 0x580B0000
Library C:\WINDOWS\System32\ndptsp.tsp (NDIS-Proxy-TAPI-Dienstanbieter/Microsoft Corporation) 0x58090000
Library C:\WINDOWS\System32\ipconf.tsp (Microsoft Multicastkonferenz-TAPI-Dienstanbieter/Microsoft Corporation) 0x580C0000
Library C:\WINDOWS\System32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76F80000
Library C:\WINDOWS\System32\h323.tsp (Microsoft H.323-Tefefoniedienstanbieter/Microsoft Corporation) 0x580E0000
Library C:\WINDOWS\System32\hidphone.tsp (Microsoft HID-Telefon-TSP/Microsoft Corporation) 0x580D0000
Library C:\WINDOWS\System32\HID.DLL (Hid User Library/Microsoft Corporation) 0x68D90000
Library C:\WINDOWS\System32\rasppp.dll (Remote Access PPP/Microsoft Corporation) 0x721D0000
Library C:\WINDOWS\System32\ntlsapi.dll (Microsoft® License Server Interface DLL/Microsoft Corporation) 0x72420000
Library C:\WINDOWS\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x71C70000
Library C:\WINDOWS\System32\RASQEC.DLL (RAS Quarantine Enforcement Client/Microsoft Corporation) 0x4DB70000
Library C:\WINDOWS\System32\sensapi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x72240000
Library C:\WINDOWS\System32\RASDLG.dll (API für allgemeine RAS-Dialoge/Microsoft Corporation) 0x754D0000
Library C:\WINDOWS\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x5FB30000
Library C:\WINDOWS\System32\XPOB2RES.DLL (Service Pack 2-OOB-Meldungen/Microsoft Corporation) 0x10000000
Library C:\WINDOWS\System32\dssenh.dll (Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider/Microsoft Corporation) 0x68100000
Library C:\WINDOWS\system32\advpack.dll (ADVPACK/Microsoft Corporation)

Kiesopfer

28.06.2010 08:36

Protokoll GMER Teil 10:

Process C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Bluetooth Support Server/Broadcom Corporation.) 1200
Library C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Bluetooth Support Server/Broadcom Corporation.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00BE0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\HID.DLL (Hid User Library/Microsoft Corporation) 0x68D90000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000

Process C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 1220
Library C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\powrprof.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74A50000
Library C:\WINDOWS\system32\cfgMgr32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x01080000
Library C:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x00F80000
Library C:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.) 0x10000000
Library C:\WINDOWS\system32\ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x00FB0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C40000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76740000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1272
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00760000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library c:\windows\system32\wudfsvc.dll (Windows Driver Foundation - User-mode Driver Framework Service/Microsoft Corporation) 0x001A0000
Library c:\windows\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library c:\windows\system32\WUDFPlatform.dll (Windows Driver Foundation - User-mode Platform Library/Microsoft Corporation) 0x00910000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000

Process C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe (ThinkVantage Productivity Center MailChecker/Lenovo Group Limited) 1452
Library C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe (ThinkVantage Productivity Center MailChecker/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\PROGRA~1\THINKV~2\PrdCtr\SSLEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, hxxp://www.openssl.org/) 0x10000000
Library C:\PROGRA~1\THINKV~2\PrdCtr\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, hxxp://www.openssl.org/) 0x00420000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket-32-Bit-DLL/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\MFC42u.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x5F800000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC42LOC.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x61DC0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00E10000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74E70000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75210000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74E50000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75620000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76750000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x014F0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1468
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00760000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library c:\windows\system32\dnsrslvr.dll (DNS-Cacheauflösungsdienst/Microsoft Corporation) 0x76720000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library c:\windows\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1504
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00760000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x008D0000
Library c:\windows\system32\lmhsvc.dll (TCPIP NetBios Transport Services DLL/Microsoft Corporation) 0x74BC0000
Library c:\windows\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library c:\windows\system32\regsvc.dll (Remote Registry Service/Microsoft Corporation) 0x76AA0000
Library c:\windows\system32\ssdpsrv.dll (SSDP Service DLL/Microsoft Corporation) 0x76910000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000

Process C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Away Scheduler/Lenovo Group Limited) 1592
Library C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Away Scheduler/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x10000000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\Programme\Lenovo\AwayTask\AwayAPI.dll (AWAYAPI DLL/Lenovo Group Limited) 0x00370000
Library C:\Programme\Lenovo\AwayTask\AwayDB.dll (AWAYDB DLL/Lenovo Group Limited) 0x00380000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00B10000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Process C:\WINDOWS\system32\rundll32.exe (Eine DLL-Datei als Anwendung ausführen/Microsoft Corporation) 1608
Library C:\WINDOWS\system32\rundll32.exe (Eine DLL-Datei als Anwendung ausführen/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x009E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL (ThinkPad Power Manager Background Monitor and Tray Battery Gauge/Lenovo Group Limited) 0x10000000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x782E0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\mscoree.dll (Microsoft .NET Runtime Execution Engine/Microsoft Corporation) 0x79000000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x4EBA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\GR\PWRMGRRT.DLL 0x00C20000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL 0x00C40000
Library C:\WINDOWS\system32\Sensor.dll (ThinkVantage Active Protection System - Shock Sensor Module/Lenovo.) 0x00CA0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\POWRPROF.DLL (Power Profile Helper DLL/Microsoft Corporation) 0x74A50000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\ATM.DLL (ATM/Lenovo Japan) 0x00CB0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72C90000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Soundmapper/Microsoft Corporation) 0x72C80000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI-Mapper/Microsoft Corporation) 0x77BA0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\mstask.dll (Schnittstellen-DLL für Taskplaner/Microsoft Corporation) 0x73540000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\MPR.dll (Router-DLL für Mehrfachanbieter/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76750000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft .NET Runtime Common Language Runtime - WorkStation/Microsoft Corporation) 0x79E70000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll (Microsoft Common Language Runtime Class Library/Microsoft Corporation) 0x790C0000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll (Microsoft .NET Runtime Just-In-Time Compiler/Microsoft Corporation) 0x79060000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUICtl.dll (Power Manager/Lenovo Group Limited) 0x03390000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76320000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C4C0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\GR\PWRMGRRO.DLL 0x03680000
Library C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll (PresentationFramework.dll/Microsoft Corporation) 0x55A20000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll (.NET Framework/Microsoft Corporation) 0x7A440000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll (WindowsBase.dll/Microsoft Corporation) 0x577B0000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll (PresentationCore.dll/Microsoft Corporation) 0x545E0000
Library C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll (wpfgfx_v0300.dll/Microsoft Corporation) 0x54000000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll (.NET Framework/Microsoft Corporation) 0x7ADE0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x044F0000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\de-DE\PWMUIAux.resources.dll 0x044B0000
Library C:\WINDOWS\system32\d3d9.dll (Microsoft Direct3D/Microsoft Corporation) 0x4FD50000
Library C:\WINDOWS\system32\d3d8thk.dll (Microsoft Direct3D OS Thunk Layer/Microsoft Corporation) 0x6DE80000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll (PresentationFramework.Luna.dll/Microsoft Corporation) 0x56D50000
Library C:\WINDOWS\system32\WindowsCodecs.dll (Microsoft Windows Codecs Library/Microsoft Corporation) 0x71690000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74E70000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75210000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74E50000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75620000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll (UIAutomationProvider.dll/Microsoft Corporation) 0x576D0000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x04BA0000
Library C:\WINDOWS\system32\WtsApi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\Programme\ThinkPad\Utilities\PWRMGR.DLL (Power Manager/Lenovo Group Limited) 0x09830000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL (ATL Module for Windows (Unicode)/Microsoft Corporation) 0x7C630000

Process C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Presentation Director Fn+F7 handler/Lenovo Group Limited) 1636
Library C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Presentation Director Fn+F7 handler/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\IMM32.dll (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation)

Kiesopfer

28.06.2010 08:37

Protokoll GMER Teil 11:

Process C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe (On screen display Fn+Fx handler/Lenovo Group Limited) 1644
Library C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe (On screen display Fn+Fx handler/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00CA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C40000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76740000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000

Process C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe 1688
Library C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\MFC71U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x7C250000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x00360000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC71DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00A80000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000

Process C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.) 1720
Library C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00A70000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\SynCOM.dll (SynCOM/Synaptics, Inc.) 0x10000000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\SynTPAPI.dll (SynTPAPI/Synaptics, Inc.) 0x01050000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000

Process C:\WINDOWS\system32\TpShocks.exe (ThinkVantage Active Protection System/Lenovo.) 1764
Library C:\WINDOWS\system32\TpShocks.exe (ThinkVantage Active Protection System/Lenovo.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003D0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll (ThinkVantage Active Protection System/Lenovo.) 0x10000000
Library C:\WINDOWS\system32\Sensor.dll (ThinkVantage Active Protection System - Shock Sensor Module/Lenovo.) 0x00C20000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Process C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (On screen display message generator for ThinkPad/Lenovo Group Limited) 1772
Library C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (On screen display message generator for ThinkPad/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\IMM32.dll (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll (On screen display driver interface DLL/Lenovo Group Limited) 0x10000000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\Programme\Lenovo\HOTKEY\hkvolkey.dll (vk detecter for volume up/down keys/Lenovo Group Limited) 0x00D10000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72C90000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Soundmapper/Microsoft Corporation) 0x72C80000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI-Mapper/Microsoft Corporation) 0x77BA0000

Process C:\Programme\Analog Devices\Core\smax4pnp.exe (SMax4PNP/Analog Devices, Inc.) 1784
Library C:\Programme\Analog Devices\Core\smax4pnp.exe (SMax4PNP/Analog Devices, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\Programme\Analog Devices\Core\SMWDMIF.dll (SMWDM Interface DLL/Analog Devices, Inc.) 0x10000000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\MFC42.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x73D30000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC42LOC.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x61DC0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003D0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\DSound.dll (DirectSound/Microsoft Corporation) 0x73E70000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72C90000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Soundmapper/Microsoft Corporation) 0x72C80000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI-Mapper/Microsoft Corporation) 0x77BA0000
Library C:\WINDOWS\system32\KsUser.dll (User CSA Library/Microsoft Corporation) 0x73E40000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1840
Library C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\BROWSEUI.dll (Shell Browser UI-Bibliothek/Microsoft Corporation) 0x75F20000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\SHDOCVW.dll (Bibliothek für Shell-Dokumente und -Steuerelemente/Microsoft Corporation) 0x7E1E0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Vertrauens-UI-Anbieter/Microsoft Corporation) 0x76880000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\wsock32.dll (Windows Socket-32-Bit-DLL/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\System32\cscui.dll (Clientseitige Cachebenutzeroberfläche/Microsoft Corporation) 0x779F0000
Library C:\WINDOWS\System32\CSCDLL.dll (Offlinenetzwerk-Agent/Microsoft Corporation) 0x765A0000
Library C:\WINDOWS\system32\themeui.dll (Windows-Design-API/Microsoft Corporation) 0x5B9B0000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76320000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x01610000
Library C:\WINDOWS\system32\actxprxy.dll (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x71CC0000
Library C:\WINDOWS\system32\msutb.dll (MSUTB-Server-DLL/Microsoft Corporation) 0x60010000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF-Server-DLL/Microsoft Corporation) 0x746A0000
Library C:\Programme\PC-Doctor\ATLPcdToolbar551452.dll (Toolbar plugin/PC-Doctor, Inc.) 0x12000000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x4EBA0000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\ntshrui.dll (Shellerweiterungen für Freigaben/Microsoft Corporation) 0x76940000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76AD0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76930000
Library C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x01EA0000
Library C:\WINDOWS\system32\NETSHELL.dll (Shell für Netzwerkverbindungen/Microsoft Corporation) 0x763A0000
Library C:\WINDOWS\system32\credui.dll (Benutzerschnittstelle für Anmeldeinformationsverwaltung/Microsoft Corporation) 0x76BC0000
Library C:\WINDOWS\system32\dot3api.dll (API für 802.3-Autokonfiguration/Microsoft Corporation) 0x5F8F0000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E40000
Library C:\WINDOWS\system32\dot3dlg.dll (802.3-UI-Hilfsprogramm/Microsoft Corporation) 0x71260000
Library C:\WINDOWS\system32\OneX.DLL (IEEE 802.1X-Bittstellerbibliothek/Microsoft Corporation) 0x72760000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\eappcfg.dll (EAP-Peerkonfiguration/Microsoft Corporation) 0x6DB40000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\eappprxy.dll (Microsoft EAPHost Peer Client DLL/Microsoft Corporation) 0x47700000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\dciman32.dll (DCI Manager/Microsoft Corporation) 0x73B30000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\webcheck.dll (Web Site Monitor/Microsoft Corporation) 0x02B60000
Library C:\WINDOWS\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x75DC0000
Library C:\WINDOWS\system32\stobject.dll (Systray-Shell-Serviceobjekt/Microsoft Corporation) 0x765C0000
Library C:\WINDOWS\system32\BatMeter.dll (Batteriemesshilfs-DLL/Microsoft Corporation) 0x74A70000
Library C:\WINDOWS\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74A50000
Library C:\WINDOWS\system32\WPDShServiceObj.dll (Windows Portable Device Shell Service Object/Microsoft Corporation) 0x164A0000
Library C:\WINDOWS\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D5C0000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72C90000
Library C:\WINDOWS\system32\PortableDeviceTypes.dll (Windows Portable Device (Parameter) Types Component/Microsoft Corporation) 0x109C0000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Soundmapper/Microsoft Corporation) 0x72C80000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI-Mapper/Microsoft Corporation) 0x77BA0000
Library C:\WINDOWS\system32\PortableDeviceApi.dll (Windows Portable Device API Components/Microsoft Corporation) 0x10930000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\WINDOWS\system32\MSGINA.dll (Windows-Anmeldungs-GINA-DLL/Microsoft Corporation) 0x75910000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x745D0000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Ressourcen/Microsoft Corporation) 0x1F840000
Library C:\WINDOWS\system32\MPR.dll (Router-DLL für Mehrfachanbieter/Microsoft Corporation) 0x71A80000
Library C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll (Adobe Drive Network Provider/Adobe Systems Incorporated) 0x10000000
Library C:\WINDOWS\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x75F00000
Library C:\WINDOWS\System32\ntlanman.dll (Microsoft(R) LAN-Manager/Microsoft Corporation) 0x71B90000
Library C:\WINDOWS\System32\NETUI0.dll (NT-LM-Benutzerschnittstellen-Standardcode - GUI-Klassen/Microsoft Corporation) 0x71C50000
Library C:\WINDOWS\System32\NETUI1.dll (NT LM UI Common Code - Networking classes/Microsoft Corporation) 0x71C10000
Library C:\WINDOWS\System32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C00000
Library C:\WINDOWS\System32\davclnt.dll (Client-DLL für Web DAV/Microsoft Corporation) 0x75F10000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL (ThinkPad Power Manager Background Monitor and Tray Battery Gauge/Lenovo Group Limited) 0x048F0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x782E0000
Library C:\WINDOWS\system32\mscoree.dll (Microsoft .NET Runtime Execution Engine/Microsoft Corporation) 0x79000000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\GR\PWRMGRRT.DLL 0x01CF0000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL 0x01E60000
Library C:\WINDOWS\system32\Sensor.dll (ThinkVantage Active Protection System - Shock Sensor Module/Lenovo.) 0x031E0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x01D10000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x04AE0000
Library C:\WINDOWS\system32\WZCSAPI.DLL (Wireless Zero Configuration service API/Microsoft Corporation) 0x72FA0000
Library C:\WINDOWS\system32\wzcdlg.dll (Benutzerschnittstelle für den konfigurationsfreien Dienst für drahtlose Verbindung/Microsoft Corporation) 0x4F4A0000

Kiesopfer

28.06.2010 08:38

Protokoll GMER Teil 12:

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1872
Library C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x009E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\SPOOLSS.DLL (Spooler SubSystem DLL/Microsoft Corporation) 0x74250000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76F80000
Library C:\WINDOWS\system32\localspl.dll (Lokale Spooler-DLL/Microsoft Corporation) 0x75E60000
Library C:\WINDOWS\system32\sfc_os.dll (Windows-Dateischutz/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\winspool.drv (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\AdobePDF.dll (Adobe PDF Port Monitor DLL/Adobe Systems Inc) 0x00C20000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\cnbjmon.dll (Sprachüberwachung für Canon Bubble-Jet-Drucker/Microsoft Corporation) 0x74200000
Library C:\WINDOWS\system32\bthcrp.dll (bthcrp DLL/Broadcom Corporation.) 0x10000000
Library C:\WINDOWS\system32\WidcommSdk.dll (WidcommSdk DLL/Broadcom Corporation.) 0x00DD0000
Library C:\WINDOWS\system32\wbtapi.dll (WBTApi DLL/Broadcom Corporation.) 0x00EE0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\WINDOWS\system32\MFC42.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x73D30000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\MFC42LOC.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x61DC0000
Library C:\PROGRA~1\GEMEIN~1\MAYCOM~1\EDOCPR~1\eDocPort.dll (eDocPort DLL/May Software) 0x01210000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\oledlg.dll (Unterstützung für die Microsoft Windows(R) OLE 2.0-Benutzeroberfläche/Microsoft Corporation) 0x74CB0000
Library C:\WINDOWS\system32\hpzlnt07.dll (HP) 0x00FD0000
Library C:\WINDOWS\system32\pjlmon.dll (PJL Language monitor/Microsoft Corporation) 0x741E0000
Library C:\WINDOWS\system32\tcpmon.dll (Standard-TCP/IP-Portmonitor-DLL/Microsoft Corporation) 0x72390000
Library C:\WINDOWS\system32\usbmon.dll (Standard Dynamic Printing Port Monitor DLL/Microsoft Corporation) 0x72380000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76F70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\win32spl.dll (API-DLL für 32-Bit-Spooler/Microsoft Corporation) 0x76550000
Library C:\WINDOWS\system32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C00000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76750000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x01460000
Library C:\WINDOWS\system32\inetpp.dll (Internetdruckanbieter-DLL/Microsoft Corporation) 0x74270000
Library C:\WINDOWS\system32\ADMWPROX.DLL (IIS Admin Com API Proxy dll/Microsoft Corporation) 0x71480000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000

Process C:\Programme\Lenovo\Client Security Solution\cssauth.exe (cssauth/Lenovo Group Limited) 1928
Library C:\Programme\Lenovo\Client Security Solution\cssauth.exe (cssauth/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\Programme\Lenovo\Client Security Solution\cssuserdatadispatcher.dll (User data dispatcher/Lenovo Group Limited) 0x10000000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\Programme\Lenovo\Client Security Solution\csswait.dll (csswait.dll/Lenovo Group Limited) 0x00640000
Library C:\PROGRAMME\GEMEINSAME DATEIEN\LENOVO\tvt_banner.dll (dll to create generic TVT banner./Lenovo Group Limited) 0x00810000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\Programme\Lenovo\Client Security Solution\cssdlgpwentry.dll (dlganswerprompt.dll/Lenovo Group Limited) 0x008C0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\Programme\Lenovo\Client Security Solution\dlganswerprompt.dll (dlganswerprompt.dll/Lenovo Group Limited) 0x009D0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\oledlg.dll (Unterstützung für die Microsoft Windows(R) OLE 2.0-Benutzeroberfläche/Microsoft Corporation) 0x74CB0000
Library C:\Programme\Lenovo\Client Security Solution\tvttsp.dll (tcscom/Lenovo) 0x00370000
Library C:\Programme\Lenovo\Client Security Solution\tcsrpc.dll (calltcsg Dynamic Link Library/Lenovo) 0x00AE0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\Programme\Gemeinsame Dateien\Lenovo\tvt_res.dll (dll to provide ThinkVantage look and feel./Lenovo Group Limited) 0x018C0000
Library C:\WINDOWS\system32\MFC71.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x7C140000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\MFC71DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x012F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76F70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76F80000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x02120000
Library C:\Programme\ThinkVantage Fingerprint Software\pscssint.dll (Lenovo CSS interface/UPEK Inc.) 0x316B0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x4EBA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\Programme\ThinkVantage Fingerprint Software\infra.dll (Infrastructure utility library/UPEK Inc.) 0x30000000
Library C:\Programme\ThinkVantage Fingerprint Software\VTI.DLL (PS QL API interface/UPEK Inc.) 0x31BB0000

Process C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 1944
Library C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\IPHLPAPI.DLL (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78520000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x78480000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00930000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\Programme\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x10000000
Library C:\WINDOWS\system32\WTSAPI32.DLL (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\rasapi32.dll (RAS-API/Microsoft Corporation) 0x76EA0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E50000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telefonie-API-Client-DLL/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E40000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x00960000
Library C:\Programme\Avira\AntiVir Desktop\sqlite3.dll 0x01060000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x01750000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\userenv.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\cryptnet.dll (Crypto Network Related API/Microsoft Corporation) 0x76580000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\SensApi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x72240000
Library C:\WINDOWS\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D5C0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000

Process C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe (Message Center/LENOVO) 1988
Library C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe (Message Center/LENOVO) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\PROGRA~1\THINKV~2\AMSG\AHLPRUNL.dll (AHLPRUN/LENOVO) 0x10000000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\oledlg.dll (Unterstützung für die Microsoft Windows(R) OLE 2.0-Benutzeroberfläche/Microsoft Corporation) 0x74CB0000
Library C:\WINDOWS\system32\OLEPRO32.DLL (Microsoft Corporation) 0x5F1A0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00380000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x00E70000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x76970000
Library C:\WINDOWS\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76930000
Library C:\WINDOWS\system32\ntshrui.dll (Shellerweiterungen für Freigaben/Microsoft Corporation) 0x76940000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76AD0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000

Process C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 2012
Library C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78520000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x78480000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00A20000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\WTSAPI32.DLL (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\Programme\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH) 0x10000000
Library C:\Programme\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH) 0x00F60000
Library C:\Programme\Avira\AntiVir Desktop\sqlite3.dll 0x00F80000
Library C:\Programme\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH) 0x010F0000
Library C:\Programme\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH) 0x01110000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\wintrust.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\Programme\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH) 0x01470000
Library C:\WINDOWS\system32\FLTLIB.DLL (Filter Library/Microsoft Corporation) 0x5E160000
Library C:\Programme\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x015A0000
Library C:\Programme\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x015F0000
Library C:\Programme\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01620000
Library C:\Programme\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01780000
Library C:\Programme\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x017B0000
Library C:\Programme\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01800000
Library C:\Programme\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x018A0000
Library C:\Programme\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software) 0x01920000
Library C:\Programme\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01980000
Library C:\Programme\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x019D0000
Library C:\Programme\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01C80000
Library C:\Programme\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01CD0000
Library C:\Programme\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01D40000
Library C:\Programme\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01DC0000
Library C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x01DE0000

Process C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Drive Letter Access Component/Sonic Solutions) 2044
Library C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Drive Letter Access Component/Sonic Solutions) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\DLAAPI_W.DLL (Drive Letter Access Component/Sonic Solutions) 0x10000000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\System32\DLA\DLACResW.dll (Drive Letter Access Component/Sonic Solutions) 0x00420000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x009A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\Wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00D50000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000

Process E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (AcroTray/Adobe Systems Inc.) 2064
Library E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (AcroTray/Adobe Systems Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\OLEACC.dll (Active Accessibility Core Component/Microsoft Corporation) 0x74C00000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00980000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.deu 0x10000000
Library E:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA 0x00A00000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Process C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE (ThinkPad UltraNav Tray/Lenovo Group Limited) 2072
Library C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE (ThinkPad UltraNav Tray/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\oledlg.dll (Unterstützung für die Microsoft Windows(R) OLE 2.0-Benutzeroberfläche/Microsoft Corporation) 0x74CB0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEPRO32.DLL (Microsoft Corporation) 0x5F1A0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000

Kiesopfer

28.06.2010 08:38

Protokoll GMER Teil 13:

Process C:\WINDOWS\system32\IPSSVC.EXE (IPS Core Service/Lenovo Group Limited) 2124
Library C:\WINDOWS\system32\IPSSVC.EXE (IPS Core Service/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x10000000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003B0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\Programme\Lenovo\AwayTask\AwayDB.DLL (AWAYDB DLL/Lenovo Group Limited) 0x01000000

Process C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (On screen display drawer/Lenovo Group Limited) 2136
Library C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (On screen display drawer/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76320000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Process C:\Programme\Lenovo\Zoom\TpScrex.exe (ThinkPad UltraZoom/Lenovo Group Limited) 2172
Library C:\Programme\Lenovo\Zoom\TpScrex.exe (ThinkPad UltraZoom/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\DDRAW.dll (Microsoft DirectDraw/Microsoft Corporation) 0x736D0000
Library C:\WINDOWS\system32\DCIMAN32.dll (DCI Manager/Microsoft Corporation) 0x73B30000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003C0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000

Process C:\Programme\Synaptics\SynTP\SynTPLpr.exe (TouchPad Driver Helper Application/Synaptics, Inc.) 2188
Library C:\Programme\Synaptics\SynTP\SynTPLpr.exe (TouchPad Driver Helper Application/Synaptics, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003B0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\SynCOM.dll (SynCOM/Synaptics, Inc.) 0x10000000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Process C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Access Connections Profile Manager Service/Lenovo ) 2216
Library C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Access Connections Profile Manager Service/Lenovo ) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll (Access Connections Location Settings Module/Lenovo ) 0x0A000000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll (Access Connections Profile Manager Module/Lenovo ) 0x08000000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll (Access Connections Crypt Helper Module/Lenovo ) 0x10000000
Library C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll (Access Connections Helper Module/Lenovo ) 0x00360000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\Programme\ThinkPad\ConnectUtilities\ACON.dll (Access Connections ACON Module/Lenovo ) 0x09000000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00380000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\RASAPI32.dll (RAS-API/Microsoft Corporation) 0x76EA0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E50000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telefonie-API-Client-DLL/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E40000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll (Access Connections Turin Support Module/Lenovo ) 0x00390000
Library C:\Programme\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll (ThinkVantage Access Connections SMBIOS Helper Module/Lenovo) 0x003A0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll (Access Connections Adapters Info Module/Lenovo ) 0x00E10000
Library C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll (Access Connections Location Migration Module/Lenovo ) 0x00E40000
Library C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll (Access Connections Thin QCon Module/Lenovo ) 0x00E60000

Process C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe (ThinkPad FnF6 Resident Module/Lenovo Group Limited) 2324
Library C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe (ThinkPad FnF6 Resident Module/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003C0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Process C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 2424
Library C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x789E0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78520000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76320000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\Programme\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH) 0x10000000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x78480000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\MFC90DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00BB0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library c:\programme\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH) 0x00E40000
Library c:\programme\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH) 0x00ED0000
Library c:\programme\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH) 0x00EF0000
Library c:\programme\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH) 0x00F50000
Library c:\programme\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x00F70000
Library c:\programme\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH) 0x00FA0000
Library c:\programme\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH) 0x00FF0000
Library c:\programme\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH) 0x01010000
Library c:\programme\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH) 0x01070000
Library c:\programme\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH) 0x01090000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x014E0000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x01510000

Process C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.) 2472
Library C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00380000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000

Process c:\programme\lenovo\system update\suservice.exe (ThinkVantage System Update Service/Lenovo Group Limited) 2528
Library c:\programme\lenovo\system update\suservice.exe (ThinkVantage System Update Service/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\mscoree.dll (Microsoft .NET Runtime Execution Engine/Microsoft Corporation) 0x79000000
Library C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00770000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft .NET Runtime Common Language Runtime - WorkStation/Microsoft Corporation) 0x79E70000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\shell32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll (Microsoft Common Language Runtime Class Library/Microsoft Corporation) 0x790C0000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll (.NET Framework/Microsoft Corporation) 0x7A440000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll (.NET Framework/Microsoft Corporation) 0x67A20000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll (Microsoft .NET Runtime Just-In-Time Compiler/Microsoft Corporation) 0x79060000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll (Microsoft .NET Security module/Microsoft Corporation) 0x64020000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x01070000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\userenv.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\cryptnet.dll (Crypto Network Related API/Microsoft Corporation) 0x76580000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\SensApi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x72240000
Library C:\WINDOWS\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D5C0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library c:\programme\lenovo\system update\TvsuServiceCommon.dll ( / ) 0x037C0000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll (.NET Framework/Microsoft Corporation) 0x637A0000
Library C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll (.NET Framework/Microsoft Corporation) 0x039C0000

Process C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Catalyst Control Center: Monitoring program/Advanced Micro Devices Inc.) 2564
Library C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Catalyst Control Center: Monitoring program/Advanced Micro Devices Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\mscoree.dll (Microsoft .NET Runtime Execution Engine/Microsoft Corporation) 0x79000000
Library C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft .NET Runtime Common Language Runtime - WorkStation/Microsoft Corporation) 0x79E70000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\shell32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll (Microsoft Common Language Runtime Class Library/Microsoft Corporation) 0x790C0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll (Microsoft .NET Runtime Just-In-Time Compiler/Microsoft Corporation) 0x79060000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll (.NET Framework/Microsoft Corporation) 0x7A440000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll (.NET Framework/Microsoft Corporation) 0x7ADE0000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll (.NET Framework/Microsoft Corporation) 0x7AFD0000
Library C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3236.39115__90ba9c70f846762e\MOM.Implementation.dll (MOM Implementation/Advanced Micro Devices Inc.) 0x61600000
Library C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3127.31108__90ba9c70f846762e\LOG.Foundation.dll (LOG Foundation Static/Advanced Micro Devices Inc.) 0x60C00000
Library C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3127.31119__90ba9c70f846762e\LOG.Foundation.Private.dll (LOG Foundation Dynamic/Advanced Micro Devices Inc.) 0x61200000
Library C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3236.39114__90ba9c70f846762e\LOG.Foundation.Implementation.dll (LOG Foundation Implementation/Advanced Micro Devices Inc.) 0x60E00000
Library C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3127.31130__90ba9c70f846762e\MOM.Foundation.dll (MOM Foundation/Advanced Micro Devices Inc.) 0x61400000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3127.31132__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll (LOG Foundation Implementation Private SDK/Advanced Micro Devices Inc.) 0x61000000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll (Microsoft .NET Runtime Object Remoting/Microsoft Corporation) 0x67770000
Library C:\WINDOWS\system32\shfolder.dll (Shell Folder Service/Microsoft Corporation) 0x76730000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x03BD0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll (System.Web.dll/Microsoft Corporation) 0x65F20000
Library C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3236.39115__90ba9c70f846762e\CCC.Implementation.dll (CCC Application Implementation/Advanced Micro Devices Inc.) 0x51400000
Library C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3127.31110__90ba9c70f846762e\NEWAEM.Foundation.dll (AEM Foundation/Advanced Micro Devices Inc.) 0x61A00000

Kiesopfer

28.06.2010 08:39

Protokoll GMER Teil 14:

Process C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple, Inc.) 2572
Library C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket-32-Bit-DLL/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000

Process C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Bluetooth Tray Application/Broadcom Corporation.) 2616
Library C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Bluetooth Tray Application/Broadcom Corporation.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\wbtapi.dll (WBTApi DLL/Broadcom Corporation.) 0x10000000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\MFC42.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x73D30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\RASAPI32.dll (RAS-API/Microsoft Corporation) 0x76EA0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E50000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telefonie-API-Client-DLL/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E40000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\btosif.dll (BTOSIF DLL/Broadcom Corporation.) 0x00380000
Library C:\WINDOWS\system32\btwhidcs.DLL (Bluetooth HID Power Control Suite dll/Broadcom Corporation.) 0x003A0000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\Programme\ThinkPad\Bluetooth Software\BtBalloon.dll (Balloon Tooltip Routine DLL/Broadcom Corporation.) 0x003F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC42LOC.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x61DC0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00CF0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\btrez.dll (btrez DLL/Broadcom Corporation.) 0x00F20000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\btwicons.dll 0x012C0000
Library C:\Programme\ThinkPad\Bluetooth Software\btkeyind.dll 0x00270000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x01990000
Library C:\WINDOWS\system32\hid.dll (Hid User Library/Microsoft Corporation) 0x68D90000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000

Process C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (hpotdd01/Hewlett-Packard) 2636
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (hpotdd01/Hewlett-Packard) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll (hpodvd08/Hewlett-Packard) 0x10000000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll (HP CUE Context Manager Objects/Hewlett-Packard Co.) 0x01060000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000

Process C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (DKSERVICE.EXE/Diskeeper Corporation) 2680
Library C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (DKSERVICE.EXE/Diskeeper Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\Programme\Diskeeper Corporation\Diskeeper\DkLib.dll (DKLIB.LIB/Diskeeper Corporation) 0x10000000
Library C:\WINDOWS\system32\MPR.dll (Router-DLL für Mehrfachanbieter/Microsoft Corporation) 0x71A80000
Library C:\Programme\Diskeeper Corporation\Diskeeper\Tab.dll (TAB/Executive Software International, Inc.) 0x00360000
Library C:\Programme\Diskeeper Corporation\Diskeeper\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\Programme\Diskeeper Corporation\Diskeeper\GetFATExtents.dll (GETFATEXTENTS.DLL/Diskeeper Corporation) 0x00380000
Library C:\WINDOWS\system32\pdh.dll (Windows Unterstützungs-DLL für Leistungsdaten/Microsoft Corporation) 0x74C30000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x745D0000
Library C:\WINDOWS\system32\odbcbcp.dll (Microsoft BCP for ODBC/Microsoft Corporation) 0x66B40000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\Programme\Diskeeper Corporation\Diskeeper\1031\DkRes.dll (DKRES.DLL/Diskeeper Corporation) 0x009A0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Ressourcen/Microsoft Corporation) 0x1F840000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00B50000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\Programme\Diskeeper Corporation\Diskeeper\DkTabProvider.dll (DKTABPROVIDER.EXE/Diskeeper Corporation) 0x01210000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\netfxperf.dll (Extensible Performance Counter Shim/Microsoft Corporation) 0x60630000
Library C:\WINDOWS\system32\mscoree.dll (Microsoft .NET Runtime Execution Engine/Microsoft Corporation) 0x79000000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll (Microsoft performance counter extension for .NET Runtime/Microsoft Corporation) 0x640D0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft .NET Runtime Common Language Runtime - WorkStation/Microsoft Corporation) 0x79E70000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll (Microsoft Common Language Runtime - Performance Counter DLL/Microsoft Corporation) 0x60310000
Library C:\WINDOWS\system32\aspperf.dll (Active Server Pages Performance Monitor DLL/Microsoft Corporation) 0x70E30000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll (Microsoft ASP.NET Performance Counter DLL/Microsoft Corporation) 0x60080000
Library C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll (aspnet_isapi.lib/Microsoft Corporation) 0x02150000
Library C:\WINDOWS\System32\query.dll (Inhaltsindex Dienstprogramm-DLL/Microsoft Corporation) 0x7D9B0000
Library C:\WINDOWS\system32\infoctrs.dll (Allgemeine Leistungsindikatoren für Internet-Informationsdienste/Microsoft Corporation) 0x66AC0000
Library C:\WINDOWS\system32\INFOADMN.dll (Internet Info Server Admin Client API Stubs/Microsoft Corporation) 0x66B20000
Library C:\WINDOWS\system32\IisRTL.DLL (IIS RunTime Library/Microsoft Corporation) 0x5D230000
Library C:\WINDOWS\system32\snprfdll.DLL (Transport Perfmon Counter DLL/Microsoft Corporation) 0x02470000
Library C:\WINDOWS\system32\STAXMEM.dll (Microsoft Exchange Server Memory Management DLL/Microsoft Corporation) 0x5C160000
Library C:\WINDOWS\system32\perfdisk.dll (DLL für Windows-Datenträgerleistungsobjekte/Microsoft Corporation) 0x5EB60000
Library C:\WINDOWS\system32\perfnet.dll (DLL für Leistungsobjekte des Windows-Netzwerkdienstes/Microsoft Corporation) 0x5EB50000
Library C:\WINDOWS\system32\perfos.dll (DLL für Windows-Systemleistungsobjekte/Microsoft Corporation) 0x5EB30000
Library C:\WINDOWS\System32\rsvpperf.dll (Microsoft® Windows(TM) RSVP Performance Monitor/Microsoft Corporation) 0x5D7C0000
Library C:\WINDOWS\system32\smtpctrs.DLL (Systemleistungs-DLL des SMTP-Dienstes/Microsoft Corporation) 0x6B230000
Library C:\WINDOWS\system32\SMTPAPI.dll (SMTP Service Client API Stubs/Microsoft Corporation) 0x4C150000
Library C:\WINDOWS\system32\winspool.drv (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\tapiperf.dll (Microsoft® Windows(TM) Telephony Performance Monitor/Microsoft Corporation) 0x5BB60000
Library C:\WINDOWS\system32\Perfctrs.dll (Leistungsindikatoren/Microsoft Corporation) 0x5EB70000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D00000
Library C:\WINDOWS\system32\ACTIVEDS.dll (ADs Router-Ebene-DLL/Microsoft Corporation) 0x77C90000
Library C:\WINDOWS\system32\adsldpc.dll (DLL für ADs LDAP Provider C/Microsoft Corporation) 0x76DD0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76AD0000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E40000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\perfts.dll (Windows 2000 Terminal Services Performance Objects/Microsoft Corporation) 0x5EB10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\UTILDLL.dll (Unterstützungs-DLL für Verbindungen /Microsoft Corporation) 0x5B130000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telefonie-API-Client-DLL/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\w3ctrs.dll (Leistungsindikatoren für WWW-Dienst/Microsoft Corporation) 0x5AE60000
Library C:\WINDOWS\system32\wbem\wmiaprpl.dll (WMI Performance Reverse Adapter/Microsoft Corporation) 0x59D20000
Library C:\WINDOWS\system32\loadperf.dll (Lade- und Entlademodul für Leistungsindikatoren/Microsoft Corporation) 0x72ED0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75210000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000

Process C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (HP OfficeJet COM Device Objects/Hewlett-Packard Co.) 2736
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (HP OfficeJet COM Device Objects/Hewlett-Packard Co.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket-32-Bit-DLL/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00C80000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll (HP CUE Context Manager Objects/Hewlett-Packard Co.) 0x10000000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll (HP OfficeJet COM Base Device Objects/Hewlett-Packard Co.) 0x01160000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll (HP CUE/AiO Context Information Objects/Hewlett-Packard Co.) 0x14200000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x14480000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposcn08.dll (HP AiO Fax Scanner/Hewlett-Packard Co.) 0x14800000
Library C:\WINDOWS\system32\STI.dll (Digitalbildgeräte-Client-DLL/Microsoft Corporation) 0x73B10000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoSCN08.rsc (Fax Scanner resource DLL/Hewlett-Packard Co.) 0x012B0000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Co.) 0x14400000
Library C:\WINDOWS\system32\WTSAPI32.DLL (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\hpzidr12.dll (IEEE-1284.4-1999 Run-time library (kernel)/HP) 0x012C0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x76970000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/HP) 0x01630000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x01900000

Kiesopfer

28.06.2010 08:41

Protokoll GMER Teil 15:

Process C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) 2844
Library C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\mscoree.dll (Microsoft .NET Runtime Execution Engine/Microsoft Corporation) 0x79000000
Library C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00770000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft .NET Runtime Common Language Runtime - WorkStation/Microsoft Corporation) 0x79E70000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\shell32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll (Microsoft Common Language Runtime Class Library/Microsoft Corporation) 0x790C0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll (.NET Framework/Microsoft Corporation) 0x7A440000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe (PresentationFontCache.exe/Microsoft Corporation) 0x30000000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll (.NET Framework/Microsoft Corporation) 0x67A20000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll (WindowsBase.dll/Microsoft Corporation) 0x577B0000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll (PresentationCore.dll/Microsoft Corporation) 0x545E0000
Library C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll (wpfgfx_v0300.dll/Microsoft Corporation) 0x54000000
Library C:\WINDOWS\system32\shfolder.dll (Shell Folder Service/Microsoft Corporation) 0x76730000
Library C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll (.NET Framework/Microsoft Corporation) 0x010F0000

Process C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (HP OfficeJet COM Event Manager/Hewlett-Packard Co.) 2852
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (HP OfficeJet COM Event Manager/Hewlett-Packard Co.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00C30000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll (HP CUE Context Manager Objects/Hewlett-Packard Co.) 0x10000000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x76970000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll (HP CUE/AiO Context Information Objects/Hewlett-Packard Co.) 0x14200000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x14480000

Process C:\WINDOWS\system32\inetsrv\inetinfo.exe (Internet-Informationsdienste/Microsoft Corporation) 3172
Library C:\WINDOWS\system32\inetsrv\inetinfo.exe (Internet-Informationsdienste/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\IisRTL.DLL (IIS RunTime Library/Microsoft Corporation) 0x5D230000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x006C0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\inetsrv\rpcref.dll (Microsoft Internet Information Services RPC helper library/Microsoft Corporation) 0x00190000
Library C:\WINDOWS\system32\inetsrv\iisadmin.dll (Metadata and Admin Service/Microsoft Corporation) 0x671A0000
Library C:\WINDOWS\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x75360000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76AD0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\inetsrv\COADMIN.dll (DLL für IIS CoAdmin/Microsoft Corporation) 0x6EC80000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\ADMWPROX.dll (IIS Admin Com API Proxy dll/Microsoft Corporation) 0x71480000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x009C0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\inetsrv\metadata.dll (DLL für IIS-Metabasis/Microsoft Corporation) 0x62060000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\inetsrv\nsepm.dll (IIS-NSEP-Zuordnungs-DLL/Microsoft Corporation) 0x5F6E0000
Library C:\WINDOWS\system32\IISMAP.dll (Microsoft IIS-Zuordnungsprogramm/Microsoft Corporation) 0x66E90000
Library C:\WINDOWS\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\es.dll (Microsoft Corporation) 0x776E0000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\inetsrv\wamreg.dll (WAM Registration DLL /Microsoft Corporation) 0x5AB70000
Library C:\WINDOWS\system32\inetsrv\admexs.dll (IIS AdminEx sample DLL/Microsoft Corporation) 0x714B0000
Library C:\WINDOWS\system32\inetsrv\svcext.dll (IISAdmin-Dienste Erweiterungs-DLL/Microsoft Corporation) 0x5BFB0000
Library C:\WINDOWS\system32\Security.dll (Security Support Provider Interface/Microsoft Corporation) 0x71F10000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\inetsrv\SMTPSVC.dll (SMTP-Dienst/Microsoft Corporation) 0x4FAC0000
Library C:\WINDOWS\system32\inetsrv\INFOCOMM.dll (Microsoft Internet Information Services Helper library/Microsoft Corporation) 0x5E1A0000
Library C:\WINDOWS\system32\inetsrv\ISATQ.dll (Asynchronous Thread Queue/Microsoft Corporation) 0x66370000
Library C:\WINDOWS\system32\inetsrv\IISFECNV.dll (Microsoft FE Character Set Conversion Library/Microsoft Corporation) 0x66EF0000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket-32-Bit-DLL/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\FCACHDLL.dll (FCACHDLL/Microsoft Corporation) 0x00920000
Library C:\WINDOWS\system32\RWNH.dll (RWNH /Microsoft Corporation) 0x4CCA0000
Library C:\WINDOWS\system32\exstrace.dll (Async Trace DLL/Microsoft Corporation) 0x69960000
Library C:\WINDOWS\system32\STAXMEM.dll (Microsoft Exchange Server Memory Management DLL/Microsoft Corporation) 0x5C160000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76750000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\inetsrv\lonsint.dll (IIS NT specific library/Microsoft Corporation) 0x62E30000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\wintrust.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\inetsrv\iscomlog.dll (Microsoft IIS Common Logging Interface DLL/Microsoft Corporation) 0x66360000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\inetsrv\seo.dll (Server Extension Objects DLL/Microsoft Corporation) 0x4E890000
Library C:\WINDOWS\system32\inetsrv\aqueue.dll (Aqueue DLL/Microsoft Corporation) 0x4DB90000
Library C:\WINDOWS\system32\inetsrv\ntfsdrv.dll (NTFS Message Store DLL/Microsoft Corporation) 0x015D0000
Library C:\WINDOWS\system32\inetsrv\mailmsg.dll (Mail Message Objects DLL/Microsoft Corporation) 0x016C0000

Process C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (Catalyst Control Centre: Host application/ATI Technologies Inc.) 3292
Library C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (Catalyst Control Centre: Host application/ATI Technologies Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\mscoree.dll (Microsoft .NET Runtime Execution Engine/Microsoft Corporation) 0x79000000
Library C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft .NET Runtime Common Language Runtime - WorkStation/Microsoft Corporation) 0x79E70000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\shell32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll (Microsoft Common Language Runtime Class Library/Microsoft Corporation) 0x790C0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll (Microsoft .NET Runtime Just-In-Time Compiler/Microsoft Corporation) 0x79060000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll (.NET Framework/Microsoft Corporation) 0x7A440000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll (.NET Framework/Microsoft Corporation) 0x7ADE0000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll (.NET Framework/Microsoft Corporation) 0x7AFD0000
Library C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3236.39115__90ba9c70f846762e\CCC.Implementation.dll (CCC Application Implementation/Advanced Micro Devices Inc.) 0x51400000
Library C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3127.31108__90ba9c70f846762e\LOG.Foundation.dll (LOG Foundation Static/Advanced Micro Devices Inc.) 0x60C00000
Library C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3127.31130__90ba9c70f846762e\MOM.Foundation.dll (MOM Foundation/Advanced Micro Devices Inc.) 0x61400000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3127.31111__90ba9c70f846762e\CLI.Foundation.dll (CLI Foundation/Advanced Micro Devices Inc.) 0x5FA00000
Library C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3127.31132__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll (LOG Foundation Implementation Private SDK/Advanced Micro Devices Inc.) 0x61000000
Library C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3236.39114__90ba9c70f846762e\LOG.Foundation.Implementation.dll (LOG Foundation Implementation/Advanced Micro Devices Inc.) 0x60E00000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll (Microsoft .NET Runtime Object Remoting/Microsoft Corporation) 0x67770000
Library C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3127.31119__90ba9c70f846762e\LOG.Foundation.Private.dll (LOG Foundation Dynamic/Advanced Micro Devices Inc.) 0x61200000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x011A0000
Library C:\WINDOWS\system32\shfolder.dll (Shell Folder Service/Microsoft Corporation) 0x76730000
Library C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3236.39115__90ba9c70f846762e\MOM.Implementation.dll (MOM Implementation/Advanced Micro Devices Inc.) 0x61600000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3236.39012__90ba9c70f846762e\CLI.Component.SkinFactory.dll (SkinFactory/Advanced Micro Devices Inc.) 0x5F000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3127.31186__90ba9c70f846762e\CLI.Foundation.XManifest.dll (CLI Foundation XManifest/Advanced Micro Devices Inc.) 0x5FE00000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll (.NET Framework/Microsoft Corporation) 0x637A0000
Library C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll (Microsoft Common Language Runtime-Klassenbibliothek/Microsoft Corporation) 0x03BD0000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3236.39010__90ba9c70f846762e\CLI.Component.Runtime.dll (Runtime Component/Advanced Micro Devices, Inc.) 0x5EC00000
Library C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3127.31114__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll (Private Foundation for Localization framework/Advanced Micro Devices, Inc.) 0x64400000
Library C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 0x03DE0000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3127.31133__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll (Runtime Shared Private/Advanced Micro Devices Inc.) 0x5EE00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3127.31115__90ba9c70f846762e\CLI.Foundation.Private.dll (CLI Foundation Private/Advanced Micro Devices Inc.) 0x5FC00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3127.31123__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll (Runtime Shared/Advanced Micro Devices Inc.) 0x64600000
Library C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll (CCCCom/Advanced Micro Devices Inc.) 0x50E00000
Library C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll (.NET Framework/Microsoft Corporation) 0x03E50000
Library C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3236.39010__90ba9c70f846762e\AEM.Server.dll (AEM Server/Advanced Micro Devices Inc.) 0x50400000
Library C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3127.31110__90ba9c70f846762e\NEWAEM.Foundation.dll (AEM Foundation/Advanced Micro Devices Inc.) 0x61A00000
Library C:\WINDOWS\system32\atiadlxx.dll (ADL/Advanced Micro Devices, Inc.) 0x10000000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) 0x03F70000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\MFC42.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x73D30000
Library C:\WINDOWS\system32\MFC42LOC.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x61DC0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x76970000
Library C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3127.31123__90ba9c70f846762e\AEM.Server.Shared.dll (AEM Server Shared/Advanced Micro Devices Inc.) 0x50600000
Library C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ( / ) 0x04250000
Library C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3236.39130__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll (AEM Event Sources Kit/Advanced Micro Devices Inc.) 0x64000000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x4EBA0000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll (DPPE Shared/Advanced Micro Devices Inc.) 0x63600000
Library C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3127.31122__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll (HK Shared/Advanced Micro Devices Inc.) 0x043E0000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll (.NET Framework/Microsoft Corporation) 0x60000000
Library C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3127.31128__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll (WinMessages Shared/Advanced Micro Devices Inc.) 0x04500000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x04620000
Library C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll (DEM Graphics I0601/ATI Technologies Inc.) 0x60600000
Library C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll (DEM Foundation/ATI Technologies Inc.) 0x60200000
Library C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3127.31135__90ba9c70f846762e\DEM.Graphics.dll (DEM Graphics/Advanced Micro Devices Inc.) 0x60400000
Library C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3236.39138__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll (Private Foundation Implementation for Localization framework/Advanced Micro Devices, Inc.) 0x64200000
Library C:\WINDOWS\system32\msimg32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76320000
Library C:\Programme\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) 0x04880000
Library C:\WINDOWS\system32\ATIDEMGX.dll (Graphics DEM/Advanced Micro Devices, Inc.) 0x51000000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll (System.Configuration.dll/Microsoft Corporation) 0x64890000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3236.39012__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll (Runtime Graphics Caste/Advanced Mirco Devices, Inc.) 0x5C400000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll (Shared Graphics Caste/Advanced Mirco Devices, Inc.) 0x5C800000
Library C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll (ACE Graphics DisplaysManager Shared/ATI Technologies Inc.) 0x50000000
Library C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3127.31134__90ba9c70f846762e\DEM.OS.I0602.dll (DEM.OS.I0602/Advanced Micro Devices Inc.) 0x60A00000
Library C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3127.31156__90ba9c70f846762e\DEM.OS.dll (DEM OS/Advanced Micro Devices Inc.) 0x60800000
Library C:\Programme\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll (DEM.Graphics.I0709/Advanced Micro Devices, Inc.) 0x05110000
Library C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll (GD source plugin shared/Advanced Micro Devices Inc.) 0x05140000
Library C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3236.39011__90ba9c70f846762e\ATIDEMOS.dll (OS DEM/Advanced Micro Devices, Inc.) 0x51200000
Library C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3127.31117__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll (AEM Actions Shared/Advanced Micro Devices Inc.) 0x63400000
Library C:\Programme\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll (DEM Graphics I0804/Advanced Micro Devices, Inc.) 0x051C0000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3236.39020__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll (Runtime Graphics Caste HotkeysHandling Aspect/Advanced Micro Devices Inc.) 0x55600000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l (Shared Graphics Caste HotkeysHandling Aspect/Advanced Micro Devices Inc.) 0x55800000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3236.39078__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll (Runtime Graphics Caste CV Aspect/Advanced Micro Devices Inc.) 0x52400000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3127.31144__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll (Runtime Shared Private Graphics Caste/Advanced Micro Devices Inc.) 0x5C600000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3127.31142__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll (Shared Graphics Caste CV Aspect/Advanced Micro Devices Inc.) 0x52600000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3127.31131__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll (Shared Custom Formats/Advanced Micro Devices Inc.) 0x51600000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3236.39063__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l (Runtime Graphics Caste DeviceProperty Aspect Shared/Advanced Micro Devices, Inc.) 0x53A00000
Library C:\Programme\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll (DEM Graphics I0805/Advanced Micro Devices, Inc.) 0x053D0000
Library C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll (DEM.Graphics.I0706/Advanced Micro Devices, Inc.) 0x053F0000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3127.31130__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll (Shared Graphics Caste Common Display Device Aspect/Advanced Micro Devices Inc.) 0x53C00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3236.39100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll (Runtime Graphics Caste CRT Aspect/Advanced Micro Devices Inc.) 0x54000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll (Shared Graphics Caste TV Aspect/Advanced Micro Devices Inc.) 0x54200000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3236.39034__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll (Runtime Graphics Caste Display Colour 2/Advanced Micro Devices Inc.) 0x54800000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l (Shared Graphics Caste Display Colour 2 Aspect/Advanced Micro Devices Inc.) 0x54A00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3236.39075__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll (Runtime Graphics Caste Display Option Aspect/Advanced Micro Devices Inc.) 0x55200000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3127.31141__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l (Shared Graphics Caste Display Option Aspect/Advanced Micro Devices Inc.) 0x55400000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3236.39065__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll (Runtime Graphics Caste CRT Aspect/Advanced Micro Devices Inc.) 0x51E00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll (Shared Graphics Caste CRT Aspect/Advanced Micro Devices Inc.) 0x52000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3236.39077__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll (Runtime Graphics Caste LCD Aspect/Advanced Micro Devices, Inc.) 0x53200000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll (Shared Graphics Caste LCD Aspect/Advanced Micro Devices Inc.) 0x53400000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3236.39064__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll (Runtime Graphics Caste DFP Aspect/Advanced Micro Devices, Inc.) 0x52C00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3127.31139__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll (Shared Graphics Caste DFP Aspect/Advanced Micro Devices Inc.) 0x52E00000
Library C:\Programme\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll (DEM Graphics I0712/Advanced Micro Devices, Inc.) 0x63200000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3236.39084__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll (Runtime Graphics Caste R300/R400 Radeon3D Aspect/Advanced Micro Devices Inc.) 0x59C00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll (Shared Graphics Caste R300/R400 Radeon3D Aspect/Advanced Micro Devices Inc.) 0x59E00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3236.39065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll (Runtime Graphics Caste MM Video Aspect/Advanced Micro Devices Inc.) 0x56A00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll (Shared Graphics Caste MM Video Aspect/Advanced Micro Devices Inc.) 0x56C00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3236.39078__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll (Runtime Graphics Caste PowerPlay3 Aspect/Advanced Micro Devices Inc.) 0x59000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3127.31142__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll (Shared Graphics Caste PowerPlay3 Aspect/Advanced Micro Devices Inc.) 0x59200000
Library C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3236.39009__90ba9c70f846762e\APM.Server.dll (APM Server/Advanced Micro Devices, Inc.) 0x54E00000
Library C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3127.31130__90ba9c70f846762e\APM.Foundation.dll (APM Foundation/Advanced Micro Devices Inc.) 0x50C00000
Library C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll (System.Web.dll/Microsoft Corporation) 0x65F20000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3236.39109__90ba9c70f846762e\CLI.Component.Systemtray.dll (SystemTray Component/Advanced Micro Devices Inc.) 0x5F200000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3127.31126__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll (Client Shared Private/Advanced Micro Devices, Inc.) 0x5D200000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3236.39024__90ba9c70f846762e\CLI.Component.Wizard.dll (Wizard Component/Advanced Micro Devices, Inc.) 0x5F400000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3236.39010__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll (EEU Runtime Extension/Advanced Micro Devices Inc.) 0x059A0000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3127.31118__90ba9c70f846762e\CLI.Component.Client.Shared.dll (Client Shared/Advanced Micro Devices Inc.) 0x5D000000
Library C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3127.31131__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll (EEU source plugin shared/Advanced Micro Devices Inc.) 0x05A70000
Library C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll 0x11000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll (Wizard Component Shared Types/Advanced Micro Devices Inc.) 0x5F600000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3127.31132__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll (Wizard Component Shared Private Types/Advanced Micro Devices Inc.) 0x5F800000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3236.39109_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll (SystemTray Component/Advanced Micro Devices Inc.) 0x05BB0000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3236.39025__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll (Wizard Graphics Caste/Advanced Micro Devices Inc.) 0x5CA00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll (Wizard Graphics Shared Caste/Advanced Micro Devices Inc.) 0x5CC00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3236.39121__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll (Dashboard Local Caste TransCode Wizard/Advanced Micro Devices Inc.) 0x5AA00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3236.39085__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll (Wizard Graphics Caste R300/R400 Radeon3D Aspect/Advanced Micro Devices Inc.) 0x5A000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3236.39029__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l (Wizard DisplaysManager Aspect/Advanced Micro Devices Inc.) 0x05DA0000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3236.39030__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll (Wizard Graphics Caste InfoCentre Aspect/Advanced Micro Devices Inc.) 0x56000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3127.31156__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll (Dashboard Local Caste TransCode Shared/Advanced Micro Devices Inc.) 0x5A800000
Library C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ( / ) 0x06230000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3236.39094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll (Wizard Graphics Caste MM Video Aspect/Advanced Micro Devices Inc.) 0x56E00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3236.39035__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll (Wizard DeviceLCD Aspect/Advanced Micro Devices Inc.) 0x53600000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3236.39016__90ba9c70f846762e\CLI.Component.Dashboard.dll (Dashboard Component/Advanced Micro Devices, Inc.) 0x05BD0000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3127.31121__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll (Dashboard Component Shared Types/Advanced Micro Devices Inc.) 0x06630000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3127.31129__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll (Dashboard Component Shared Private Types/Advanced Micro Devices Inc.) 0x5E000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3236.39016_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll (Dashboard Component/Advanced Micro Devices, Inc.) 0x06660000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3236.39020__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll (Dashboard Graphics Caste/Advanced Micro Devices Inc.) 0x5C000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3127.31135__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll (Dashboard Graphics Shared Caste/Advanced Micro Devices Inc.) 0x5C200000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3236.39122__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll (Dashboard Graphics Caste Welcome Aspect/Advanced Mirco Devices, Inc.) 0x5B800000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3236.39030__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll (Dashboard Graphics Caste InfoCentre Aspect/Advanced Micro Devices Inc.) 0x55A00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3236.39021__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll (Dashboard Graphics Caste Display Manager Aspect/Advanced Micro Devices Inc.) 0x54C00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3236.39076__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll (Dashboard Graphics Caste Display Options Aspect/Advanced Micro Devices Inc.) 0x55000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3236.39064__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll (Dashboard Graphics Caste CRT Aspect/Advanced Micro Devices Inc.) 0x51C00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3236.39077__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll (Dashboard Graphics Caste LCD Aspect/Advanced Micro Devices, Inc.) 0x53000000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3236.39059__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll (Dashboard Graphics Caste DFP Aspect/Advanced Micro Devices, Inc.) 0x52A00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3236.39084__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll (Dashboard Graphics Caste R300/R400 Radeon3D Aspect/Advanced Micro Devices Inc.) 0x59A00000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3236.39031__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll (Dashboard Graphics Display Colour 2 Aspect/Advanced Micro Devices Inc.) 0x54600000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3236.39066__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll (Dashboard Graphics Caste MM Video Aspect/Advanced Micro Devices Inc.) 0x069C0000
Library C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3236.39078__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll (Dashboard Graphics Caste PowerPlay3 Aspect/Advanced Micro Devices Inc.) 0x58E00000

Kiesopfer

28.06.2010 08:42

Protokoll Gmer Teil 16:

Process C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 3300
Library C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\Programme\Java\jre6\bin\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00790000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\psapi.dll (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\pdh.dll (Windows Unterstützungs-DLL für Leistungsdaten/Microsoft Corporation) 0x74C30000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x745D0000
Library C:\WINDOWS\system32\odbcbcp.dll (Microsoft BCP for ODBC/Microsoft Corporation) 0x66B40000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Ressourcen/Microsoft Corporation) 0x1F840000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\netfxperf.dll (Extensible Performance Counter Shim/Microsoft Corporation) 0x60630000
Library C:\WINDOWS\system32\mscoree.dll (Microsoft .NET Runtime Execution Engine/Microsoft Corporation) 0x79000000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll (Microsoft performance counter extension for .NET Runtime/Microsoft Corporation) 0x640D0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft .NET Runtime Common Language Runtime - WorkStation/Microsoft Corporation) 0x79E70000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll (Microsoft Common Language Runtime - Performance Counter DLL/Microsoft Corporation) 0x60310000
Library C:\WINDOWS\system32\aspperf.dll (Active Server Pages Performance Monitor DLL/Microsoft Corporation) 0x70E30000
Library C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll (Microsoft ASP.NET Performance Counter DLL/Microsoft Corporation) 0x60080000
Library C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll (aspnet_isapi.lib/Microsoft Corporation) 0x01550000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\System32\query.dll (Inhaltsindex Dienstprogramm-DLL/Microsoft Corporation) 0x7D9B0000
Library C:\WINDOWS\system32\infoctrs.dll (Allgemeine Leistungsindikatoren für Internet-Informationsdienste/Microsoft Corporation) 0x66AC0000
Library C:\WINDOWS\system32\INFOADMN.dll (Internet Info Server Admin Client API Stubs/Microsoft Corporation) 0x66B20000
Library C:\WINDOWS\system32\IisRTL.DLL (IIS RunTime Library/Microsoft Corporation) 0x5D230000
Library C:\WINDOWS\system32\snprfdll.DLL (Transport Perfmon Counter DLL/Microsoft Corporation) 0x01870000
Library C:\WINDOWS\system32\STAXMEM.dll (Microsoft Exchange Server Memory Management DLL/Microsoft Corporation) 0x5C160000
Library C:\WINDOWS\system32\perfdisk.dll (DLL für Windows-Datenträgerleistungsobjekte/Microsoft Corporation) 0x5EB60000
Library C:\WINDOWS\system32\perfnet.dll (DLL für Leistungsobjekte des Windows-Netzwerkdienstes/Microsoft Corporation) 0x5EB50000
Library C:\WINDOWS\system32\NetApi32.Dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\perfos.dll (DLL für Windows-Systemleistungsobjekte/Microsoft Corporation) 0x5EB30000
Library C:\WINDOWS\System32\rsvpperf.dll (Microsoft® Windows(TM) RSVP Performance Monitor/Microsoft Corporation) 0x5D7C0000
Library C:\WINDOWS\system32\smtpctrs.DLL (Systemleistungs-DLL des SMTP-Dienstes/Microsoft Corporation) 0x6B230000
Library C:\WINDOWS\system32\SMTPAPI.dll (SMTP Service Client API Stubs/Microsoft Corporation) 0x4C150000
Library C:\WINDOWS\system32\winspool.drv (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\tapiperf.dll (Microsoft® Windows(TM) Telephony Performance Monitor/Microsoft Corporation) 0x5BB60000
Library C:\WINDOWS\system32\Perfctrs.dll (Leistungsindikatoren/Microsoft Corporation) 0x5EB70000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D00000
Library C:\WINDOWS\system32\ACTIVEDS.dll (ADs Router-Ebene-DLL/Microsoft Corporation) 0x77C90000
Library C:\WINDOWS\system32\adsldpc.dll (DLL für ADs LDAP Provider C/Microsoft Corporation) 0x76DD0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76AD0000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E40000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\perfts.dll (Windows 2000 Terminal Services Performance Objects/Microsoft Corporation) 0x5EB10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\UTILDLL.dll (Unterstützungs-DLL für Verbindungen /Microsoft Corporation) 0x5B130000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telefonie-API-Client-DLL/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\w3ctrs.dll (Leistungsindikatoren für WWW-Dienst/Microsoft Corporation) 0x5AE60000
Library C:\WINDOWS\system32\wbem\wmiaprpl.dll (WMI Performance Reverse Adapter/Microsoft Corporation) 0x59D20000
Library C:\WINDOWS\system32\loadperf.dll (Lade- und Entlademodul für Leistungsindikatoren/Microsoft Corporation) 0x72ED0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75210000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000

Process C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Machine Debug Manager/Microsoft Corporation) 3468
Library C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Machine Debug Manager/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\1031\mdmui.dll (MDM-Ressourcen/Microsoft Corporation) 0x51810000
Library C:\WINDOWS\system32\psapi.dll (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00F40000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 3528
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00760000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library c:\windows\system32\wiaservc.dll (Digitalbildgerätedienst/Microsoft Corporation) 0x75B50000
Library c:\windows\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library c:\windows\system32\setupapi.DLL (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library c:\windows\system32\mscms.dll (Microsoft Color Matching System DLL/Microsoft Corporation) 0x73AA0000
Library c:\windows\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library c:\windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library c:\windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00910000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\actxprxy.dll (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x71CC0000
Library C:\WINDOWS\system32\sti.dll (Digitalbildgeräte-Client-DLL/Microsoft Corporation) 0x73B10000

Process C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (ThinkVantage Registry Monitor Service/Lenovo Group Limited) 3580
Library C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (ThinkVantage Registry Monitor Service/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x010E0000

Kiesopfer

28.06.2010 08:43

Protokoll GMER Teil 17:

Process C:\WINDOWS\System32\TPHDEXLG.exe (ThinkVantage Active Protection System - HDD Logger Module/Lenovo.) 3696
Library C:\WINDOWS\System32\TPHDEXLG.exe (ThinkVantage Active Protection System - HDD Logger Module/Lenovo.) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\System32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74A50000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00710000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\System32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000

Process C:\WINDOWS\system32\TpKmpSVC.exe 3760
Library C:\WINDOWS\system32\TpKmpSVC.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000

Process C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (tvttcsd Application/IBM) 3792
Library C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (tvttcsd Application/IBM) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000
Library C:\WINDOWS\system32\TPMDDL.dll (Atmel TDDL (x86)/Atmel, Inc.) 0x10000000

Process C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Rescue and Recovery Backup Service/Lenovo Group Limited) 3880
Library C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Rescue and Recovery Backup Service/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\Programme\Lenovo\Rescue and Recovery\rr_res.dll (Language DLL/Lenovo Limited Group Corporation) 0x10000000
Library C:\WINDOWS\system32\MFC71U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x00600000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\Programme\Lenovo\Rescue and Recovery\pui.dll (pui DLL/Lenovo Limited Group Corporation) 0x00360000
Library C:\Programme\Lenovo\Rescue and Recovery\ui.dll (ui DLL/Lenovo Group Limited) 0x00710000
Library C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll 0x00740000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\comdlg32.dll (DLL für gemeinsame Dialoge/Microsoft Corporation) 0x76350000
Library C:\Programme\Lenovo\Rescue and Recovery\zlib.dll (zlib data compression library/Lenovo Group Limited) 0x00770000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC71DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\sensapi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x72240000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00E70000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x01560000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000

Process C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (ThinkVantage Scheduler/Lenovo Group Limited) 3992
Library C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (ThinkVantage Scheduler/Lenovo Group Limited) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\IMM32.dll (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC71U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x00520000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\WINDOWS\system32\MFC71DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\sensapi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x72240000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x01100000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\es.dll (Microsoft Corporation) 0x776E0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000

Process C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe 4040
Library C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000

Process C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe 4088
Library C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL (ATL Module for Windows (Unicode)/Microsoft Corporation) 0x7C630000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x782E0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x007C0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL 0x10000000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\Sensor.dll (ThinkVantage Active Protection System - Shock Sensor Module/Lenovo.) 0x00A00000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00B10000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\es.dll (Microsoft Corporation) 0x776E0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x76970000

Kiesopfer

28.06.2010 08:43

Protokoll GMER Teil 18:

Process C:\WINDOWS\system32\wbem\wmiapsrv.exe (WMI-Leistungsadapter-Dienst/Microsoft Corporation) 4148
Library C:\WINDOWS\system32\wbem\wmiapsrv.exe (WMI-Leistungsadapter-Dienst/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\loadperf.dll (Lade- und Entlademodul für Leistungsindikatoren/Microsoft Corporation) 0x72ED0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75210000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00860000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\wbem\WMIApRes.dll (Ressourcen für den WMI-Leistungsreverseadapter/Microsoft Corporation) 0x001A0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA-Anbieter/Microsoft Corporation) 0x77660000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00A10000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74E70000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74E50000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75620000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76750000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x74FA0000
Library C:\WINDOWS\system32\wbem\wmiprov.dll (WMI/Microsoft Corporation) 0x72E90000
Library C:\WINDOWS\system32\WMI.dll (WMI DC and DP functionality/Microsoft Corporation) 0x76CF0000

Process C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe (HP OfficeJet Status/Hewlett-Packard Co.) 4184
Library C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe (HP OfficeJet Status/Hewlett-Packard Co.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqtap08.dll (TAPAS Link Server/Hewlett-Packard Co.) 0x10000000
Library C:\WINDOWS\system32\MFC42.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x73D30000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\MFC42LOC.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x61DC0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x00D20000
Library C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.rsc (Combined resource DLL/Hewlett-Packard Co.) 0x00D50000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1F0000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll (HP CUE Context Manager Objects/Hewlett-Packard Co.) 0x00D90000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll (HP CUE/AiO Context Information Objects/Hewlett-Packard Co.) 0x14200000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x14480000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x00EC0000
Library C:\WINDOWS\system32\WTSAPI32.DLL (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76300000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Co.) 0x14400000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket-32-Bit-DLL/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x01040000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x76970000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/HP) 0x01630000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Vertrauensverifizierungs-APIs/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\hpzidr12.dll (IEEE-1284.4-1999 Run-time library (kernel)/HP) 0x01780000

Process C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (DKICON.EXE/Diskeeper Corporation) 4824
Library C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (DKICON.EXE/Diskeeper Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003E0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\Programme\Diskeeper Corporation\Diskeeper\1031\DkRes.dll (DKRES.DLL/Diskeeper Corporation) 0x10000000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x00CC0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 4980
Library C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\System32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76AD0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\System32\WSOCK32.dll (Windows Socket-32-Bit-DLL/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\System32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\System32\MSWSOCK.DLL (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation) 0x719B0000
Library C:\WINDOWS\System32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\System32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\System32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\System32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x006C0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\System32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\System32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\System32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x009B0000
Library C:\WINDOWS\system32\hnetcfg.dll (Heimnetzwerkkonfigurations-Manager/Microsoft Corporation) 0x66710000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x719F0000

Process C:\WINDOWS\system32\wbem\wmiprvse.exe (WMI/Microsoft Corporation) 5092
Library C:\WINDOWS\system32\wbem\wmiprvse.exe (WMI/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75210000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\wbem\FastProx.dll (WMI/Microsoft Corporation) 0x75620000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76020000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76750000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5FB60000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CF00000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FD90000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation) 0x77BB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00780000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00A50000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76F90000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77010000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74E50000
Library C:\WINDOWS\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x74FA0000
Library C:\WINDOWS\system32\wbem\wmiprov.dll (WMI/Microsoft Corporation) 0x72E90000
Library C:\WINDOWS\system32\WMI.dll (WMI DC and DP functionality/Microsoft Corporation) 0x76CF0000

Kiesopfer

28.06.2010 08:44

Protokoll GMER Teil 19:

Process C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Access Connections SvcGuiHlpr Application/Lenovo ) 5260
Library C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Access Connections SvcGuiHlpr Application/Lenovo ) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll (Access Connections Location Settings Module/Lenovo ) 0x0A000000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll (Access Connections Profile Manager Module/Lenovo ) 0x08000000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll (Access Connections Crypt Helper Module/Lenovo ) 0x10000000
Library C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll (Access Connections Helper Module/Lenovo ) 0x00370000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll (Access Connections Main Service Stub Module/Lenovo ) 0x00390000
Library C:\Programme\ThinkPad\ConnectUtilities\ACGUIHlpr.dll (Access Connections GUI Helper Module/Lenovo ) 0x00430000
Library C:\WINDOWS\system32\MFC71U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x00540000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76320000
Library C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\RASDLG.dll (API für allgemeine RAS-Dialoge/Microsoft Corporation) 0x754D0000
Library C:\WINDOWS\system32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D00000
Library C:\WINDOWS\system32\ACTIVEDS.dll (ADs Router-Ebene-DLL/Microsoft Corporation) 0x77C90000
Library C:\WINDOWS\system32\adsldpc.dll (DLL für ADs LDAP Provider C/Microsoft Corporation) 0x76DD0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x597D0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP-API-DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76AD0000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E40000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71B70000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup-API/Microsoft Corporation) 0x778F0000
Library C:\WINDOWS\system32\RASAPI32.dll (RAS-API/Microsoft Corporation) 0x76EA0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E50000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper für Windows NT/Microsoft Corporation) 0x71A00000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telefonie-API-Client-DLL/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\system32\WINMM.dll (MCI API-DLL/Microsoft Corporation) 0x76AF0000
Library C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll (Access Connections Adapters Info Module/Lenovo ) 0x003C0000
Library C:\Programme\ThinkPad\ConnectUtilities\ACON.dll (Access Connections ACON Module/Lenovo ) 0x09000000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003F0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP-Hilfs-API/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74A60000
Library C:\WINDOWS\system32\CRYPT32.dll (Krypto-API32/Microsoft Corporation) 0x77A50000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77AF0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll (Access Connections Turin Support Module/Lenovo ) 0x00650000
Library C:\Programme\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll (ThinkVantage Access Connections SMBIOS Helper Module/Lenovo) 0x00660000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows-Spoolertreiber/Microsoft Corporation) 0x72F70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\MFC71DEU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000
Library C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll 0x00260000
Library C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll 0x011F0000

Process C:\Dokumente und Einstellungen\Norman\Desktop\qbron9eb.exe 5784
Library C:\Dokumente und Einstellungen\Norman\Desktop\qbron9eb.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x003B0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\COMCTL32.DLL (Common Controls Library/Microsoft Corporation) 0x5D450000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x10000000
Library C:\WINDOWS\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x00E10000
Library C:\WINDOWS\system32\VERSION.DLL (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BD0000

Process C:\WINDOWS\system32\wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 5856
Library C:\WINDOWS\system32\wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation) 0x7C910000
Library C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\USER32.dll (Client-DLL für Windows XP USER-API/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77EF0000
Library C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) 0x7E670000
Library C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation) 0x77DA0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E50000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FC0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F40000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76330000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773A0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE für Windows/Microsoft Corporation) 0x774B0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x007D0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x770F0000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2-Meldungen/Microsoft Corporation) 0x00A50000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme-Bibliothek/Microsoft Corporation) 0x5B0F0000
Library C:\WINDOWS\system32\PROCHLP.DLL (IPS Helper DLL/Lenovo Group Limited) 0x10000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x75250000

Kiesopfer

28.06.2010 08:46

Protokoll GMER Teil 20:

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS (AdvanSys SCSI Controller Driver/Microsoft Corporation) [DISABLED] abp480n5
Service C:\WINDOWS\system32\drivers\ac97intc.sys (Intel(r) Integrated Controller Hub Audio Driver/Intel Corporation) [MANUAL] ac97intc
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation) [BOOT] ACPI
Service C:\WINDOWS\system32\DRIVERS\ACPIEC.sys (ACPI Embedded Controllertreiber/Microsoft Corporation) [BOOT] ACPIEC
Service C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Access Connections Profile Manager Service/Lenovo ) [AUTO] AcPrfMgrSvc
Service C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Access Connections Main Service/Lenovo ) [AUTO] AcSvc
Service (Adobe Drive File System Driver/Adobe Systems, Inc.) [AUTO] adfs
Service C:\WINDOWS\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver(Release Candidate 1)/Analog Devices, Inc.) [MANUAL] ADIHdAudAddService
Service C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Version Cue CS4/Adobe Systems Incorporated) [MANUAL] Adobe Version Cue CS4
Service AdobeDriveCS4_NP
Service C:\WINDOWS\system32\DRIVERS\adpu160m.sys (Adaptec Ultra160 SCSI miniport/Microsoft Corporation) [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation) [MANUAL] AEAudioService
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service (Audio File System/Oak Technology Inc.) [SYSTEM] AFS2K
Service C:\WINDOWS\system32\DRIVERS\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [DISABLED] agp440
Service C:\WINDOWS\system32\DRIVERS\agpCPQ.sys (CompatNT AGP Filter/Microsoft Corporation) [DISABLED] agpCPQ
Service C:\WINDOWS\system32\DRIVERS\aha154x.sys (Adaptec AHA-154x series SCSI miniport/Microsoft Corporation) [DISABLED] Aha154x
Service C:\WINDOWS\system32\DRIVERS\aic78u2.sys (Adaptec Ultra2 SCSI miniport/Microsoft Corporation) [DISABLED] aic78u2
Service C:\WINDOWS\system32\DRIVERS\aic78xx.sys (Adaptec Ultra SCSI miniport/Microsoft Corporation) [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] AliIde
Service C:\WINDOWS\system32\DRIVERS\alim1541.sys (ALi M1541 NT AGP Filter/Microsoft Corporation) [DISABLED] alim1541
Service C:\WINDOWS\system32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [DISABLED] amdagp
Service C:\WINDOWS\system32\DRIVERS\amsint.sys (AMD SCSI/NET Controller/Microsoft Corporation) [DISABLED] amsint
Service C:\WINDOWS\System32\drivers\ANC.SYS (IBM Access Connections - ANC/IBM Corp.) [SYSTEM] ANC
Service C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple, Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:\WINDOWS\system32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [DISABLED] asc
Service C:\WINDOWS\system32\DRIVERS\asc3350p.sys (AdvanSys SCSI Card Driver/Microsoft Corporation) [DISABLED] asc3350p
Service C:\WINDOWS\system32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [DISABLED] asc3550
Service ASP
Service ASP.NET
Service ASP.NET_1.1.4322
Service ASP.NET_2.0.50727
Service Aspi32
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) [AUTO] Ati HotKey Poller
Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag
Service Atierecord
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS\system32\DRIVERS\atmeltpm.sys (Atmel TPM Driver/Atmel, Inc.) [MANUAL] atmeltpm
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb
Service (Battery Class Driver/Microsoft Corporation) BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] BITS
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\WINDOWS\system32\drivers\btaudio.sys (Bluetooth Audio Device/Broadcom Corporation.) [MANUAL] btaudio
Service C:\WINDOWS\system32\DRIVERS\btport.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation.) [MANUAL] BTDriver
Service C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.) [MANUAL] BTKRNL
Service C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Bluetooth Support Server/Broadcom Corporation.) [AUTO] btwdins
Service C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Bluetooth LAN Access Server Driver/Broadcom Corporation.) [MANUAL] BTWDNDIS
Service C:\WINDOWS\System32\Drivers\btwusb.sys (Driver for Bluetooth USB Devices/Broadcom Corporation.) [MANUAL] BTWUSB
Service C:\ComboFix\catchme.sys [MANUAL] catchme
Service C:\WINDOWS\system32\DRIVERS\cbidf2k.sys (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys (IBM Portable CD-ROM Drive Miniport/Microsoft Corporation) [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\WINDOWS\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD PCI IDE-Bustreiber/CMD Technology, Inc.) [DISABLED] CmdIde
Service C:\WINDOWS\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Compaq Drive Array Controllers SCSI Miniport Driver/Microsoft Corporation) [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [DISABLED] dac2w2k
Service C:\WINDOWS\system32\DRIVERS\dac960nt.sys (Mylex Disk Array Controller Driver/Microsoft Corporation) [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service System32\drivers\dgderdrv.sys [MANUAL] dgderdrv
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (DKSERVICE.EXE/Diskeeper Corporation) [AUTO] Diskeeper
Service C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Drive Letter Access Component/Sonic Solutions) [AUTO] DLABOIOM
Service C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Shared Driver Component/Sonic Solutions) [SYSTEM] DLACDBHM
Service C:\WINDOWS\System32\DLA\DLADResN.SYS (Drive Letter Access Component/Sonic Solutions) [AUTO] DLADResN
Service C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) [AUTO] DLAIFS_M
Service C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Drive Letter Access Component/Sonic Solutions) [AUTO] DLAOPIOM
Service C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Drive Letter Access Component/Sonic Solutions) [AUTO] DLAPoolM
Service C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Shared Driver Component/Sonic Solutions) [SYSTEM] DLARTL_N
Service C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Drive Letter Access Component/Sonic Solutions) [AUTO] DLAUDFAM
Service C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Drive Letter Access Component/Sonic Solutions) [AUTO] DLAUDF_M
Service C:\WINDOWS\System32\dmadmin.exe (LDM-Dienst (Logical Disk Manager)/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software) [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc
Service C:\WINDOWS\system32\DRIVERS\dpti2o.sys (DPT SmartRAID miniport/Microsoft Corporation) [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Device Driver/Sonic Solutions) [BOOT] DRVMCDB
Service C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Device Driver Manager/Sonic Solutions) [AUTO] DRVNDDM
Service C:\WINDOWS\system32\DRIVERS\e100b325.sys (NDIS 5-Treiber/Intel Corporation) [MANUAL] E100B
Service C:\WINDOWS\system32\DRIVERS\e1e5132.sys (Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver/Intel Corporation) [MANUAL] e1express
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\WINDOWS\SYSTEM32\EGATHDRV.SYS (IBM eGatherer Kernel Module/IBM Corporation) [AUTO] EGATHDRV
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe (Anwendung für Dienste und Controller/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service (FIPS-Verschlüsselungstreiber/Microsoft Corporation) [SYSTEM] Fips
Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Acresso Software Inc.) [MANUAL] FLEXnet Licensing Service
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [AUTO] FontCache3.0.0.0
Service C:\WINDOWS\system32\FsUsbExDisk.SYS [MANUAL] FsUsbExDisk
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS\system32\DRIVERS\G400m.sys (Matrox G400-Miniporttreiber/Matrox Graphics Inc.) [MANUAL] G400
Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD/DVD Class Filter Driver/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc
Service C:\WINDOWS\system32\DRIVERS\hpn.sys (NetRAID-4M Miniport Driver/Microsoft Corporation) [DISABLED] hpn
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWAZL
Service C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV
Service C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSXHWAZL
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service (I2O Utility Filter/Microsoft Corporation) [SYSTEM] i2omgmt
Service C:\WINDOWS\system32\DRIVERS\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) [BOOT] iaStor
Service C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys (ThinkPad Power Management Driver/Lenovo.) [MANUAL] IBMPMDRV
Service C:\WINDOWS\system32\ibmpmsvc.exe (ThinkPad Power Management Service/Lenovo.) [AUTO] IBMPMSVC
Service C:\WINDOWS\system32\Drivers\IBMBLDID.sys [SYSTEM] IBMTPCHK
Service C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\WINDOWS\system32\inetsrv\inetinfo.exe (Internet-Informationsdienste/Microsoft Corporation) [MANUAL] IISADMIN
Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe (Image-Mastering-API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service InetInfo
Service C:\WINDOWS\system32\DRIVERS\ini910u.sys (INITIO ini910u SCSI miniport/Microsoft Corporation) [DISABLED] ini910u
Service Inport
Service C:\WINDOWS\system32\DRIVERS\intelide.sys (Intel PCI IDE Treiber/Microsoft Corporation) [DISABLED] IntelIde
Service C:\WINDOWS\system32\DRIVERS\intelppm.sys (Prozessorgerätetreiber/Microsoft Corporation) [SYSTEM] intelppm
Service C:\WINDOWS\system32\drivers\ip6fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS\system32\IPSSVC.EXE (IPS Core Service/Lenovo Group Limited) [AUTO] IPSSVC
Service C:\WINDOWS\system32\DRIVERS\irda.sys (IRDA Protocol Driver/Microsoft Corporation) [AUTO] irda
Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Irmon
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (PNP-ISA-Bustreiber/Microsoft Corporation) [BOOT] isapnp
Service C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo ASPI Shell/InterVideo, Inc.) [MANUAL] Iviaspi
Service C:\Programme\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap

Kiesopfer

28.06.2010 08:46

Protokoll GMER Teil 21 (letzter Teil):

Service C:\Programme\LENOVO\HOTKEY\MICMUTE.exe (Microphone Mute Controll Service for ThinkPad/Lenovo Group Limited) [AUTO] LENOVO.MICMUTE
Service C:\WINDOWS\system32\DRIVERS\smiif32.sys (SMI Driver for Lenovo system/Lenovo Group Limited) [SYSTEM] lenovo.smi
Service LicenseService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Machine Debug Manager/Microsoft Corporation) [AUTO] MDM
Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe (NetMeeting-Remotedesktop-Freigabe/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Modemgerätetreiber/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Mausklassentreiber/Microsoft Corporation) [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys (HID-Mausfiltertreiber/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service C:\WINDOWS\system32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (Netzwerk DDE - DDE-Kommunikation/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (Netzwerk DDE - DDE-Kommunikation/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\WINDOWS\system32\DRIVERS\NETw3x32.sys (Intel® Wireless LAN Driver/Intel® Corporation) [MANUAL] NETw3x32
Service C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] NETw4x32
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\WINDOWS\system32\DRIVERS\nscirda.sys (NSC Fast Infrared Driver./National Semiconductor Corporation) [MANUAL] NSCIRDA
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service NTFSDRV
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\WINDOWS\system32\DRIVERS\parport.sys (Treiber für parallelen Anschluss/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM-Paralleltreiber/Microsoft Corporation) [DISABLED] ParVdm
Service system32\DRIVERS\pcdrndisuio.sys [MANUAL] PcdrNdisuio
Service C:\WINDOWS\system32\DRIVERS\pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Allgemeiner PCI IDE Bustreiber/Microsoft Corporation) [BOOT] PCIIde
Service C:\WINDOWS\system32\DRIVERS\pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation) [BOOT] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service C:\WINDOWS\system32\drivers\PDNMp50.sys (PCAUSA NDIS 5.0 MPR Protocol Driver/Printing Communications Assoc., Inc. (PCAUSA)) [MANUAL] PDNMp50
Service C:\WINDOWS\system32\drivers\PDNSp50.sys (PCAUSA NDIS 5.0 SPR Protocol Driver/Printing Communications Assoc., Inc. (PCAUSA)) [MANUAL] PDNSp50
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service C:\WINDOWS\system32\DRIVERS\perc2.sys (PERC 2 Miniport Driver/Microsoft Corporation) [DISABLED] perc2
Service C:\WINDOWS\system32\DRIVERS\perc2hib.sys (PERC 2 Hibernate Driver/Microsoft Corporation) [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe (Anwendung für Dienste und Controller/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\System32\drivers\pmemnt.sys (Physical Memory Driver/Microsoft Corporation) [AUTO] pmem
Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [MANUAL] Pml Driver HPZ12
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe [AUTO] Power Manager DBC Service
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys (SafeGuard® PrivateDisk Driver/Utimaco Safeware AG) [AUTO] PrivateDisk
Service C:\WINDOWS\system32\DRIVERS\PROCDD.SYS (IPS Helper Driver/Lenovo Group Limited) [AUTO] PROCDD
Service C:\WINDOWS\system32\DRIVERS\processr.sys (Prozessorgerätetreiber/Microsoft Corporation) [SYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psadd.sys (SMBIOS Driver/Lenovo (United States) Inc.) [MANUAL] psadd
Service [MANUAL] PsaSrv
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\system32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1080
Service C:\WINDOWS\system32\DRIVERS\ql10wnt.sys (Miniport Driver for QLogic ISP PCI Adapters/Microsoft Corporation) [DISABLED] Ql10wnt
Service C:\WINDOWS\system32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql12160
Service C:\WINDOWS\system32\DRIVERS\ql1240.sys (QLogic ISP PCI Adapters/Microsoft Corporation) [DISABLED] ql1240
Service C:\WINDOWS\system32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasirda.sys (IrDA WAN Miniport Driver/Microsoft Corporation) [MANUAL] Rasirda
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Microsoft® Sitzungs-Manager für Remotedesktophilfe/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Redbook-Audiofiltertreiber/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry
Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe (Smartcard-Ressourcenverwaltungsserver/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS\system32\drivers\scsiport.sys (SCSI Port Driver/Microsoft Corporation) ScsiPort
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys (Treiber für serielle Geräte/Microsoft Corporation) [SYSTEM] Serial
Service C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Shockproof Disk Driver/Lenovo.) [BOOT] Shockprf
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [DISABLED] sisagp
Service C:\WINDOWS\System32\drivers\Smapint.sys (SMAPI I/O/Microsoft Corporation) [SYSTEM] Smapint
Service C:\Programme\SMI2\smi2.sys (SMI BIOS driver/IBM Corp.) [AUTO] smi2
Service SMSvcHost 3.0.0.0
Service C:\WINDOWS\system32\inetsrv\inetinfo.exe (Internet-Informationsdienste/Microsoft Corporation) [AUTO] SMTPSVC
Service C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\WINDOWS\system32\DRIVERS\sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation) [BOOT] sr
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\system32\DRIVERS\sscebus.sys (SAMSUNG USB Composite Device V2 Driver/MCCI Corporation) [MANUAL] sscebus
Service C:\WINDOWS\system32\DRIVERS\sscemdfl.sys (SAMSUNG Mobile Modem V2 Filter Driver/MCCI Corporation) [MANUAL] sscemdfl
Service C:\WINDOWS\system32\DRIVERS\sscemdm.sys (SAMSUNG Mobile Modem V2 WDM/MCCI Corporation) [MANUAL] sscemdm
Service C:\WINDOWS\system32\DRIVERS\ssceserd.sys (SAMSUNG Mobile Modem Diagnostic Serial Port V2 Device Driver/MCCI Corporation) [MANUAL] ssceserd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service c:\programme\lenovo\system update\suservice.exe (ThinkVantage System Update Service/Lenovo Group Limited) [AUTO] SUService
Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service swwd
Service C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [DISABLED] symc810
Service C:\WINDOWS\system32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] symc8xx
Service C:\WINDOWS\system32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] sym_hi
Service C:\WINDOWS\system32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [DISABLED] sym_u3
Service C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Dienst für Leistungsdatenprotokolle und Warnungen/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service C:\WINDOWS\System32\Drivers\tcusb.sys (TouchChip USB Kernel Driver/UPEK Inc.) [MANUAL] TcUsb
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service C:\WINDOWS\System32\drivers\TDSMAPI.SYS [SYSTEM] TDSMAPI
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (ThinkVantage Registry Monitor Service/Lenovo Group Limited) [AUTO] ThinkVantage Registry Monitor Service
Service C:\WINDOWS\system32\tlntsvr.exe (Telnet/Microsoft Corporation) [MANUAL] TlntSvr
Service C:\WINDOWS\system32\DRIVERS\toside.sys (Toshiba PCI IDE-Controller/Microsoft Corporation) [DISABLED] TosIde
Service C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver/Lenovo.) [BOOT] TPDIGIMN
Service C:\WINDOWS\System32\TPHDEXLG.exe (ThinkVantage Active Protection System - HDD Logger Module/Lenovo.) [AUTO] TPHDEXLGSVC
Service C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys (ThinkPad Hotkey Driver/Lenovo Group Limited) [SYSTEM] TPHKDRV
Service C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe (On screen display Fn+Fx handler/Lenovo Group Limited) [AUTO] TPHKSVC
Service C:\WINDOWS\system32\TpKmpSVC.exe [AUTO] TpKmpSVC
Service C:\WINDOWS\System32\drivers\Tppwrif.sys [SYSTEM] TPPWRIF
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service C:\WINDOWS\System32\drivers\TSMAPIP.SYS [SYSTEM] TSMAPIP
Service C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (tvttcsd Application/IBM) [AUTO] TSSCoreService
Service C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Rescue and Recovery Backup Service/Lenovo Group Limited) [AUTO] TVT Backup Service
Service C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (ThinkVantage Scheduler/Lenovo Group Limited) [AUTO] TVT Scheduler
Service C:\WINDOWS\system32\drivers\tvtfilter.sys (Rescue and Recovery filter driver/Lenovo) [AUTO] tvtfilter
Service C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe [AUTO] tvtnetwk
Service C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys (TVT NDIS 5.1 Intermediate Miniport Filter Driver/Lenovo Group Limited) [MANUAL] TVTPktFilter
Service C:\WINDOWS\system32\DRIVERS\TwoTrack.sys (IBM PS/2 TrackPoint Mouse Filter Driver/IBM Corporation) [MANUAL] TwoTrack
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service system32\DRIVERS\UIUSYS.SYS [MANUAL] UIUSys
Service C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise ULTRA66 Miniport-Treiber/Promise Technology, Inc.) [DISABLED] ultra
Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service usb
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\WINDOWS\system32\DRIVERS\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [DISABLED] viaagp
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [DISABLED] ViaIde
Service (Volumeschattenkopie-Treiber/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Microsoft® Volumeschattenkopie-Dienst/Microsoft Corporation) [MANUAL] VSS
Service VxD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service C:\WINDOWS\system32\inetsrv\inetinfo.exe (Internet-Informationsdienste/Microsoft Corporation) [MANUAL] W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\Programme\Windows Media Connect 2\wmccds.exe (Windows Media Connect/Microsoft Corporation) [MANUAL] WMConnectCDS
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (WMI-Leistungsadapter-Dienst/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:\WINDOWS\system32\DRIVERS\wpdusb.sys (WPD USB Driver/Microsoft Corporation) [MANUAL] WpdUsb
Service C:\WINDOWS\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [BOOT] WudfPf
Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WudfSvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service [AUTO] XAMPP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {08D58BAD-64B7-468C-97BD-67603609B453}
Service {9253803D-A826-462C-95FB-54E6608C3F1A}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xB0 0xC3 0xD9 0x1B ...

---- EOF - GMER 1.0.15 ----

Kiesopfer

28.06.2010 08:51

Hallo,

hier sind noch Restfragmente aus dem Protokoll:

PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)

ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

0x597D0000

0x77AF0000

0x74330000

0x77B10000

0x65000000

0x5B0F0000

Der Trojaner/Virus legt immer noch temp an, aber nun nicht mehr in 11 Minuten Abstand, sondern in 10 Minuten!

Kiesopfer

28.06.2010 09:20

Da sich die Taktung geändert hat,
könnte es bedeuten, dass der Virus in 10 Tagen minütlich melden würde.
Könnte es sich um einen gezielten Angriff handeln?

Soll ich noch irgendwas durchlaufen lassen oder posten?

Larusso

28.06.2010 09:23

Hast du folgendes nicht gelesen ?

Zitat:

[*] Entferne rechts den Hacken bei

Sections
IAT/EAT
Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
Show all (sollte abgehackt sein)

Ich muss jetzt zum Arzt, bitte downloade dir eine neue Combofix version und poste mir die Log

Kiesopfer

28.06.2010 09:42

gelesen habe ich das
aber wohl nicht verstanden!

Soll files alle Festplatten heissen?
hatte c deakti iert

show all war nicht aktiviert,
habe es dann aktiviert.
Oder soll es aus sein?

Kiesopfer

28.06.2010 10:28

GMER Scan habe ich nun so gemacht:

Section kein Hacken
IAT/EAT kein Hacken

Files hat Hacken
c: hat Hacken ist das Sytem
e: keinen Hacken
ADS hat Hacken
show all hat keinen Hacken

protokoll folgt

Kiesopfer

28.06.2010 14:17

Jetzt sollte ich aber alles richtig gemacht haben.

Protokoll NEU GMER: (Ist aber sehr kurz):

GMER Logfile:

Code:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-28 15:04:54

Windows 5.1.2600 Service Pack 3

Running: qbron9eb.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ugtdipow.sys
 
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
 

Device          \FileSystem\Fastfat \Fat                                                            B9627D20
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version          

Reg             HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version  0xB0 0xC3 0xD9 0x1B ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Kiesopfer

28.06.2010 14:18

Hier noch das neue Protokoll von OTL:

OTL Logfile:

Code:

OTL logfile created on: 28.06.2010 15:06:50 - Run 3

OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 90,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 98,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 70,17 Gb Total Space | 7,38 Gb Free Space | 10,51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TEST

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: SafeMode

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] --  -- (XAMPP)

SRV - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2009.11.17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2009.01.02 20:51:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

SRV - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007.09.07 19:07:22 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)

SRV - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Stopped] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)

SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)

SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)

DRV - [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)

DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)

DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)

DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)

DRV - [2009.12.11 10:17:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.11.18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV - [2009.07.12 09:40:48 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2009.06.18 01:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)

DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2009.01.28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2009.01.28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2009.01.03 12:12:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)

DRV - [2009.01.02 15:31:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2008.12.09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)

DRV - [2008.11.11 01:52:08 | 003,301,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008.10.24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2008.10.24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2008.07.03 23:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2008.05.12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)

DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2008.04.14 03:57:20 | 000,040,448 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)

DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)

DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008.03.26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2007.11.27 16:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2007.11.27 16:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2007.11.21 11:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2007.11.01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007.11.01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007.11.01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007.09.07 19:06:32 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)

DRV - [2007.06.29 12:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)

DRV - [2007.03.23 10:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)

DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)

DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)

DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)

DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)

DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2006.07.14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)

DRV - [2006.07.14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)

DRV - [2006.07.14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Stopped] -- C:\Programme\SMI2\smi2.sys -- (smi2)

DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Stopped] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)

DRV - [2006.03.01 03:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)

DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005.11.18 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2005.05.17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)

DRV - [2004.11.30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)

DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)

DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)

DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 09:12:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.27 09:12:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 10:21:49 | 000,000,000 | ---D | M]

 

[2010.06.28 10:25:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.06.27 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.06.27 10:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.06.27 18:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)

O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\sipgate X-Lite.lnk = C:\Programme\sipgate X-Lite\sipgateXLite.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 475

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)

O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\psfus: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.06.11 18:07:58 | 000,000,000 | ---D | M] - E:\Automobilia -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010.06.28 10:47:40 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe

[2010.06.28 10:47:38 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe

[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe

[2010.06.27 19:27:59 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe

[2010.06.27 19:27:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld

[2010.06.27 19:27:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld

[2010.06.27 18:24:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.06.27 18:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010.06.27 17:47:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.06.27 17:47:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.06.27 17:47:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.06.27 17:47:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.06.27 17:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.06.27 17:44:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.06.27 17:40:29 | 000,000,000 | ---D | C] -- C:\rsit

[2010.06.27 13:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010.06.27 10:22:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.06.27 09:52:44 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro

[2010.06.26 15:33:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.06.26 15:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.06.26 15:33:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.06.26 15:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.06.26 14:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe

[2010.06.26 11:25:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun

[2010.06.26 11:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia

[2010.06.26 10:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2010.06.18 08:36:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync

[2010.06.17 17:04:08 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys

[2010.06.17 17:04:07 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys

[2010.06.17 17:04:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys

[2010.06.17 17:04:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys

[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys

[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys

[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys

[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys

[2010.06.10 16:54:24 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE

[2010.06.10 16:48:07 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache

[2010.06.09 10:53:28 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec

[2010.06.04 10:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474

[2010.05.27 23:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2010.05.27 23:05:20 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe

[2010.05.27 23:04:10 | 000,000,000 | ---D | C] -- C:\Programme\DIFX

[2010.05.27 23:04:09 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys

[2010.05.27 23:02:54 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution

[2010.05.27 23:02:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files

[2010.05.27 23:02:14 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny

[2010.05.27 22:54:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Samsung

[2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Programme\eBay

[2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\eBay

[2010.04.23 16:59:54 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll

[2010.04.23 16:59:54 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll

 
 ========== Files - Modified Within 90 Days ==========

 

[2010.06.28 15:06:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.28 15:05:10 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini

[2010.06.28 15:05:09 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat

[2010.06.28 15:05:08 | 004,768,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.06.28 10:52:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.28 10:51:27 | 000,010,027 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2010.06.28 10:50:44 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2010.06.28 10:50:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010.06.28 10:49:43 | 000,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2010.06.28 10:47:37 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job

[2010.06.27 23:43:48 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe

[2010.06.27 23:21:52 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\qbron9eb.exe

[2010.06.27 19:30:55 | 000,000,053 | ---- | M] () -- C:\WINDOWS\Lic.xxx

[2010.06.27 19:27:58 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe

[2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2010.06.27 18:01:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.06.27 18:01:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job

[2010.06.27 09:12:23 | 000,001,573 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2010.06.27 09:06:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2010.06.26 15:33:11 | 000,000,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.06.26 10:29:39 | 000,409,923 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100626-131548.backup

[2010.06.26 10:10:13 | 000,000,246 | ---- | M] () -- C:\WINDOWS\WININIT.INI

[2010.06.24 20:31:43 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml

[2010.06.23 20:09:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010.06.23 08:59:50 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp

[2010.06.23 08:19:00 | 001,179,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.23 08:19:00 | 000,521,298 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.06.23 08:19:00 | 000,491,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.23 08:19:00 | 000,105,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.06.23 08:19:00 | 000,089,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.22 21:19:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.06.10 19:34:49 | 004,376,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.06.10 16:54:58 | 000,034,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

[2010.06.09 11:26:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe

[2010.06.09 11:26:50 | 000,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2010.05.30 00:27:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010.05.28 07:08:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010.05.01 08:51:28 | 000,110,592 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys

[2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys

[2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys

[2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys

[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys

[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys

[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys

[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys

[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2010.04.23 16:59:54 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll

[2010.04.23 16:59:54 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll

[2010.04.05 08:10:53 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk

[2010.04.02 12:21:39 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk

 
 ========== Files Created - No Company Name ==========

 

[2010.06.28 10:47:42 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\qbron9eb.exe

[2010.06.27 19:28:25 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Lic.xxx

[2010.06.27 19:27:59 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest

[2010.06.27 17:47:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.06.27 17:47:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.06.27 17:47:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.06.27 17:47:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.06.27 17:47:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.06.26 19:57:59 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2010.06.26 19:57:57 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2010.06.26 15:33:11 | 000,000,683 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.06.23 08:49:26 | 010,529,280 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2010.06.04 10:06:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job

[2010.05.27 23:05:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2010.05.27 23:05:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2010.05.27 22:53:27 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp

[2010.04.05 08:10:53 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk

[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2009.01.03 17:58:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2009.01.03 17:58:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2009.01.03 17:58:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI

[2008.07.04 10:02:26 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Backup.INI

[2008.02.09 20:16:29 | 000,000,246 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2008.02.04 21:30:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini

[2008.01.23 14:57:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2008.01.23 14:57:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2008.01.23 14:57:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2007.11.26 16:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2007.11.26 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll

[2007.10.07 13:21:17 | 000,003,325 | ---- | C] () -- C:\WINDOWS\tm.ini

[2007.10.01 00:07:57 | 000,000,076 | ---- | C] () -- C:\WINDOWS\my.ini

[2007.09.30 09:47:10 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2007.09.30 09:47:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2007.09.30 09:46:41 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2007.09.30 09:46:41 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2007.09.30 09:46:40 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2007.09.08 00:42:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll

[2007.09.08 00:33:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007.09.08 00:08:57 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2007.09.07 19:13:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007.09.07 19:05:58 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2007.09.07 18:55:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2007.09.07 18:55:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2007.09.07 18:55:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2007.09.07 18:55:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2007.09.07 18:47:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2007.09.07 18:46:20 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2007.09.07 18:44:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[2007.09.07 18:44:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2007.09.07 18:43:56 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll

[2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll

[2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll

[2006.08.17 10:00:13 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006.06.12 12:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll

[2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll

[2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll

[2005.05.04 14:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll

[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2004.08.04 02:44:46 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys

[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll

[2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2000.12.04 20:27:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL

[1999.05.14 15:05:22 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL

[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

 
 ========== LOP Check ==========

 

[2008.07.31 21:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo

[2008.07.31 20:48:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ThinkVantage

[2008.07.31 20:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Backup

[2008.01.24 12:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve

[2008.06.02 13:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eDocPrintPro

[2010.01.20 18:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular

[2009.05.19 22:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA

[2008.07.31 21:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo

[2008.07.31 20:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware

[2010.06.27 19:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld

[2009.01.03 17:58:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software

[2010.05.27 23:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2010.06.26 19:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr

[2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan

[2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel

[2010.06.27 13:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2009.10.17 09:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB

[2010.06.28 10:47:37 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job

[2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job

[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2010.06.28 10:50:44 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

[2010.06.28 10:50:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >

--- --- ---

Kiesopfer

28.06.2010 15:00

Und hier nun noch das Protokoll von Combofix mit der neuen Version:

Combofix Logfile:

Code:

ComboFix 10-06-27.04 - Norman 28.06.2010  15:39:02.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3070.2313 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Norman\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\windows\My.ini

c:\windows\regedit.com

c:\windows\system32\taskmgr.com
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-28 bis 2010-06-28  ))))))))))))))))))))))))))))))

.
 

2010-06-27 17:33 . 2010-06-27 17:33        --------        d---a-w-        c:\windows\rundll16.exe

2010-06-27 17:33 . 2010-06-27 17:33        --------        d---a-w-        c:\windows\logo1_.exe

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\VDLL.DLL

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\system32\runouce.exe

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\RUNDL132.EXE

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\logo_1.exe

2010-06-27 17:28 . 2010-06-27 17:28        632064        ----a-w-        c:\windows\system32\msvcr80.dll

2010-06-27 17:28 . 2010-06-27 17:28        554240        ----a-w-        c:\windows\system32\msvcp80.dll

2010-06-27 17:27 . 2010-06-27 17:27        34048        ----a-w-        c:\windows\system32\eEmpty.exe

2010-06-27 17:27 . 2008-04-14 02:23        140800        ----a-w-        c:\windows\system32\T.COM

2010-06-27 17:27 . 2008-04-14 02:22        153600        ----a-w-        c:\windows\R.COM

2010-06-27 17:27 . 2010-06-27 17:27        --------        d-----w-        c:\programme\Gemeinsame Dateien\MicroWorld

2010-06-27 17:27 . 2010-06-27 17:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MicroWorld

2010-06-27 17:23 . 2010-06-27 17:24        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Download Manager

2010-06-27 15:40 . 2010-06-27 15:40        --------        d-----w-        C:\rsit

2010-06-27 11:37 . 2010-06-27 11:38        --------        dc-h--w-        c:\windows\ie8

2010-06-27 08:37 . 2010-06-27 08:37        503808        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcp71.dll

2010-06-27 08:37 . 2010-06-27 08:37        499712        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\jmc.dll

2010-06-27 08:37 . 2010-06-27 08:37        348160        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcr71.dll

2010-06-27 08:37 . 2010-06-27 08:37        61440        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-sse.dll

2010-06-27 08:37 . 2010-06-27 08:37        12800        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-d3d.dll

2010-06-23 06:49 . 2010-06-28 08:52        10529280        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

2010-06-22 11:22 . 2010-06-05 03:54        265528        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe

2010-06-22 11:22 . 2010-06-05 03:52        6144        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\de-DE\MCS.Thunder.Update.resources.dll

2010-06-22 11:22 . 2010-06-05 03:50        47616        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll

2010-06-22 11:22 . 2010-06-05 03:49        12288        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll

2010-06-22 11:22 . 2010-06-04 10:02        9728        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll

2010-06-22 11:22 . 2010-06-04 10:00        204288        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\CabLib.dll

2010-06-22 11:22 . 2010-06-04 09:59        6656        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll

2010-06-18 06:36 . 2010-06-18 08:01        --------        d-----w-        c:\programme\Microsoft ActiveSync

2010-06-17 15:04 . 2010-04-27 02:25        100352        ----a-w-        c:\windows\system32\drivers\ssceserd.sys

2010-06-17 15:04 . 2010-04-27 02:25        98560        ----a-w-        c:\windows\system32\drivers\sscebus.sys

2010-06-17 15:04 . 2010-04-27 02:25        14848        ----a-w-        c:\windows\system32\drivers\sscemdfl.sys

2010-06-17 15:04 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecmnt.sys

2010-06-17 15:04 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecm.sys

2010-06-17 15:04 . 2010-04-27 02:25        123648        ----a-w-        c:\windows\system32\drivers\sscemdm.sys

2010-06-17 15:04 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewhnt.sys

2010-06-17 15:04 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewh.sys

2010-06-17 10:23 . 2010-06-17 10:23        --------        d-----w-        c:\dokumente und einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth

2010-06-13 12:03 . 2010-06-13 12:03        1465512        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe

2010-06-10 14:54 . 2010-06-10 14:54        34848        ----a-w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2010-06-10 14:54 . 2010-06-10 14:54        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\PrivacIE

2010-06-10 14:48 . 2010-06-10 14:48        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache

2010-06-10 06:30 . 2010-05-06 10:31        743424        ------w-        c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 08:53 . 2010-06-17 10:41        --------        d-----w-        c:\programme\MyFree Codec

2010-06-04 08:06 . 2010-06-04 08:06        --------        d-----w-        c:\windows\system32\KB905474
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-28 13:29 . 2008-01-06 11:48        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-06-28 13:22 . 2010-02-21 22:38        --------        d-----w-        c:\programme\PC-Doctor

2010-06-28 13:22 . 2010-02-21 22:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr

2010-06-28 08:21 . 2007-09-08 15:32        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-06-27 11:46 . 2008-04-25 07:06        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

2010-06-27 08:34 . 2010-06-26 09:24        411368        ----a-w-        c:\windows\system32\deployJava1.dll

2010-06-27 08:22 . 2010-06-27 08:22        --------        d-----w-        c:\programme\CCleaner

2010-06-27 07:52 . 2010-06-27 07:52        --------        d-----w-        c:\programme\Trend Micro

2010-06-27 06:55 . 2008-09-11 06:58        --------        d-----w-        c:\programme\Eusing Free Registry Cleaner

2010-06-27 06:14 . 2010-05-27 21:02        --------        d-----w-        c:\programme\PC Connectivity Solution

2010-06-26 22:00 . 2007-09-07 17:06        5427        ----a-w-        c:\windows\system32\EGATHDRV.SYS

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Malwarebytes

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-06-26 13:03 . 2008-02-28 13:08        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\IBP

2010-06-26 09:25 . 2007-09-07 16:54        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java

2010-06-26 09:24 . 2007-09-07 16:54        --------        d-----w-        c:\programme\Java

2010-06-23 07:02 . 2007-09-07 16:43        --------        d--h--w-        c:\programme\InstallShield Installation Information

2010-06-23 06:19 . 2006-01-27 01:01        521298        ----a-w-        c:\windows\system32\perfh007.dat

2010-06-23 06:19 . 2006-01-27 01:01        105016        ----a-w-        c:\windows\system32\perfc007.dat

2010-06-18 08:17 . 2010-05-27 21:02        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung

2010-06-17 07:34 . 2007-09-09 06:14        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\LPC

2010-06-17 07:32 . 2007-09-09 06:14        --------        d-----w-        c:\programme\Link Popularity Check

2010-06-13 12:03 . 2010-05-20 05:07        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update

2010-06-09 09:26 . 2010-05-27 21:05        36608        ----a-w-        c:\windows\system32\FsUsbExDisk.Sys

2010-06-09 09:26 . 2010-05-27 21:05        233472        ----a-w-        c:\windows\system32\FsUsbExService.Exe

2010-05-28 08:52 . 2007-09-07 16:43        --------        d-----w-        c:\programme\ThinkPad

2010-05-28 08:52 . 2007-09-07 16:46        --------        d-----w-        c:\programme\Lenovo

2010-05-27 21:05 . 2010-05-27 21:05        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite

2010-05-27 21:05 . 2010-05-27 21:05        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\PC Suite

2010-05-27 21:04 . 2010-05-27 21:04        --------        d-----w-        c:\programme\DIFX

2010-05-27 21:02 . 2010-05-27 21:02        --------        d-----w-        c:\programme\Common Files

2010-05-27 21:02 . 2010-05-27 21:02        --------        d-----w-        c:\programme\MarkAny

2010-05-27 20:54 . 2010-05-27 20:54        --------        d-----w-        c:\programme\Gemeinsame Dateien\Samsung

2010-05-22 07:49 . 2010-05-22 07:49        --------        d-----w-        c:\programme\eBay

2010-05-21 15:41 . 2007-09-08 13:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet

2010-05-14 08:42 . 2009-05-27 12:51        --------        d-----w-        c:\programme\IBP 11

2010-05-02 08:05 . 2009-04-24 21:47        1851392        ----a-w-        c:\windows\system32\win32k.sys

2010-05-01 06:51 . 2010-05-27 21:05        110592        ------w-        c:\windows\system32\FsUsbExDevice.Dll

2010-04-29 13:39 . 2010-06-26 13:33        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2010-06-26 13:33        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-04-23 14:59 . 2010-04-23 14:59        49152        ------r-        c:\windows\system32\inetwh32.dll

2010-04-23 14:59 . 2010-04-23 14:59        1044480        ------r-        c:\windows\system32\roboex32.dll

2010-04-20 05:29 . 2006-01-27 01:00        285696        ----a-w-        c:\windows\system32\atmfd.dll

2010-04-14 06:27 . 2010-04-14 06:27        96768        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\iGO8\SDS\saipservice.dll

2010-04-14 06:15 . 2010-04-14 06:15        152088        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\NNGStart.exe

2010-04-14 06:15 . 2010-04-14 06:15        39632        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\MSVCR80.DLL

2010-03-30 22:16 . 2010-03-30 22:16        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2010-03-30 22:10 . 2010-03-30 22:10        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]

"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]

"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]

"TpShocks"="TpShocks.exe" [2009-02-02 181536]

"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]

"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688]

"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2007-02-02 419376]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]

"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]

"Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]

"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]

"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]

"TP4EX"="tp4ex.exe" [2005-10-16 65536]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]

"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]

"Adobe Acrobat Speed Launcher"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]

"Acrobat Assistant 8.0"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]

"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104]

hpoddt01.exe.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

officejet 6100.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]

sipgate X-Lite.lnk - c:\programme\sipgate X-Lite\sipgateXLite.exe [2007-10-31 3227648]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]

 [BU]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-08-16 17:07        49152        ------w-        c:\programme\Lenovo\AwayTask\AwayNotify.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]

 [BU]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

 [BU]
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Programme\\IBP 10\\IBP.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"e:\\Programme\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=

"c:\\Programme\\sipgate X-Lite\\sipgateXLite.exe"=

"c:\\Programme\\Mozilla Thunderbird\\thunderbird.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
 

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.01.2009 17:57 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [28.05.2010 10:51 13480]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.10.2009 11:55 108289]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [24.10.2008 10:05 53248]

R2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]

R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]

R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [02.03.2007 14:07 63928]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [21.05.2009 20:48 44984]

S2 XAMPP;XAMPP Service; [x]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 06:46 288112]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27.05.2010 23:05 36608]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]

S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [17.06.2010 17:04 98560]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [17.06.2010 17:04 14848]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [17.06.2010 17:04 123648]

S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [17.06.2010 17:04 100352]

.

Inhalt des "geplante Tasks" Ordners
 

2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
 

2010-06-28 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job

- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
 

2010-06-27 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8190378331.job

- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
 

2010-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\programme\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
 

2010-06-28 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-07 11:41]
 

2010-06-26 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\programme\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
 

2010-06-28 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://lenovo.live.com

uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm

IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

Handler: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - c:\programme\Haufe\HaufeReader\HRInstmon.dll

FF - ProfilePath - c:\dokumente und einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\

FF - prefs.js: network.proxy.http - http://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-28 15:47

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,

   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\
 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,

   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(664)

c:\windows\system32\Ati2evxx.dll

c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\programme\Lenovo\AwayTask\AwayNotify.dll

.

Zeit der Fertigstellung: 2010-06-28  15:51:45

ComboFix-quarantined-files.txt  2010-06-28 13:51

ComboFix2.txt  2010-06-27 16:10
 

Vor Suchlauf: 4.594.737.152 Bytes frei

Nach Suchlauf: 4.578.394.112 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 6EBC1674694F34A205DA63215D41A220

--- --- ---

Kiesopfer

28.06.2010 15:03

Was wird nun benötigt?

Vielen Dank für die Hilfe und vor allem für die Geduld!:dankeschoen:

Kiesopfer

28.06.2010 15:04

Hier noch das Resident Log vom Spyboot, welches beim Neustart folgendes geändert hat:

28.06.2010 15:29:40 Erlaubt (based on user decision) value "DisableCMD" (new data: "0") hinzugefügt in Disable Command!
28.06.2010 15:29:45 Erlaubt (based on user decision) value "RestrictRun" (new data: "0") hinzugefügt in System Startup user entry!
28.06.2010 15:29:48 Erlaubt (based on user decision) value "RestrictRun" (new data: "") gelöscht in System Startup user entry!
28.06.2010 15:57:03 Erlaubt (based on user decision) value "NoDriveTypeAutoRun" (new data: "323") geändert in System Startup user entry!
28.06.2010 15:57:06 Erlaubt (based on user decision) value "DisableCMD" (new data: "") gelöscht in Disable Command!

Larusso

28.06.2010 15:17

Das Problem ist, die Logs sehen alle gut aus.

Hast Du die möglichkeit eine CD zu brennen ?

Vorher versuchen wir noch http://www.trojaner-board.de/59299-a...eb-cureit.html

Der SchnellScan dürfte ausreichen, kann aber denoch eine Weile in Anspruch nehmen.

Kiesopfer

28.06.2010 15:20

Das mit dem Brennen sollte eigentlich gehen.

Melde mich dann nach dem Scan.

Kiesopfer

28.06.2010 16:37

Dr. Web hat wohl was gefunden:

intelppm.sys;C:\WINDOWS\system32\drivers;BackDoor.Tdss.2459;Wird nach Neustart desinfiziert.;
intelppm.sys;c:\windows\system32\drivers;BackDoor.Tdss.2459;Desinfiziert.;

Aber ob es das ist war ?

Larusso

28.06.2010 16:43

Komisch das da keines der Tools anschlägt

Downloade Dir bitte Filelister

Speichere die Datei auf dem Desktop.
Rechtsklick und Extrahiere alle Dateien auf deinem Desktop.
Öffne den File Lister Ordner.
Belasse die FileLister.vbe in dem Ordner
Rechtsklick auf die .vbe und wähle öffnen

http://bamajim.com/Images/unzip4.JPG

(Vista und Win7 User mit Rechtsklick "Als Admin ausführen" )

Wenn der Scan beendet ist, wird C:\files.txt erstellt. Poste mir bitte den Inhalt.

Kiesopfer

28.06.2010 17:01

Hier das Protokoll vom FileLister.vbe:

+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 28.06.2010 17:53:33

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe
E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programme\Alice\Signup\AliceCnn.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live Toolbar\msn_sl.exe

====== BHO's ======
BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} -

BHO: (NO NAME) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: (NO NAME) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

BHO: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

BHO: (NO NAME) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: (NO NAME) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\WINDOWS\system32\userinit.exe,
Winlogon\Shell = Explorer.exe

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[PWRMGRTR] = rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
[BLOG] = rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
[SynTPLpr] = C:\Programme\Synaptics\SynTP\SynTPLpr.exe
[SynTPEnh] = C:\Programme\Synaptics\SynTP\SynTPEnh.exe
[EZEJMNAP] = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
[TPKMAPHELPER] = C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
[TpShocks] = TpShocks.exe
[TPHOTKEY] = C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
[SoundMAXPnP] = C:\Programme\Analog Devices\Core\smax4pnp.exe
[LPManager] = C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
[AMSG] = C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
[DLA] = C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[ISUSPM Startup] = C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[ISUSScheduler] = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
[AwaySch] = C:\Programme\Lenovo\AwayTask\AwaySch.EXE
[TVT Scheduler Proxy] = C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
[DiskeeperSystray] = "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
[ACWLIcon] = C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
[Picasa Media Detector] = C:\Programme\Picasa2\PicasaMediaDetector.exe
[PDService.exe] = "C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
[cssauth] = "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
[QuickTime Task] = "C:\Programme\QuickTime\qttask.exe" -atboottime
[TP4EX] = tp4ex.exe
[LPMailChecker] = C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
[TPFNF7] = C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
[Adobe Reader Speed Launcher] = "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[AdobeCS4ServiceManager] = "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
[Adobe Acrobat Speed Launcher] = "E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
[Acrobat Assistant 8.0] = "E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
[Adobe_ID0ENQBO] = C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
[LENOVO.TPFNF6R] = C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe
[StartCCC] = "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
[avgnt] = "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
[Adobe ARM] = "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
[SunJavaUpdateSched] = "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

====== HKCU\~\Run Keys ======

[SpybotSD TeaTimer] = C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{0498C351-E77C-4AB4-9D02-E0C50E0E954A}\ NameServer= 213.191.74.11 213.191.92.82

HKEY_LOCAL_MACHINE\CS001\~\{0498C351-E77C-4AB4-9D02-E0C50E0E954A}\ NameServer= 213.191.74.11 213.191.92.82

NV Hostname = TEST
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = TEST
UseDomainNameDevolution = 1
DeadGWDetectDefault = 1
DontAddDefaultGatewayDefault = 0

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

28.06.2010 15:34:50 8274985 C:\cmdcons
28.06.2010 15:34:51 925696 C:\cmdcons\SYSTEM32
27.06.2010 17:44:13 1727196 C:\Qoobox
28.06.2010 15:30:50 12517 C:\Qoobox\BackEnv
27.06.2010 17:44:13 304368 C:\Qoobox\Quarantine
27.06.2010 17:50:53 294476 C:\Qoobox\Quarantine\C
28.06.2010 15:46:26 294476 C:\Qoobox\Quarantine\C\WINDOWS
28.06.2010 15:46:29 140800 C:\Qoobox\Quarantine\C\WINDOWS\system32
27.06.2010 17:44:13 9790 C:\Qoobox\Quarantine\Registry_backups
28.06.2010 17:41:32 85 C:\RECYCLER
28.06.2010 17:41:32 85 C:\RECYCLER\S-1-5-21-3983823669-670418646-3479873645-1005
27.06.2010 17:40:29 73724 C:\rsit
27.05.2010 22:53:27 2006 32 C:\aqua_bitmap.cpp
28.06.2010 15:34:57 211 32 C:\Boot.bak
28.06.2010 15:34:53 262448 32 C:\cmldr
28.06.2010 15:51:48 25705 32 C:\ComboFix.txt
28.06.2010 17:28:44 171 32 C:\DrWeb.txt
28.06.2010 15:04:54 945 32 C:\Gmer.txt
28.06.2010 17:30:24 3219574784 38 C:\hiberfil.sys
22.05.2010 09:49:32 1796 0 C:\InstallHelper.log
27.06.2010 22:45:18 30575 32 C:\MWAV.LOG
28.06.2010 15:09:48 111952 32 C:\OTL.Txt
18.06.2010 08:37:18 616386 C:\WINDOWS\$NtUninstallKB894476$
18.06.2010 08:37:18 600002 C:\WINDOWS\$NtUninstallKB894476$\spuninst
10.06.2010 17:04:23 4131466 C:\WINDOWS\$NtUninstallKB952069_WM9$
10.06.2010 17:04:23 633154 C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
10.06.2010 16:29:01 1935869 C:\WINDOWS\$NtUninstallKB975562$
10.06.2010 16:29:01 638461 C:\WINDOWS\$NtUninstallKB975562$\spuninst
12.06.2010 07:28:07 2646538 C:\WINDOWS\$NtUninstallKB978542$
12.06.2010 07:28:07 639498 C:\WINDOWS\$NtUninstallKB978542$\spuninst
10.06.2010 16:29:37 3005550 C:\WINDOWS\$NtUninstallKB978695_WM9$
10.06.2010 16:29:37 632046 C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst
10.06.2010 16:29:21 703479 C:\WINDOWS\$NtUninstallKB979482$
10.06.2010 16:29:21 638455 C:\WINDOWS\$NtUninstallKB979482$\spuninst
10.06.2010 18:07:39 2485277 C:\WINDOWS\$NtUninstallKB979559$
10.06.2010 18:07:39 638749 C:\WINDOWS\$NtUninstallKB979559$\spuninst
10.06.2010 16:35:40 936726 C:\WINDOWS\$NtUninstallKB980195$
10.06.2010 16:35:40 637718 C:\WINDOWS\$NtUninstallKB980195$\spuninst
10.06.2010 18:07:55 924253 C:\WINDOWS\$NtUninstallKB980218$
10.06.2010 18:07:55 638557 C:\WINDOWS\$NtUninstallKB980218$\spuninst
11.06.2010 07:11:22 852962 C:\WINDOWS\$NtUninstallKB981793$
11.06.2010 07:11:22 655330 C:\WINDOWS\$NtUninstallKB981793$\spuninst
27.05.2010 22:58:07 19390480 C:\WINDOWS\$NtUninstallWMFDist11$
27.05.2010 22:58:07 638093 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst
27.06.2010 17:47:36 198973049 C:\WINDOWS\ERDNT
27.06.2010 18:09:06 26694768 C:\WINDOWS\ERDNT\cache
27.06.2010 17:47:36 92372292 C:\WINDOWS\ERDNT\Hiv-backup
28.06.2010 15:30:45 18599936 C:\WINDOWS\ERDNT\Hiv-backup\Users
28.06.2010 15:30:45 1556480 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001
28.06.2010 15:30:45 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002
28.06.2010 15:30:45 15249408 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003
28.06.2010 15:30:46 1556480 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004
28.06.2010 15:30:47 221184 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
28.06.2010 15:30:47 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
27.06.2010 18:00:06 79905879 C:\WINDOWS\ERDNT\subs
27.06.2010 18:00:10 17035264 C:\WINDOWS\ERDNT\subs\Users
27.06.2010 18:00:10 1556480 C:\WINDOWS\ERDNT\subs\Users\00000001
27.06.2010 18:00:10 8192 C:\WINDOWS\ERDNT\subs\Users\00000002
27.06.2010 18:00:10 15249408 C:\WINDOWS\ERDNT\subs\Users\00000003
27.06.2010 18:00:11 221184 C:\WINDOWS\ERDNT\subs\Users\00000004
27.06.2010 13:37:30 42897676 C:\WINDOWS\ie8
27.06.2010 13:37:30 1188500 C:\WINDOWS\ie8\spuninst
27.06.2010 19:33:07 0 C:\WINDOWS\logo1_.exe
27.06.2010 19:29:52 0 C:\WINDOWS\logo_1.exe
27.06.2010 19:29:52 0 C:\WINDOWS\RUNDL132.EXE
27.06.2010 19:33:07 0 C:\WINDOWS\rundll16.exe
27.06.2010 18:10:34 81920 C:\WINDOWS\temp
27.06.2010 19:29:52 0 C:\WINDOWS\VDLL.DLL
28.06.2010 15:55:05 0 32 C:\WINDOWS\0.log
28.06.2010 17:39:59 8239 32 C:\WINDOWS\comsetup.log
28.06.2010 17:39:53 24733 32 C:\WINDOWS\FaxSetup.log
27.06.2010 17:47:41 80412 32 C:\WINDOWS\grep.exe
28.06.2010 17:39:56 29067 32 C:\WINDOWS\iis6.log
28.06.2010 17:40:02 1374 32 C:\WINDOWS\imsins.BAK
28.06.2010 17:40:02 1374 32 C:\WINDOWS\imsins.log
28.06.2010 17:39:24 9135 32 C:\WINDOWS\KB971961-IE8.log
28.06.2010 17:40:58 13280 32 C:\WINDOWS\KB976662-IE8.log
28.06.2010 17:40:07 9035 32 C:\WINDOWS\KB981332-IE8.log
28.06.2010 17:40:14 15325 32 C:\WINDOWS\KB982381-IE8.log
27.06.2010 19:28:25 53 32 C:\WINDOWS\Lic.xxx
27.06.2010 17:47:41 77312 32 C:\WINDOWS\MBR.exe
28.06.2010 17:40:04 1700 32 C:\WINDOWS\MedCtrOC.log
28.06.2010 17:40:02 1236 32 C:\WINDOWS\msgsocm.log
28.06.2010 17:40:02 7594 32 C:\WINDOWS\msmqinst.log
28.06.2010 17:40:04 4332 32 C:\WINDOWS\netfxocm.log
27.06.2010 17:47:41 31232 32 C:\WINDOWS\NIRCMD.exe
28.06.2010 16:25:03 159726 32 C:\WINDOWS\ntbtlog.txt
28.06.2010 17:40:00 4970 32 C:\WINDOWS\ntdtcsetup.log
28.06.2010 17:39:51 11824 32 C:\WINDOWS\ocgen.log
28.06.2010 17:40:05 1368 32 C:\WINDOWS\ocmsn.log
27.06.2010 17:47:41 256512 32 C:\WINDOWS\PEV.exe
27.06.2010 19:27:54 153600 32 C:\WINDOWS\R.COM
27.06.2010 17:47:41 98816 32 C:\WINDOWS\sed.exe
28.06.2010 17:39:59 0 32 C:\WINDOWS\setupact.log
28.06.2010 15:57:59 18059 32 C:\WINDOWS\setupapi.log
28.06.2010 17:39:59 0 32 C:\WINDOWS\setuperr.log
27.06.2010 17:47:41 161792 32 C:\WINDOWS\SWREG.exe
27.06.2010 17:47:41 136704 32 C:\WINDOWS\SWSC.exe
27.06.2010 17:47:41 212480 32 C:\WINDOWS\SWXCACLS.exe
28.06.2010 17:40:04 1244 32 C:\WINDOWS\tabletoc.log
28.06.2010 17:40:01 11286 32 C:\WINDOWS\tsoc.log
28.06.2010 17:40:48 2752 32 C:\WINDOWS\updspapi.log
27.06.2010 17:47:41 68096 32 C:\WINDOWS\zip.exe
04.06.2010 10:06:29 1907364 C:\WINDOWS\system32\KB905474
27.06.2010 19:29:52 0 C:\WINDOWS\system32\runouce.exe
26.06.2010 11:24:48 411368 32 C:\WINDOWS\system32\deployJava1.dll
27.06.2010 19:27:59 34048 32 C:\WINDOWS\system32\eEmpty.exe
27.05.2010 23:05:20 110592 0 C:\WINDOWS\system32\FsUsbExDevice.Dll
27.05.2010 23:05:20 36608 32 C:\WINDOWS\system32\FsUsbExDisk.Sys
27.05.2010 23:05:20 233472 32 C:\WINDOWS\system32\FsUsbExService.Exe
27.06.2010 10:34:49 145184 32 C:\WINDOWS\system32\java.exe
27.06.2010 10:34:49 73728 32 C:\WINDOWS\system32\javacpl.cpl
27.06.2010 10:34:49 145184 32 C:\WINDOWS\system32\javaw.exe
27.06.2010 10:34:49 153376 32 C:\WINDOWS\system32\javaws.exe
26.06.2010 11:23:55 4616 32 C:\WINDOWS\system32\jupdate-1.6.0_20-b02.log
27.06.2010 19:27:59 522 32 C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
27.06.2010 19:28:01 554240 32 C:\WINDOWS\system32\msvcp80.dll
27.06.2010 19:28:02 632064 32 C:\WINDOWS\system32\msvcr80.dll
28.05.2010 07:29:19 18464 0 C:\WINDOWS\system32\spmsg.dll
27.06.2010 19:27:54 140800 32 C:\WINDOWS\system32\T.COM

====== "\Administrator & All Users\Startup" Last 60 Days======

====== "\Program Files" Last 60 Days======

======"Drivers" Modified Last 60 Days======

04.08.2004 02:44:46 40448 32 C:\WINDOWS\system32\drivers\intelppm.sys
26.06.2010 15:33:05 20952 32 C:\WINDOWS\system32\drivers\mbam.sys
26.06.2010 15:33:08 38224 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

11 Files deleted

======"All Users\Application Data" Last 60 Days======

====== HKLM\~\ShellServiceObjectDelayLoad======

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll

SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

====== HKLM\~\SharedTaskScheduler======

Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll

Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

adfs (adfs)- C:\WINDOWS\system32\drivers\adfs.sys - Auto/Running
AEAudioService (AEAudio Service)- C:\WINDOWS\system32\drivers\AEAudio.sys - Manual/Running
ANC (ANC)- C:\WINDOWS\system32\drivers\ANC.SYS - System/Running
atmeltpm (atmeltpm)- C:\WINDOWS\system32\DRIVERS\atmeltpm.sys - Manual/Running
avipbb (avipbb)- C:\WINDOWS\system32\DRIVERS\avipbb.sys - System/Running
BTWDNDIS (Bluetooth-LAN-Zugangsserver)- C:\WINDOWS\system32\DRIVERS\btwdndis.sys - Manual/Stopped
dgderdrv (dgderdrv)- C:\WINDOWS\system32\drivers\dgderdrv.sys - Manual/Stopped
DLABOIOM (DLABOIOM)- C:\WINDOWS\system32\DLA\DLABOIOM.SYS - Auto/Running
DLACDBHM (DLACDBHM)- C:\WINDOWS\system32\Drivers\DLACDBHM.SYS - System/Running
DLADResN (DLADResN)- C:\WINDOWS\system32\DLA\DLADResN.SYS - Auto/Running
DLAIFS_M (DLAIFS_M)- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS - Auto/Running
DLAOPIOM (DLAOPIOM)- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS - Auto/Running
DLAPoolM (DLAPoolM)- C:\WINDOWS\system32\DLA\DLAPoolM.SYS - Auto/Running
DLARTL_N (DLARTL_N)- C:\WINDOWS\system32\Drivers\DLARTL_N.SYS - System/Running
DLAUDFAM (DLAUDFAM)- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS - Auto/Running
DLAUDF_M (DLAUDF_M)- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS - Auto/Running
DRVMCDB (DRVMCDB)- C:\WINDOWS\system32\Drivers\DRVMCDB.SYS - Boot/Running
DRVNDDM (DRVNDDM)- C:\WINDOWS\system32\Drivers\DRVNDDM.SYS - Auto/Running
E100B (Intel(R) PRO-Adaptertreiber)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Stopped
e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver)- C:\WINDOWS\system32\DRIVERS\e1e5132.sys - Manual/Running
EGATHDRV (IBM eGatherer)- \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS - Auto/Running
FsUsbExDisk (FsUsbExDisk)- \??\C:\WINDOWS\system32\FsUsbExDisk.SYS - Manual/Stopped
G400 (G400)- C:\WINDOWS\system32\DRIVERS\G400m.sys - Manual/Stopped
HSFHWAZL (HSFHWAZL)- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys - Manual/Running
HSF_DPV (HSF_DPV)- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys - Manual/Running
HSXHWAZL (HSXHWAZL)- C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys - Manual/Stopped
iaStor (Intel AHCI Controller)- C:\WINDOWS\system32\DRIVERS\iaStor.sys - Boot/Running
IBMPMDRV (IBMPMDRV)- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys - Manual/Running
IBMTPCHK (IBMTPCHK)- \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys - System/Running
irda (IrDA-Protokoll)- C:\WINDOWS\system32\DRIVERS\irda.sys - Auto/Running
Iviaspi (IVI ASPI Shell)- C:\WINDOWS\system32\drivers\iviaspi.sys - Manual/Stopped
lenovo.smi (Lenovo System Interface Driver)- C:\WINDOWS\system32\DRIVERS\smiif32.sys - System/Running
NETw3x32 (Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit)- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys - Manual/Stopped
NETw4x32 (Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit)- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys - Manual/Running
NSCIRDA (NSC-Infrarotgerätetreiber)- C:\WINDOWS\system32\DRIVERS\nscirda.sys - Manual/Stopped
PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol)- C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys - Manual/Stopped
PDNMp50 (PDNMp50 NDIS Protocol Driver)- \??\C:\WINDOWS\system32\drivers\PDNMp50.sys - Manual/Stopped
PDNSp50 (PDNSp50 NDIS Protocol Driver)- \??\C:\WINDOWS\system32\drivers\PDNSp50.sys - Manual/Stopped
pmem (pmem)- \??\C:\WINDOWS\System32\drivers\pmemnt.sys - Auto/Running
PrivateDisk (PrivateDisk)- \??\C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys - Auto/Running
PROCDD (IPS-Helper-Treiber)- C:\WINDOWS\system32\DRIVERS\PROCDD.SYS - Auto/Running
psadd (Lenovo Parties Service Access Device Driver)- C:\WINDOWS\system32\DRIVERS\psadd.sys - Manual/Running
Rasirda (WAN-Miniport (IrDA))- C:\WINDOWS\system32\DRIVERS\rasirda.sys - Manual/Running
Shockprf (Shockprf)- C:\WINDOWS\system32\DRIVERS\Apsx86.sys - Boot/Running
Smapint (Smapint)- C:\WINDOWS\system32\drivers\Smapint.sys - System/Running
smi2 (smi2)- \??\C:\Programme\SMI2\smi2.sys - Auto/Running
sscebus (SAMSUNG USB Composite Device V2 driver (WDM))- C:\WINDOWS\system32\DRIVERS\sscebus.sys - Manual/Stopped
sscemdfl (SAMSUNG Mobile Modem V2 Filter)- C:\WINDOWS\system32\DRIVERS\sscemdfl.sys - Manual/Stopped
sscemdm (SAMSUNG Mobile Modem V2 Drivers)- C:\WINDOWS\system32\DRIVERS\sscemdm.sys - Manual/Stopped
ssceserd (SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM))- C:\WINDOWS\system32\DRIVERS\ssceserd.sys - Manual/Stopped
ssmdrv (ssmdrv)- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - System/Running
SynTP (Synaptics TouchPad Driver)- C:\WINDOWS\system32\DRIVERS\SynTP.sys - Manual/Running
TcUsb (TC USB Kernel Driver)- C:\WINDOWS\system32\Drivers\tcusb.sys - Manual/Running
TDSMAPI (TDSMAPI)- C:\WINDOWS\system32\drivers\TDSMAPI.SYS - System/Running
TPDIGIMN (TPDIGIMN)- C:\WINDOWS\system32\DRIVERS\ApsHM86.sys - Boot/Running
TPHKDRV (TPHKDRV)- C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys - System/Running
TPPWRIF (TPPWRIF)- C:\WINDOWS\system32\drivers\Tppwrif.sys - System/Running
TSMAPIP (TSMAPIP)- C:\WINDOWS\system32\drivers\TSMAPIP.SYS - System/Running
tvtfilter (tvtfilter)- \??\C:\WINDOWS\system32\drivers\tvtfilter.sys - Auto/Running
TVTPktFilter (TVT Packet Filter Service)- C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys - Manual/Running
TwoTrack (IBM PS/2 TrackPoint-Filtertreiber)- C:\WINDOWS\system32\DRIVERS\TwoTrack.sys - Manual/Stopped
UIUSys (Conexant Setup API)- C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS - Manual/Stopped
WpdUsb (WpdUsb)- C:\WINDOWS\system32\DRIVERS\wpdusb.sys - Manual/Stopped

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 3220 MB

Boot Info

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

OS Type: Microsoft Windows XP Professional
Build: 5.1.2600
Service Pack: 3.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==

PS: Als ich das Programm gestartet habe, hat Spybot reagiert, war mir nicht sicher, ob ich den ctfmon.exe erlauben durfte:
28.06.2010 17:53:45 Verweigert (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") hinzugefügt in System Startup user entry!

Kiesopfer

28.06.2010 17:14

Will den Tag ja nicht vor dem Abend loben, bin seit 13 Minuten nach Programmende von Filelister online und bisher wurden keine neuen Temps in c:/windows angelegt und auch kein Virus gemeldet.

Kiesopfer

28.06.2010 17:15

Von Windows wurden über das automatische Updates auch noch vier Patches eingespielt vor 18:00 Uhr eingespielt und neu gestartet.

Larusso

28.06.2010 17:23

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.

Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
Danach wieder anstellen nicht vergessen!
Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.

Anwendung

Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:

Code:

KillAll:: TDL:: C:\WINDOWS\system32\drivers\intelppm.sys DirLook:: C:\Windows\temp
Speichere dies als CFScript.txt auf Deinem Desktop
.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
.
In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Kiesopfer

28.06.2010 18:00

Hallo, habe alles erledigt. ComboFix hat den PC neu gestartet, dabei wurde über autostart auch AntivVir und Spybot gestartet, habe es aber gleich wieder deaktiviert. Hier das neue Protokoll (Diesmal hat es auch länger gebraucht!):

Combofix Logfile:

Code:

ComboFix 10-06-27.06 - Norman 28.06.2010  18:37:54.3.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3070.2258 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Norman\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Norman\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\progra~1\GEMEIN~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-28 bis 2010-06-28  ))))))))))))))))))))))))))))))

.
 

2010-06-28 14:28 . 2010-06-28 14:28        --------        d-----w-        c:\dokumente und einstellungen\Norman\DoctorWeb

2010-06-27 17:33 . 2010-06-27 17:33        --------        d---a-w-        c:\windows\rundll16.exe

2010-06-27 17:33 . 2010-06-27 17:33        --------        d---a-w-        c:\windows\logo1_.exe

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\VDLL.DLL

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\system32\runouce.exe

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\RUNDL132.EXE

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\logo_1.exe

2010-06-27 17:28 . 2010-06-27 17:28        632064        ----a-w-        c:\windows\system32\msvcr80.dll

2010-06-27 17:28 . 2010-06-27 17:28        554240        ----a-w-        c:\windows\system32\msvcp80.dll

2010-06-27 17:27 . 2010-06-27 17:27        34048        ----a-w-        c:\windows\system32\eEmpty.exe

2010-06-27 17:27 . 2008-04-14 02:23        140800        ----a-w-        c:\windows\system32\T.COM

2010-06-27 17:27 . 2008-04-14 02:22        153600        ----a-w-        c:\windows\R.COM

2010-06-27 17:27 . 2010-06-27 17:27        --------        d-----w-        c:\programme\Gemeinsame Dateien\MicroWorld

2010-06-27 17:27 . 2010-06-27 17:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MicroWorld

2010-06-27 17:23 . 2010-06-27 17:24        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Download Manager

2010-06-27 15:40 . 2010-06-27 15:40        --------        d-----w-        C:\rsit

2010-06-27 11:37 . 2010-06-27 11:38        --------        dc-h--w-        c:\windows\ie8

2010-06-23 06:49 . 2010-06-28 16:41        10529280        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

2010-06-18 06:36 . 2010-06-18 08:01        --------        d-----w-        c:\programme\Microsoft ActiveSync

2010-06-17 15:04 . 2010-04-27 02:25        100352        ----a-w-        c:\windows\system32\drivers\ssceserd.sys

2010-06-17 15:04 . 2010-04-27 02:25        98560        ----a-w-        c:\windows\system32\drivers\sscebus.sys

2010-06-17 15:04 . 2010-04-27 02:25        14848        ----a-w-        c:\windows\system32\drivers\sscemdfl.sys

2010-06-17 15:04 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecmnt.sys

2010-06-17 15:04 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecm.sys

2010-06-17 15:04 . 2010-04-27 02:25        123648        ----a-w-        c:\windows\system32\drivers\sscemdm.sys

2010-06-17 15:04 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewhnt.sys

2010-06-17 15:04 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewh.sys

2010-06-17 10:23 . 2010-06-17 10:23        --------        d-----w-        c:\dokumente und einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth

2010-06-10 14:54 . 2010-06-10 14:54        34848        ----a-w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2010-06-10 14:54 . 2010-06-10 14:54        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\PrivacIE

2010-06-10 14:48 . 2010-06-10 14:48        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache

2010-06-10 06:30 . 2010-05-06 10:31        743424        ------w-        c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 08:53 . 2010-06-17 10:41        --------        d-----w-        c:\programme\MyFree Codec

2010-06-04 08:06 . 2010-06-04 08:06        --------        d-----w-        c:\windows\system32\KB905474
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-28 15:47 . 2008-01-06 11:48        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-06-28 15:30 . 2004-08-04 00:44        40448        ----a-w-        c:\windows\system32\drivers\intelppm.sys

2010-06-28 14:06 . 2010-02-21 22:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr

2010-06-28 13:22 . 2010-02-21 22:38        --------        d-----w-        c:\programme\PC-Doctor

2010-06-28 08:21 . 2007-09-08 15:32        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-06-27 11:46 . 2008-04-25 07:06        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

2010-06-27 08:37 . 2010-06-27 08:37        503808        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcp71.dll

2010-06-27 08:37 . 2010-06-27 08:37        499712        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\jmc.dll

2010-06-27 08:37 . 2010-06-27 08:37        348160        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcr71.dll

2010-06-27 08:37 . 2010-06-27 08:37        61440        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-sse.dll

2010-06-27 08:37 . 2010-06-27 08:37        12800        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-d3d.dll

2010-06-27 08:34 . 2010-06-26 09:24        411368        ----a-w-        c:\windows\system32\deployJava1.dll

2010-06-27 08:22 . 2010-06-27 08:22        --------        d-----w-        c:\programme\CCleaner

2010-06-27 07:52 . 2010-06-27 07:52        --------        d-----w-        c:\programme\Trend Micro

2010-06-27 06:55 . 2008-09-11 06:58        --------        d-----w-        c:\programme\Eusing Free Registry Cleaner

2010-06-27 06:14 . 2010-05-27 21:02        --------        d-----w-        c:\programme\PC Connectivity Solution

2010-06-26 22:00 . 2007-09-07 17:06        5427        ----a-w-        c:\windows\system32\EGATHDRV.SYS

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Malwarebytes

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-06-26 13:03 . 2008-02-28 13:08        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\IBP

2010-06-26 09:25 . 2007-09-07 16:54        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java

2010-06-26 09:24 . 2007-09-07 16:54        --------        d-----w-        c:\programme\Java

2010-06-23 07:02 . 2007-09-07 16:43        --------        d--h--w-        c:\programme\InstallShield Installation Information

2010-06-23 06:19 . 2006-01-27 01:01        521298        ----a-w-        c:\windows\system32\perfh007.dat

2010-06-23 06:19 . 2006-01-27 01:01        105016        ----a-w-        c:\windows\system32\perfc007.dat

2010-06-18 08:17 . 2010-05-27 21:02        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung

2010-06-17 07:34 . 2007-09-09 06:14        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\LPC

2010-06-17 07:32 . 2007-09-09 06:14        --------        d-----w-        c:\programme\Link Popularity Check

2010-06-13 12:03 . 2010-06-13 12:03        1465512        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe

2010-06-13 12:03 . 2010-05-20 05:07        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update

2010-06-09 09:26 . 2010-05-27 21:05        36608        ----a-w-        c:\windows\system32\FsUsbExDisk.Sys

2010-06-09 09:26 . 2010-05-27 21:05        233472        ----a-w-        c:\windows\system32\FsUsbExService.Exe

2010-06-05 03:54 . 2010-06-22 11:22        265528        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe

2010-06-05 03:52 . 2010-06-22 11:22        6144        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\de-DE\MCS.Thunder.Update.resources.dll

2010-06-05 03:50 . 2010-06-22 11:22        47616        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll

2010-06-05 03:49 . 2010-06-22 11:22        12288        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll

2010-06-04 10:02 . 2010-06-22 11:22        9728        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll

2010-06-04 10:00 . 2010-06-22 11:22        204288        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\CabLib.dll

2010-06-04 09:59 . 2010-06-22 11:22        6656        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll

2010-05-28 08:52 . 2007-09-07 16:43        --------        d-----w-        c:\programme\ThinkPad

2010-05-28 08:52 . 2007-09-07 16:46        --------        d-----w-        c:\programme\Lenovo

2010-05-27 21:05 . 2010-05-27 21:05        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite

2010-05-27 21:05 . 2010-05-27 21:05        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\PC Suite

2010-05-27 21:04 . 2010-05-27 21:04        --------        d-----w-        c:\programme\DIFX

2010-05-27 21:02 . 2010-05-27 21:02        --------        d-----w-        c:\programme\Common Files

2010-05-27 21:02 . 2010-05-27 21:02        --------        d-----w-        c:\programme\MarkAny

2010-05-27 20:54 . 2010-05-27 20:54        --------        d-----w-        c:\programme\Gemeinsame Dateien\Samsung

2010-05-22 07:49 . 2010-05-22 07:49        --------        d-----w-        c:\programme\eBay

2010-05-21 15:41 . 2007-09-08 13:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet

2010-05-14 08:42 . 2009-05-27 12:51        --------        d-----w-        c:\programme\IBP 11

2010-05-06 10:31 . 2006-01-27 01:01        916480        ----a-w-        c:\windows\system32\wininet.dll

2010-05-02 08:05 . 2009-04-24 21:47        1851392        ----a-w-        c:\windows\system32\win32k.sys

2010-05-01 06:51 . 2010-05-27 21:05        110592        ------w-        c:\windows\system32\FsUsbExDevice.Dll

2010-04-29 13:39 . 2010-06-26 13:33        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2010-06-26 13:33        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-04-23 14:59 . 2010-04-23 14:59        49152        ------r-        c:\windows\system32\inetwh32.dll

2010-04-23 14:59 . 2010-04-23 14:59        1044480        ------r-        c:\windows\system32\roboex32.dll

2010-04-20 05:29 . 2006-01-27 01:00        285696        ----a-w-        c:\windows\system32\atmfd.dll

2010-04-14 06:27 . 2010-04-14 06:27        96768        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\iGO8\SDS\saipservice.dll

2010-04-14 06:15 . 2010-04-14 06:15        152088        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\NNGStart.exe

2010-04-14 06:15 . 2010-04-14 06:15        39632        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\MSVCR80.DLL

2010-03-30 22:16 . 2010-03-30 22:16        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2010-03-30 22:10 . 2010-03-30 22:10        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

.
 

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\windows\temp ----
 
 
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]

"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]

"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]

"TpShocks"="TpShocks.exe" [2009-02-02 181536]

"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]

"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688]

"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2007-02-02 419376]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]

"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]

"Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]

"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]

"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]

"TP4EX"="tp4ex.exe" [2005-10-16 65536]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]

"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]

"Adobe Acrobat Speed Launcher"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]

"Acrobat Assistant 8.0"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]

"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104]

hpoddt01.exe.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

officejet 6100.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]

sipgate X-Lite.lnk - c:\programme\sipgate X-Lite\sipgateXLite.exe [2007-10-31 3227648]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]

 [BU]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-08-16 17:07        49152        ------w-        c:\programme\Lenovo\AwayTask\AwayNotify.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]

 [BU]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

 [BU]
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Programme\\IBP 10\\IBP.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"e:\\Programme\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=

"c:\\Programme\\sipgate X-Lite\\sipgateXLite.exe"=

"c:\\Programme\\Mozilla Thunderbird\\thunderbird.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
 

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.01.2009 17:57 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [28.05.2010 10:51 13480]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.10.2009 11:55 108289]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [24.10.2008 10:05 53248]

R2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]

R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]

R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [02.03.2007 14:07 63928]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [21.05.2009 20:48 44984]

S2 XAMPP;XAMPP Service; [x]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 06:46 288112]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27.05.2010 23:05 36608]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]

S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [17.06.2010 17:04 98560]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [17.06.2010 17:04 14848]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [17.06.2010 17:04 123648]

S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [17.06.2010 17:04 100352]

.

Inhalt des "geplante Tasks" Ordners
 

2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
 

2010-06-28 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job

- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
 

2010-06-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8190378331.job

- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
 

2010-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\programme\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
 

2010-06-28 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-07 11:41]
 

2010-06-26 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\programme\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
 

2010-06-28 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://lenovo.live.com

uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm

IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

Handler: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - c:\programme\Haufe\HaufeReader\HRInstmon.dll

FF - ProfilePath - c:\dokumente und einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\

FF - prefs.js: network.proxy.http - http://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKLM-Run-Adobe_ID0ENQBO - c:\progra~1\GEMEIN~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-28 18:47

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,

   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\
 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,

   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(664)

c:\windows\system32\Ati2evxx.dll

c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\programme\Lenovo\AwayTask\AwayNotify.dll
 

- - - - - - - > 'explorer.exe'(4960)

c:\windows\system32\PROCHLP.DLL

c:\windows\system32\btmmhook.dll

c:\programme\PC-Doctor\ATLPcdToolbar551452.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\Ati2evxx.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\IPSSVC.EXE

c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\rundll32.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\windows\system32\TpShocks.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\System32\TPHDEXLG.exe

c:\programme\Lenovo\HOTKEY\TPONSCR.exe

c:\windows\system32\TpKmpSVC.exe

c:\programme\Lenovo\Zoom\TpScrex.exe

c:\programme\Lenovo\Client Security Solution\tvttcsd.exe

c:\programme\Lenovo\Rescue and Recovery\rrservice.exe

c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

c:\programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe

c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe

c:\programme\lenovo\system update\suservice.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\windows\system32\HPZipm12.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\wscntfy.exe

c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-06-28  18:56:42 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-06-28 16:56

ComboFix2.txt  2010-06-28 13:51

ComboFix3.txt  2010-06-27 16:10
 

Vor Suchlauf: 4.301.668.352 Bytes frei

Nach Suchlauf: 4.281.384.960 Bytes frei
 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 5F574A3D1EED1EEF29F5DD820FCBCB8D

--- --- ---

Larusso

28.06.2010 18:20

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2

WIe siehts aus, noch meldungen ?
Der .tmp Ordner scheint nicht mehr vorhanden

Kiesopfer

28.06.2010 18:22

Es könnte übrigens sein, das der Trojaner über mein Samsung Wave gekommen ist, auf dem Handy ist er gelöscht und der PC hatte mit Spybot nichts gefunden: http://www.trojaner-info.de/news2/samsung-wave-trojaner.shtml

Kiesopfer

28.06.2010 18:23

Bisher keine neuen Temp Dateien:)

Larusso

28.06.2010 18:31

Sehr gut. Sonst noch auffälligkeiten ?

Checken wir noch gründlich durch.

Schritt 1

Update bitte Malwarebytes und lass einen Quickscan laufen.

Schritt 2

Kaspersky Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
Java muss installiert, aktiv und erlaubt sein.
Bebilderte Anleitung von sundavis.
Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.

Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
Die Datenschutzerklärung akzeptieren.
Programm installieren lassen.
Update der Signaturen installieren lassen.
Wenn der Status "Complete" ist,
Scan-Einstellungen (Settings) Standard lassen
Links den Link "My Computer" anklicken.
Scan beginnt automatisch.
Wenn der Scan fertig ist, auf "View scan report" klicken,
"Save report as" und Dateityp auf .txt umstellen,
und auf dem Desktop als Kaspersky.txt speichern.
Logdatei hier posten.
Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

Schritt 3

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
MBAM Log
Kaspersky.txt
OTL.txt
Extras.txt

Kiesopfer

28.06.2010 18:57

Hier das neue Log von ComboFix:

Combofix Logfile:

Code:

ComboFix 10-06-27.06 - Norman 28.06.2010  19:37:18.4.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3070.2372 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Norman\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Norman\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\programme\PC-Doctor\Downloads\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll

c:\programme\PC-Doctor\Downloads\111ac5cc-e211-4328-b3fe-af6e77f5d295.dll

c:\programme\PC-Doctor\Downloads\13ccbb2d-e76d-43c6-b426-25e3c016246a.dll

c:\programme\PC-Doctor\Downloads\329354fa-ede7-4cf9-9422-da1c23c830c4.dll

c:\programme\PC-Doctor\Downloads\50697f3b-f581-412c-8d01-fe1ae9e73023.dll

c:\programme\PC-Doctor\Downloads\99dac782-7e66-4f43-9bca-b4ad328dc5c7.dll

c:\programme\PC-Doctor\Downloads\9ad80016-92d9-41a4-9436-c44907366397.dll

c:\programme\PC-Doctor\Downloads\a2d3d453-43f1-467c-8bc2-79330ed87966.dll

c:\programme\PC-Doctor\Downloads\e1a262d5-571e-4f68-bc40-77b09c7e359b.dll

c:\programme\PC-Doctor\Downloads\fc7f3f19-9a8b-42e8-b20b-42fa086f949e.dll
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-28 bis 2010-06-28  ))))))))))))))))))))))))))))))

.
 

2010-06-28 14:28 . 2010-06-28 14:28        --------        d-----w-        c:\dokumente und einstellungen\Norman\DoctorWeb

2010-06-27 17:33 . 2010-06-27 17:33        --------        d---a-w-        c:\windows\rundll16.exe

2010-06-27 17:33 . 2010-06-27 17:33        --------        d---a-w-        c:\windows\logo1_.exe

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\VDLL.DLL

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\system32\runouce.exe

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\RUNDL132.EXE

2010-06-27 17:29 . 2010-06-27 17:29        --------        d---a-w-        c:\windows\logo_1.exe

2010-06-27 17:28 . 2010-06-27 17:28        632064        ----a-w-        c:\windows\system32\msvcr80.dll

2010-06-27 17:28 . 2010-06-27 17:28        554240        ----a-w-        c:\windows\system32\msvcp80.dll

2010-06-27 17:27 . 2010-06-27 17:27        34048        ----a-w-        c:\windows\system32\eEmpty.exe

2010-06-27 17:27 . 2008-04-14 02:23        140800        ----a-w-        c:\windows\system32\T.COM

2010-06-27 17:27 . 2008-04-14 02:22        153600        ----a-w-        c:\windows\R.COM

2010-06-27 17:27 . 2010-06-27 17:27        --------        d-----w-        c:\programme\Gemeinsame Dateien\MicroWorld

2010-06-27 17:27 . 2010-06-27 17:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MicroWorld

2010-06-27 17:23 . 2010-06-27 17:24        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Download Manager

2010-06-27 15:40 . 2010-06-27 15:40        --------        d-----w-        C:\rsit

2010-06-27 11:37 . 2010-06-27 11:38        --------        dc-h--w-        c:\windows\ie8

2010-06-23 06:49 . 2010-06-28 17:42        10529280        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

2010-06-18 06:36 . 2010-06-18 08:01        --------        d-----w-        c:\programme\Microsoft ActiveSync

2010-06-17 15:04 . 2010-04-27 02:25        100352        ----a-w-        c:\windows\system32\drivers\ssceserd.sys

2010-06-17 15:04 . 2010-04-27 02:25        98560        ----a-w-        c:\windows\system32\drivers\sscebus.sys

2010-06-17 15:04 . 2010-04-27 02:25        14848        ----a-w-        c:\windows\system32\drivers\sscemdfl.sys

2010-06-17 15:04 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecmnt.sys

2010-06-17 15:04 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecm.sys

2010-06-17 15:04 . 2010-04-27 02:25        123648        ----a-w-        c:\windows\system32\drivers\sscemdm.sys

2010-06-17 15:04 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewhnt.sys

2010-06-17 15:04 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewh.sys

2010-06-17 10:23 . 2010-06-17 10:23        --------        d-----w-        c:\dokumente und einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth

2010-06-10 14:54 . 2010-06-10 14:54        34848        ----a-w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2010-06-10 14:54 . 2010-06-10 14:54        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\PrivacIE

2010-06-10 14:48 . 2010-06-10 14:48        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache

2010-06-10 06:30 . 2010-05-06 10:31        743424        ------w-        c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 08:53 . 2010-06-17 10:41        --------        d-----w-        c:\programme\MyFree Codec

2010-06-04 08:06 . 2010-06-04 08:06        --------        d-----w-        c:\windows\system32\KB905474
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-28 17:25 . 2008-01-06 11:48        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2010-06-28 17:01 . 2007-09-08 15:32        --------        d-----w-        c:\programme\Mozilla Thunderbird

2010-06-28 15:30 . 2004-08-04 00:44        40448        ----a-w-        c:\windows\system32\drivers\intelppm.sys

2010-06-28 14:06 . 2010-02-21 22:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr

2010-06-28 13:22 . 2010-02-21 22:38        --------        d-----w-        c:\programme\PC-Doctor

2010-06-27 11:46 . 2008-04-25 07:06        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

2010-06-27 08:37 . 2010-06-27 08:37        503808        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcp71.dll

2010-06-27 08:37 . 2010-06-27 08:37        499712        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\jmc.dll

2010-06-27 08:37 . 2010-06-27 08:37        348160        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcr71.dll

2010-06-27 08:37 . 2010-06-27 08:37        61440        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-sse.dll

2010-06-27 08:37 . 2010-06-27 08:37        12800        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-d3d.dll

2010-06-27 08:34 . 2010-06-26 09:24        411368        ----a-w-        c:\windows\system32\deployJava1.dll

2010-06-27 08:22 . 2010-06-27 08:22        --------        d-----w-        c:\programme\CCleaner

2010-06-27 07:52 . 2010-06-27 07:52        --------        d-----w-        c:\programme\Trend Micro

2010-06-27 06:55 . 2008-09-11 06:58        --------        d-----w-        c:\programme\Eusing Free Registry Cleaner

2010-06-27 06:14 . 2010-05-27 21:02        --------        d-----w-        c:\programme\PC Connectivity Solution

2010-06-26 22:00 . 2007-09-07 17:06        5427        ----a-w-        c:\windows\system32\EGATHDRV.SYS

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Malwarebytes

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-06-26 13:33 . 2010-06-26 13:33        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-06-26 13:03 . 2008-02-28 13:08        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\IBP

2010-06-26 09:25 . 2007-09-07 16:54        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java

2010-06-26 09:24 . 2007-09-07 16:54        --------        d-----w-        c:\programme\Java

2010-06-23 07:02 . 2007-09-07 16:43        --------        d--h--w-        c:\programme\InstallShield Installation Information

2010-06-23 06:19 . 2006-01-27 01:01        521298        ----a-w-        c:\windows\system32\perfh007.dat

2010-06-23 06:19 . 2006-01-27 01:01        105016        ----a-w-        c:\windows\system32\perfc007.dat

2010-06-18 08:17 . 2010-05-27 21:02        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung

2010-06-17 07:34 . 2007-09-09 06:14        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\LPC

2010-06-17 07:32 . 2007-09-09 06:14        --------        d-----w-        c:\programme\Link Popularity Check

2010-06-13 12:03 . 2010-06-13 12:03        1465512        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe

2010-06-13 12:03 . 2010-05-20 05:07        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update

2010-06-09 09:26 . 2010-05-27 21:05        36608        ----a-w-        c:\windows\system32\FsUsbExDisk.Sys

2010-06-09 09:26 . 2010-05-27 21:05        233472        ----a-w-        c:\windows\system32\FsUsbExService.Exe

2010-06-05 03:54 . 2010-06-22 11:22        265528        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe

2010-06-05 03:52 . 2010-06-22 11:22        6144        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\de-DE\MCS.Thunder.Update.resources.dll

2010-06-05 03:50 . 2010-06-22 11:22        47616        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll

2010-06-05 03:49 . 2010-06-22 11:22        12288        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll

2010-06-04 10:02 . 2010-06-22 11:22        9728        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll

2010-06-04 10:00 . 2010-06-22 11:22        204288        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\CabLib.dll

2010-06-04 09:59 . 2010-06-22 11:22        6656        ----a-w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll

2010-05-28 08:52 . 2007-09-07 16:43        --------        d-----w-        c:\programme\ThinkPad

2010-05-28 08:52 . 2007-09-07 16:46        --------        d-----w-        c:\programme\Lenovo

2010-05-27 21:05 . 2010-05-27 21:05        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite

2010-05-27 21:05 . 2010-05-27 21:05        --------        d-----w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\PC Suite

2010-05-27 21:04 . 2010-05-27 21:04        --------        d-----w-        c:\programme\DIFX

2010-05-27 21:02 . 2010-05-27 21:02        --------        d-----w-        c:\programme\Common Files

2010-05-27 21:02 . 2010-05-27 21:02        --------        d-----w-        c:\programme\MarkAny

2010-05-27 20:54 . 2010-05-27 20:54        --------        d-----w-        c:\programme\Gemeinsame Dateien\Samsung

2010-05-22 07:49 . 2010-05-22 07:49        --------        d-----w-        c:\programme\eBay

2010-05-21 15:41 . 2007-09-08 13:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet

2010-05-14 08:42 . 2009-05-27 12:51        --------        d-----w-        c:\programme\IBP 11

2010-05-06 10:31 . 2006-01-27 01:01        916480        ----a-w-        c:\windows\system32\wininet.dll

2010-05-02 08:05 . 2009-04-24 21:47        1851392        ----a-w-        c:\windows\system32\win32k.sys

2010-05-01 06:51 . 2010-05-27 21:05        110592        ------w-        c:\windows\system32\FsUsbExDevice.Dll

2010-04-29 13:39 . 2010-06-26 13:33        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2010-06-26 13:33        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-04-23 14:59 . 2010-04-23 14:59        49152        ------r-        c:\windows\system32\inetwh32.dll

2010-04-23 14:59 . 2010-04-23 14:59        1044480        ------r-        c:\windows\system32\roboex32.dll

2010-04-20 05:29 . 2006-01-27 01:00        285696        ----a-w-        c:\windows\system32\atmfd.dll

2010-04-14 06:27 . 2010-04-14 06:27        96768        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\iGO8\SDS\saipservice.dll

2010-04-14 06:15 . 2010-04-14 06:15        152088        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\NNGStart.exe

2010-04-14 06:15 . 2010-04-14 06:15        39632        ------w-        c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\MSVCR80.DLL

2010-03-30 22:16 . 2010-03-30 22:16        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll

2010-03-30 22:10 . 2010-03-30 22:10        295264        ----a-w-        c:\windows\system32\PresentationHost.exe

.
 

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\windows\temp ----
 
 
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]

"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]

"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]

"TpShocks"="TpShocks.exe" [2009-02-02 181536]

"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]

"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688]

"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2007-02-02 419376]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]

"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]

"Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]

"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]

"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]

"TP4EX"="tp4ex.exe" [2005-10-16 65536]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]

"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]

"Adobe Acrobat Speed Launcher"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]

"Acrobat Assistant 8.0"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]

"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104]

hpoddt01.exe.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

officejet 6100.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]

 [BU]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-08-16 17:07        49152        ------w-        c:\programme\Lenovo\AwayTask\AwayNotify.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]

 [BU]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

 [BU]
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Programme\\IBP 10\\IBP.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"e:\\Programme\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=

"c:\\Programme\\sipgate X-Lite\\sipgateXLite.exe"=

"c:\\Programme\\Mozilla Thunderbird\\thunderbird.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
 

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.01.2009 17:57 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [28.05.2010 10:51 13480]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.10.2009 11:55 108289]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [24.10.2008 10:05 53248]

R2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]

R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]

R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [02.03.2007 14:07 63928]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [21.05.2009 20:48 44984]

S2 XAMPP;XAMPP Service; [x]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 06:46 288112]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27.05.2010 23:05 36608]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]

S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [17.06.2010 17:04 98560]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [17.06.2010 17:04 14848]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [17.06.2010 17:04 123648]

S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [17.06.2010 17:04 100352]

.

Inhalt des "geplante Tasks" Ordners
 

2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
 

2010-06-28 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job

- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
 

2010-06-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8190378331.job

- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
 

2010-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\programme\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
 

2010-06-28 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-07 11:41]
 

2010-06-26 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\programme\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
 

2010-06-28 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://lenovo.live.com

uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm

IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm

Handler: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - c:\programme\Haufe\HaufeReader\HRInstmon.dll

FF - ProfilePath - c:\dokumente und einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\

FF - prefs.js: network.proxy.http - http://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-28 19:47

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,

   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\
 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,

   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(664)

c:\windows\system32\Ati2evxx.dll

c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\programme\Lenovo\AwayTask\AwayNotify.dll
 

- - - - - - - > 'explorer.exe'(4860)

c:\windows\system32\PROCHLP.DLL

c:\windows\system32\btmmhook.dll

c:\programme\PC-Doctor\ATLPcdToolbar551452.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\Ati2evxx.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\IPSSVC.EXE

c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\windows\system32\rundll32.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\system32\TpShocks.exe

c:\windows\System32\TPHDEXLG.exe

c:\windows\system32\TpKmpSVC.exe

c:\programme\Lenovo\Client Security Solution\tvttcsd.exe

c:\programme\Lenovo\HOTKEY\TPONSCR.exe

c:\programme\Lenovo\Zoom\TpScrex.exe

c:\programme\Lenovo\Rescue and Recovery\rrservice.exe

c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

c:\programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe

c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programme\lenovo\system update\suservice.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-06-28  19:55:13 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-06-28 17:55

ComboFix2.txt  2010-06-28 16:56

ComboFix3.txt  2010-06-28 13:51

ComboFix4.txt  2010-06-27 16:10
 

Vor Suchlauf: 4.286.758.912 Bytes frei

Nach Suchlauf: 4.273.303.552 Bytes frei
 

- - End Of File - - 6CE2F52B7A61613DEE11393393C0B47E

--- --- ---

Kiesopfer

28.06.2010 19:07

Protokoll:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4251

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.06.2010 20:06:44
mbam-log-2010-06-28 (20-06-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142294
Laufzeit: 6 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Kiesopfer

29.06.2010 05:59

Protokoll Kaspersky:

Die meisten Viren sind wohl in Thunderbird zu finden. Gibt es eine Möglichkeit die einzelnen Mails näher zu bestimmen?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, June 29, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, June 28, 2010 16:26:23
Records in database: 4271715
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Objects scanned: 273780
Threats found: 98
Infected objects found: 253
Suspicious objects found: 2
Scan duration: 05:29:54

File name / Threat / Threats count
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Worm.Win32.AutoRun.svl 3
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Downloader.Win32.FraudLoad.fpw 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Backdoor.Win32.HareBot.avg 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Backdoor.Win32.Agent.arez 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.iq 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.ir 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Packed.Win32.Katusha.j 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FraudPack.apts 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.Sasfis.akzx 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FraudPack.apve 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FraudPack.apvz 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Backdoor.Win32.HareBot.axy 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FraudPack.apxk 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.jo 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.jr 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.jw 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.Small.acdp 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.jz 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.ke 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.Cosmu.xer 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.ko 3
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.ks 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FraudPack.asso 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Packed.Win32.Krap.an 4
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.ll 4
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.lo 5
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Packed.Win32.Katusha.l 10
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.Inject.apdr 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Downloader.Win32.Agent.dncy 4
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.lx 4
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Downloader.Win32.Agent.dlhe 8
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Backdoor.Win32.Protector.ak 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.mt 4
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.mz 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.ne 5
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Downloader.Win32.Agent.dqfs 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.qg 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.FakeAV.od 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Downloader.Win32.Agent.dqiw 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Downloader.Win32.FraudLoad.gtm 4
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Downloader.Win32.FraudLoad.gtn 3
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Dropper.Win32.TDSS.pi 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.Oficla.ae 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Dropper.Win32.TDSS.ri 3
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan.Win32.VBKrypt.wk 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Trojan-Dropper.Win32.TDSS.sp 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan-Downloader.Win32.Genome.akdc 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.FraudPack.amxs 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan-Ransom.Win32.DigiPog.ep 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.FraudPack.anet 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.FraudPack.anli 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan-Dropper.Win32.Agent.bvet 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.FraudPack.apts 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.Sasfis.akzx 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.FraudPack.apvo 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Packed.Win32.Katusha.j 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Packed.Win32.Krap.an 3
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.Inject.apdr 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Packed.Win32.Katusha.l 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan-Downloader.Win32.FraudLoad.gtm 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.VBKrypt.yk 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.Tdss.beln 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.Tdss.belr 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.Tdss.bemg 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.FraudPack.axjh 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.Tdss.beoz 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.Oficla.bf 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.TDSS.bhjg 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.webjanssen.com\Inbox Infected: Trojan.Win32.Jorik.Oficla.i 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato-1.de\Inbox Infected: Backdoor.Win32.Bredolab.bmc 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato-1.de\Inbox Infected: Backdoor.Win32.Bredolab.bmq 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato-1.de\Inbox Infected: Packed.Win32.Krap.x 3
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.aifk 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Packed.Win32.Krap.x 17
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Ransom.Win32.DigiPog.ab 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.ainy 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.aitb 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.aiuq 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.aivt 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.ajkm 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.ajjn 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.ajld 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.ajoz 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.ajrm 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.ajtd 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.ajvc 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Genome.akdc 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.amoz 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Small.apja 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.amxs 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.ancl 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.anif 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.anrv 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.aodx 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.aohl 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.aoip 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.aolb 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.aovk 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.apee 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.apip 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Packed.Win32.Katusha.j 3
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.apxr 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Backdoor.Win32.HareBot.avg 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.iq 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.ir 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.apts 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.apvo 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.apxk 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.jo 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.jq 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.jz 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.ke 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.asso 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.ll 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Agent.dncy 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.lx 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.Agent.dlhe 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Packed.Win32.Katusha.l 4
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.mz 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FakeAV.ne 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.FraudLoad.gtm 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Downloader.Win32.FraudLoad.gtn 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan-Dropper.Win32.TDSS.ri 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.VBKrypt.wk 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.VBKrypt.xh 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.VBKrypt.yk 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Net-Worm.Win32.Koobface.gsu 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.VBKrypt.zd 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.Tdss.beln 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.Tdss.belo 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.Tdss.belr 4
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.Tdss.bemg 11
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.VBKrypt.zl 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.FraudPack.axjh 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato.de\Inbox Infected: Trojan.Win32.Tdss.beoz 2

Selected area has been scanned.

Kiesopfer

29.06.2010 06:32

Protokoll OTL:

OTL Logfile:

Code:

OTL logfile created on: 29.06.2010 07:27:55 - Run 7

OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\Norman\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 70,17 Gb Total Space | 3,91 Gb Free Space | 5,57% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TEST

Current User Name: Norman

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe

PRC - [2010.04.03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- E:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2009.10.01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe

PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe

PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe

PRC - [2009.04.14 19:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe

PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.02.02 20:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

PRC - [2009.01.29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE

PRC - [2009.01.29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE

PRC - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe

PRC - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2008.10.27 11:03:32 | 000,135,168 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2008.10.27 10:56:38 | 000,143,360 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2008.07.04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe

PRC - [2008.06.05 02:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008.03.26 03:06:00 | 000,059,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe

PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

PRC - [2007.11.26 16:58:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2007.02.02 03:00:02 | 000,419,376 | ---- | M] (LENOVO) -- C:\Programme\ThinkVantage\AMSG\Amsg.exe

PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2006.08.16 19:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE

PRC - [2006.07.14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe

PRC - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe

PRC - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe

PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe

PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe

PRC - [2006.03.16 01:07:06 | 000,421,888 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe

PRC - [2006.03.13 16:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe

PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

PRC - [2005.05.20 02:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe

PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe

PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2003.04.06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

PRC - [2003.04.06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

PRC - [2003.04.06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe

MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007.11.26 16:55:46 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll

MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] --  -- (XAMPP)

SRV - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2009.11.17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2009.01.02 20:51:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

SRV - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007.09.07 19:07:22 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)

SRV - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)

SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)

SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2010.06.28 17:30:18 | 000,040,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)

DRV - [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)

DRV - [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)

DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)

DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)

DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)

DRV - [2009.12.11 10:17:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.11.18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV - [2009.07.12 09:40:48 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2009.06.18 01:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)

DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2009.01.28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2009.01.28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2009.01.03 12:12:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)

DRV - [2009.01.02 15:31:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2008.12.09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)

DRV - [2008.11.11 01:52:08 | 003,301,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008.10.24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2008.10.24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2008.07.03 23:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2008.05.12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)

DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)

DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008.03.26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2007.11.27 16:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2007.11.27 16:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2007.11.21 11:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2007.11.01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007.11.01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007.11.01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007.09.07 19:06:32 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)

DRV - [2007.06.29 12:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)

DRV - [2007.03.23 10:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)

DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)

DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)

DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)

DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)

DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2006.07.14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)

DRV - [2006.07.14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)

DRV - [2006.07.14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2)

DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)

DRV - [2006.03.01 03:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)

DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005.11.18 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2005.05.17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)

DRV - [2004.11.30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)

DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)

DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)

DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1

FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0

FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..network.proxy.http: "http://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 09:12:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.27 09:12:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 10:21:49 | 000,000,000 | ---D | M]

 

[2010.04.02 11:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions

[2010.04.02 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.06.28 15:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions

[2010.06.13 23:28:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.04.24 17:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}

[2010.02.05 22:34:39 | 000,000,000 | ---D | M] (IE View) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}

[2010.04.11 23:11:29 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}

[2009.07.01 21:20:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

[2009.04.24 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

[2010.02.15 08:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2008.07.31 20:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org

[2009.10.08 09:29:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\en-US@dictionaries.addons.mozilla.org

[2009.04.24 17:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com

[2010.04.09 10:15:28 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\searchplugins\ixquickde-https.xml

[2010.06.28 15:24:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.06.27 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.06.27 10:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.06.28 19:43:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)

O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)

O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\psfus: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\1400_1050 Think EMEA Map.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.06.11 18:07:58 | 000,000,000 | ---D | M] - E:\Automobilia -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.06.29 07:01:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.06.28 19:41:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010.06.28 19:25:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Norman\Recent

[2010.06.28 17:48:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Desktop\Trajaner

[2010.06.28 16:28:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\DoctorWeb

[2010.06.28 15:34:50 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe

[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe

[2010.06.27 19:28:02 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll

[2010.06.27 19:28:01 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll

[2010.06.27 19:27:59 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe

[2010.06.27 19:27:54 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM

[2010.06.27 19:27:54 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM

[2010.06.27 19:27:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld

[2010.06.27 19:27:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld

[2010.06.27 19:23:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Download Manager

[2010.06.27 18:39:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe

[2010.06.27 18:32:53 | 166,440,096 | ---- | C] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe

[2010.06.27 17:47:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.06.27 17:47:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.06.27 17:47:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.06.27 17:47:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.06.27 17:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.06.27 17:44:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.06.27 17:40:29 | 000,000,000 | ---D | C] -- C:\rsit

[2010.06.27 13:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010.06.27 10:34:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.06.27 10:34:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.06.27 10:34:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.06.27 10:34:49 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.06.27 10:22:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.06.27 09:52:44 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro

[2010.06.26 15:33:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Malwarebytes

[2010.06.26 15:33:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.06.26 15:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.06.26 15:33:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.06.26 15:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.06.26 14:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe

[2010.06.26 11:25:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun

[2010.06.26 11:24:48 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010.06.26 11:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia

[2010.06.26 10:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2010.06.18 08:36:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync

[2010.06.17 17:04:08 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys

[2010.06.17 17:04:07 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys

[2010.06.17 17:04:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys

[2010.06.17 17:04:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys

[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys

[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys

[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys

[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys

[2010.06.17 16:32:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\SelfMV

[2010.06.17 12:23:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2010.06.14 14:34:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Galileo Press

[2010.06.10 08:30:17 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010.06.09 10:53:28 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec

[2010.06.04 10:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.06.29 07:22:48 | 000,010,027 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2010.06.29 07:21:10 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2010.06.29 07:20:38 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010.06.29 07:20:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.06.29 07:20:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.06.29 07:20:09 | 000,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2010.06.29 07:20:03 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys

[2010.06.29 07:19:05 | 015,466,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.dat

[2010.06.29 07:19:05 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.ini

[2010.06.29 07:05:13 | 005,926,658 | -H-- | M] () -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.06.29 07:00:42 | 000,039,675 | ---- | M] () -- C:\Kaspersky.html

[2010.06.29 06:45:02 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job

[2010.06.28 19:44:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.06.28 19:43:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.06.28 18:31:39 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml

[2010.06.28 18:29:50 | 003,722,957 | R--- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe

[2010.06.28 17:30:18 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelppm.sys

[2010.06.28 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job

[2010.06.28 15:34:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010.06.27 23:18:53 | 000,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip

[2010.06.27 19:30:55 | 000,000,053 | ---- | M] () -- C:\WINDOWS\Lic.xxx

[2010.06.27 19:28:01 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll

[2010.06.27 19:28:00 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll

[2010.06.27 19:27:58 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe

[2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe

[2010.06.27 18:35:09 | 166,440,096 | ---- | M] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe

[2010.06.27 17:29:48 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_172942.reg

[2010.06.27 13:56:11 | 000,027,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_135544.reg

[2010.06.27 10:34:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.06.27 10:34:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.06.27 10:34:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.06.27 10:34:17 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.06.27 10:34:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010.06.27 09:12:23 | 000,001,573 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2010.06.27 09:06:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS

[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2010.06.26 10:29:39 | 000,409,923 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100626-131548.backup

[2010.06.26 10:10:13 | 000,000,246 | ---- | M] () -- C:\WINDOWS\WININIT.INI

[2010.06.24 20:36:35 | 010,560,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Börge-Hendrik Spröde.QBW

[2010.06.24 20:28:21 | 000,018,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf

[2010.06.23 20:09:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010.06.23 19:07:21 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc

[2010.06.23 18:56:34 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc

[2010.06.23 15:09:25 | 000,018,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf

[2010.06.23 08:59:50 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp

[2010.06.23 08:19:00 | 001,179,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.23 08:19:00 | 000,521,298 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.06.23 08:19:00 | 000,491,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.23 08:19:00 | 000,105,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.06.23 08:19:00 | 000,089,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.22 21:19:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.06.22 14:31:53 | 000,072,314 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg

[2010.06.18 09:26:33 | 007,844,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi

[2010.06.17 15:51:36 | 000,018,287 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf

[2010.06.17 10:19:45 | 000,247,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB

[2010.06.16 20:46:57 | 000,018,502 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf

[2010.06.12 00:28:06 | 000,070,995 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg

[2010.06.10 19:34:49 | 004,376,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.06.09 11:27:44 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\abrechnung.xlr

[2010.06.09 11:26:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe

[2010.06.09 11:26:50 | 000,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

 
 ========== Files Created - No Company Name ==========

 

[2010.06.29 07:00:42 | 000,039,675 | ---- | C] () -- C:\Kaspersky.html

[2010.06.28 18:29:48 | 003,722,957 | R--- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe

[2010.06.28 17:30:24 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys

[2010.06.28 15:34:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010.06.28 15:34:53 | 000,262,448 | ---- | C] () -- C:\cmldr

[2010.06.27 23:18:53 | 000,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip

[2010.06.27 19:28:25 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Lic.xxx

[2010.06.27 19:27:59 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest

[2010.06.27 17:47:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.06.27 17:47:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.06.27 17:47:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.06.27 17:47:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.06.27 17:47:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.06.27 17:29:45 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_172942.reg

[2010.06.27 13:55:57 | 000,027,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_135544.reg

[2010.06.26 19:57:59 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2010.06.26 19:57:57 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2010.06.24 20:28:21 | 000,018,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf

[2010.06.23 19:01:08 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc

[2010.06.23 18:56:33 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc

[2010.06.23 15:09:25 | 000,018,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf

[2010.06.23 08:49:26 | 010,529,280 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2010.06.23 08:35:28 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\log.log

[2010.06.22 14:31:52 | 000,072,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg

[2010.06.18 09:50:55 | 000,247,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB

[2010.06.18 09:26:33 | 007,844,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi

[2010.06.17 15:51:36 | 000,018,287 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf

[2010.06.16 20:46:57 | 000,018,502 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf

[2010.06.12 00:28:06 | 000,070,995 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg

[2010.06.04 10:06:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job

[2010.05.27 23:05:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2010.05.27 23:05:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2009.01.03 17:58:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2009.01.03 17:58:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2009.01.03 17:58:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI

[2008.07.04 10:02:26 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Backup.INI

[2008.02.09 20:16:29 | 000,000,246 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2008.02.04 21:30:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini

[2008.01.23 14:57:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2008.01.23 14:57:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2008.01.23 14:57:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2007.11.26 16:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2007.11.26 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll

[2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll

[2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll

[2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll

[2007.10.07 13:21:17 | 000,003,325 | ---- | C] () -- C:\WINDOWS\tm.ini

[2007.09.30 09:47:10 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2007.09.30 09:47:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2007.09.30 09:46:41 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2007.09.30 09:46:41 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2007.09.30 09:46:40 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2007.09.08 00:42:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll

[2007.09.08 00:33:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007.09.08 00:08:57 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2007.09.07 19:13:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007.09.07 19:05:58 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2007.09.07 18:55:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2007.09.07 18:55:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2007.09.07 18:55:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2007.09.07 18:55:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2007.09.07 18:47:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2007.09.07 18:46:20 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2007.09.07 18:44:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[2007.09.07 18:44:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2007.09.07 18:43:56 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll

[2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll

[2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll

[2006.08.17 10:00:13 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006.06.12 12:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll

[2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll

[2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll

[2005.05.04 14:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll

[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2004.08.04 02:44:46 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys

[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll

[2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2000.12.04 20:27:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL

[1999.05.14 15:05:22 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL

[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >

--- --- ---

Kiesopfer

29.06.2010 06:33

Protokoll Extras:

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 29.06.2010 07:27:55 - Run 7

OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\Norman\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 70,17 Gb Total Space | 3,91 Gb Free Space | 5,57% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TEST

Current User Name: Norman

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server

"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server

"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server

"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Connect

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\IBP 10\IBP.exe" = C:\Programme\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP) -- (Axandra GmbH)

"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"E:\Programme\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = E:\Programme\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4 -- (Adobe Systems, Inc.)

"C:\Programme\sipgate X-Lite\sipgateXLite.exe" = C:\Programme\sipgate X-Lite\sipgateXLite.exe:*:Enabled:sipgateXLite -- ()

"C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{062831CB-A028-FA27-482B-35B935569892}" = CCC Help Spanish

"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data

"{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}" = sipgate Faxdrucker

"{0921D0A0-5A37-4318-9EDD-6B6EC12E6380}" = Lexware QuickBooks 2008

"{0940BBAB-2C46-E877-69CE-1A1B8100C6F3}" = Catalyst Control Center Localization Japanese

"{09672BC4-148F-3FCC-E1A9-A019453D9A4A}" = CCC Help Chinese Standard

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0F03AD68-3716-DC9C-45E3-72B519D0B64E}" = CCC Help Dutch

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'

"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series

"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{1ED554BA-058A-9664-2BA8-F6F2A68DE15E}" = Catalyst Control Center Localization Swedish

"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)

"{2E64DF28-426C-9E02-8295-485AB959225C}" = Catalyst Control Center Localization Spanish

"{2EE66895-2912-4980-82FD-0AF03FB884DC}" = Lexware QuickBooks 2008

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90

"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version

"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35431808-8D7E-345D-127B-BFC92CAA2352}" = CCC Help English

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{372853A4-796F-7042-4B26-AB2F8D780136}" = CCC Help Japanese

"{38EBEF35-18E3-4B74-A560-8F80685B9626}" = Lexware QuickBooks plus 2008

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX

"{3AEF318B-5987-09AF-949A-3D42837684D8}" = Catalyst Control Center Localization Italian

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support

"{40D5BDFB-D6E9-459E-92A8-118DA5AFBF86}" = Lexware online banking 4.20

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets

"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz

"{46CD7295-6B85-E6D1-9774-0C584F6497CB}" = Catalyst Control Center Graphics Full Existing

"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others

"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution

"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models

"{507C870C-C27E-4F53-A32A-23500AC62A46}" = Adobe GoLive CS (DEU)

"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs

"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities

"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter

"{593B41FE-0F9E-42FB-83B9-F54183F0E71D}" = Lexware Abschreibungsrechner 2006

"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor

"{66463B76-A188-C603-BF2F-AF6088F18012}" = CCC Help Italian

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{679DEB4F-FCC2-F5D7-2F23-EDF82D2CB76A}" = Catalyst Control Center Localization Korean

"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 

"{6FBABF2B-2355-4839-91BF-C86D9DB16934}" = Lexware Abschreibungsrechner 2008

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72BB5DC4-1C72-4306-9005-6B44190DF430}" = Lexware QuickBooks 2008

"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4

"{7596AEAB-2884-E87D-FD0B-BB02763998FB}" = ccc-utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery

"{795B7252-3FA5-20CA-D039-8E62DC590A10}" = Catalyst Control Center Graphics Light

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite

"{7A62B557-7A4F-CDB1-F6E5-E7AB5625ED16}" = ccc-core-preinstall

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files

"{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83E1D91E-6B79-8850-7CBB-3098BDD1D4C7}" = CCC Help Korean

"{83FEAEA2-0BAE-1E00-7264-C88A1BD55CE8}" = Catalyst Control Center Localization French

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{859744B2-A09C-4A8E-AF5A-1A1F333C7D53}" = Lexware Elster

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{8A59CF7D-58AB-A28D-F02D-8473A4431A28}" = Skins

"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models

"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models

"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant

"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager

"{A2289997-10A3-48F2-AA03-99180D761661}" = ThinkVantage Fingerprint Software 5.6

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A398B998-D540-A3D0-A35B-84A5549E1C5B}" = CCC Help Swedish

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5E81ECB-C322-35EF-E9B9-2CFE17BB1A28}" = CCC Help German

"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio

"{ABAD4282-5D79-93D6-5687-5657BC74DC51}" = Catalyst Control Center Localization German

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951

"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien

"{ADB68E57-C344-3C48-10B1-51B5959F4EA3}" = Catalyst Control Center Core Implementation

"{ADFAA190-E063-EB64-42A6-C5E8A1DA0A79}" = Catalyst Control Center Localization Dutch

"{AEA7DB99-E310-741E-D005-02BDF09E5AB3}" = CCC Help Portuguese

"{AEBDAEFE-DE1E-8622-C8DC-B7F8008E1925}" = CCC Help French

"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4

"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy

"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4

"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models

"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B6FA7BE5-6C3F-42AF-B3C1-C1F4536920C5}" = Lexware Abschreibungsrechner

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{B976F8E5-6A68-482C-8371-1DF9C70F7E2E}_is1" = sipgate X-Lite 1105c ger

"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup

"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other

"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter

"{C019A4C7-C791-450C-A5CF-FF95826CD276}" = Lexware QuickBooks 2008

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack

"{C5243A59-B2DD-EC07-23D2-D9CD9689B193}" = Catalyst Control Center Graphics Full New

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{C73D0E75-D147-CD6B-29F2-C5A1C8C6579C}" = ccc-core-static

"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com

"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC322D0B-CC8E-4351-90F2-19275DFFC134}" = Lexware QuickBooks 2008

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4

"{D52140C4-3CBD-1ED0-1CAA-7C4EAF5F75E1}" = Catalyst Control Center Localization Chinese Standard

"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad

"{D8482C8C-B0D9-EAF3-43DC-9770D3C7DB88}" = Catalyst Control Center Localization Chinese Traditional

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{DDFC5759-D6BC-FE35-D423-EE93B562B2CD}" = CCC Help Chinese Traditional

"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer

"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"

"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 

"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0

"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F358E676-72D0-40C3-BED7-113DCFAE4F32}" = Lexware QuickBooks PLUS 2007

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage

"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4

"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90

"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F8EF9F7F-5C73-4908-92F8-4A7F92968520}" = Lexware QuickBooks PLUS 2007

"{F91040C8-F3F6-BBA5-2762-EB720EA4B556}" = Catalyst Control Center Localization Portuguese

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs

"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe SVG Viewer" = Adobe SVG Viewer

"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection

"Alice" = Alice-Installationsdateien entfernen

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AwayTask" = ThinkVantage Away Manager

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Content Manager 2" = Content Manager 2

"Digital Editions" = Adobe Digital Editions

"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition

"eDocPrintPro" = eDocPrintPro

"ElsterFormular 11.2.0.4074" = ElsterFormular

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"GraphicsMagick 1.1.10 Q8_is1" = GraphicsMagick 1.1.10 Q8 (2007-09-19)

"GSiteCrawler" = GSiteCrawler

"HaufeReader" = HaufeReader

"HijackThis" = HijackThis 2.0.2

"HP OfficeJet 6100 Series" = HP Foto und Bildbearbeitung 2.0 - hp officejet 6100 series

"IBP10_is1" = IBP 10.2

"IBP11_is1" = IBP 11.7.4

"IBP9_is1" = IBP & ARELIS 9.7.1

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Link Popularity Check_is1" = Link Popularity Check 3.0.3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MozBackup_is1" = MozBackup 1.4.7

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Office8.0" = Microsoft Office 97, Professional Edition

"OnScreenDisplay" = Anzeige am Bildschirm

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"PCMCIAPW" = ThinkPad PC Card Power Policy

"Picasa2" = Picasa 2

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel(R) PROSet/Wireless Software

"PROSet" = Intel(R) Network Connections Drivers

"QB_BKH" = QuickBooks Business-KnowHow

"Remove Multimedia Center" = Remove Multimedia Center

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMCSetup" = Windows Media Connect

"WMFDist11" = Windows Media Format 11 runtime

"Works2003Setup" = Microsoft Works 2003-Setup-Start

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 28.06.2010 11:45:51 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 28.06.2010 12:29:12 | Computer Name = TEST | Source = Spybot - Search & Destroy | ID = 0

Description = 

 

Error - 28.06.2010 12:44:26 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 28.06.2010 12:44:55 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 28.06.2010 13:44:49 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 28.06.2010 13:45:17 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 29.06.2010 01:08:25 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 29.06.2010 01:08:32 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 29.06.2010 01:22:16 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 29.06.2010 01:22:17 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

[ System Events ]

Error - 28.06.2010 13:37:15 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "Anzeige am Bildschirm" wurde unerwartet beendet. Dies ist 

bereits 1 Mal passiert.

 

Error - 28.06.2010 13:37:15 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "Diskeeper" wurde unerwartet beendet. Dies ist bereits 1 Mal

 passiert.

 

Error - 28.06.2010 13:37:15 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "TSS Core Service" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 28.06.2010 13:37:16 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "TVT Backup Service" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 28.06.2010 13:37:16 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "TVT Scheduler" wurde unerwartet beendet. Dies ist bereits 

1 Mal passiert.

 

Error - 28.06.2010 13:37:16 | Computer Name = TEST | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Access Connections Main Service" wurde unerwartet beendet.

 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000

 Millisekunden durchgeführt: Starten Sie den Dienst neu..

 

Error - 28.06.2010 13:37:16 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "System Update" wurde unerwartet beendet. Dies ist bereits 

1 Mal passiert.

 

Error - 28.06.2010 13:47:59 | Computer Name = TEST | Source = Service Control Manager | ID = 7000

Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht 

gestartet:   %%3

 

Error - 29.06.2010 01:09:21 | Computer Name = TEST | Source = Service Control Manager | ID = 7000

Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht 

gestartet:   %%3

 

Error - 29.06.2010 01:22:58 | Computer Name = TEST | Source = Service Control Manager | ID = 7000

Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht 

gestartet:   %%3

 

 

< End of report >

--- --- ---

Kiesopfer

29.06.2010 06:38

Auffällig ist, dass seit einiger Zeit die Software zur Internetverbindung zweimal gestartet wurde und ich dann zwei Verbindungsmanager hatte. Jetzt ist es aber nun wieder r noch einer.

Beim PC Start wird - wohl seit einem GrafiktreiberUpdate von ATI - der komplette Desktop beim ersten laden einmal ganz kurz ausgeblendet und dann sofort wieder eingeblendet, als ob noch was zusätzlich geladen wird.

Sonst ist mir nichts aufgefallen.

Kiesopfer

29.06.2010 06:42

Neue temp-Dateien wurden wohl nicht mehr angelegt und die Anzahl der Perflib_Perfdata_... DAT-Dateien hat in dem Ordner auch abgenommen, aktuell sind es zwei, anfänglich waren ist glaube ich so um die sechs.

Kiesopfer

29.06.2010 07:43

Habe jetzt nochmal einige E-Mails gelöscht, die in Frage kommenden Ordner indexiert und komprimiert. Lasse Kasperky für diesen Ordner nochmal durch laufen.

Habe beim letzten Durchlauf, vergessen die Windows Firewall abzustellen:(
Soll ich Kasperky nochmal komplett durchlaufen lassen?

Kiesopfer

29.06.2010 08:26

Habe jetzt noch mal nur den Ordner
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail
gescannt - nach indexierung und Komprierung von Thunderbird.

Protokoll:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, June 29, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, June 29, 2010 01:30:19
Records in database: 4270347
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Folder:
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail

Scan statistics:
Objects scanned: 172
Threats found: 5
Infected objects found: 8
Suspicious objects found: 2
Scan duration: 00:20:05

File name / Threat / Threats count
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Infected: Worm.Win32.AutoRun.svl 3
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\mail.hebux.de\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato-1.de\Inbox Infected: Backdoor.Win32.Bredolab.bmc 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato-1.de\Inbox Infected: Backdoor.Win32.Bredolab.bmq 1
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail\post.strato-1.de\Inbox Infected: Packed.Win32.Krap.x 3

Selected area has been scanned.

Kiesopfer

29.06.2010 11:00

Hab mir Thunderbird nochmal angesehen und nun ist es sauber. Hier das Scan Protokoll des Mailordners:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, June 29, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, June 29, 2010 01:30:19
Records in database: 4270347
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Folder:
C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird\Profiles\6p9au248.default\Mail

Scan statistics:
Objects scanned: 172
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 00:17:11

No threats found. Scanned area is clean.

Selected area has been scanned.

Kiesopfer

29.06.2010 11:51

Hallo Daniel,

soll ich noch was durchlaufen lassen, oder sieht es soweit alles wieder gut aus?

Larusso

29.06.2010 12:18

Hy,das mit der GraKa ist bei mir auch und machte mir früher auch mal sorgen :)
Ist aber normal.

Entfernen wir noch schnell ein paar kleinigkeiten

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://image.hijackthis.eu/upload/hjt1-021.jpg Textbox.

Code:

:OTL

[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe

[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE

[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.

:services

:files

:reg

:Commands

[purity]

[emptytemp]

[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter
Als alternative würde ich dir den schlankeren Foxit Reader empfehlen :)

Schritt 3

Zum letzen mal ;)

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Kiesopfer

29.06.2010 12:35

Hier schon einmal das erste OTL:

All processes killed
========== OTL ==========
C:\WINDOWS\rundll16.exe folder moved successfully.
C:\WINDOWS\logo1_.exe folder moved successfully.
C:\WINDOWS\VDLL.DLL folder moved successfully.
C:\WINDOWS\System32\runouce.exe folder moved successfully.
C:\WINDOWS\RUNDL132.EXE folder moved successfully.
C:\WINDOWS\logo_1.exe folder moved successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 596 bytes

User: Norman
->Temp folder emptied: 109272515 bytes
->Temporary Internet Files folder emptied: 147456 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36796010 bytes
->Flash cache emptied: 612 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 356 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 140,00 mb

OTL by OldTimer - Version 3.2.7.0 log created on 06292010_132611

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Kiesopfer

29.06.2010 12:46

Beim Versuch den Acrobat Reader 9 zu entfernen erhalte ich folgende Meldung:

"Beim Versuch, die Datei C:\Windows\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten"

Soll ich es mal im abgesicherten Modus probieren?

Larusso

29.06.2010 12:54

Starte einmal Adobe Reader --> Help --> Check for updates

Kiesopfer

29.06.2010 13:56

Das hat so einfach nicht funktioniert.
Habe dann 9.3 aufgespielt.
9.0 deinstalliert, ging dann.
9.3 deinstalliert.
CCleaner gereinigt
Neustart
Manuell Ordner gelöscht bis auf die Dateien Identity-H und -V, die konnte ich nicht löschen.
9.3 neu installiert.
Neustart

Kiesopfer

29.06.2010 13:57

Protokoll OTL:

OTL:

OTL logfile created on: 29.06.2010 14:49:50 - Run 8
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Norman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,17 Gb Total Space | 30,52 Gb Free Space | 43,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: Norman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
PRC - [2010.04.03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- E:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009.10.01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009.04.14 19:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.02 20:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009.01.29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009.01.29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008.10.27 11:03:32 | 000,135,168 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008.10.27 10:56:38 | 000,143,360 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008.07.04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008.06.05 02:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.26 03:06:00 | 000,059,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.26 16:58:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007.02.02 03:00:02 | 000,419,376 | ---- | M] (LENOVO) -- C:\Programme\ThinkVantage\AMSG\Amsg.exe
PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006.08.16 19:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.07.14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.03.16 01:07:06 | 000,421,888 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2006.03.13 16:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005.05.20 02:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003.04.06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003.04.06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003.04.06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

========== Modules (SafeList) ==========

MOD - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.11.26 16:55:46 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAMPP)
SRV - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009.11.17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009.01.02 20:51:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.09.07 19:07:22 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010.06.28 17:30:18 | 000,040,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009.12.11 10:17:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009.07.12 09:40:48 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009.06.18 01:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009.01.28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009.01.28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.01.03 12:12:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2009.01.02 15:31:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2008.12.09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008.11.11 01:52:08 | 003,301,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.10.24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2008.10.24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008.07.03 23:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.05.12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.11.27 16:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.11.27 16:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.11.21 11:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.11.01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.11.01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.11.01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.09.07 19:06:32 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007.06.29 12:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.03.23 10:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.07.14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006.07.14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006.07.14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2)
DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006.03.01 03:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.18 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005.05.17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004.11.30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "http://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 09:12:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.29 14:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 10:21:49 | 000,000,000 | ---D | M]

[2010.04.02 11:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions
[2010.04.02 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.28 15:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions
[2010.06.13 23:28:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.24 17:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}
[2010.02.05 22:34:39 | 000,000,000 | ---D | M] (IE View) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.04.11 23:11:29 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009.07.01 21:20:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.04.24 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.02.15 08:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2008.07.31 20:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org
[2009.10.08 09:29:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009.04.24 17:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com
[2010.04.09 10:15:28 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\searchplugins\ixquickde-https.xml
[2010.06.28 15:24:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.27 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.27 10:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

Kiesopfer

29.06.2010 13:58

Protokoll OTL Teil 2:

O1 HOSTS File: ([2010.06.29 08:31:18 | 000,407,846 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14129 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1400_1050 Think EMEA Map.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.11 18:07:58 | 000,000,000 | ---D | M] - E:\Automobilia -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.06.29 14:27:45 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Norman\Recent
[2010.06.29 13:26:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.29 12:07:30 | 000,000,000 | ---D | C] -- C:\_SMA
[2010.06.29 07:01:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.28 19:41:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.28 17:48:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Desktop\Trajaner
[2010.06.28 16:28:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\DoctorWeb
[2010.06.28 15:34:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.27 19:28:02 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.06.27 19:28:01 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.06.27 19:27:59 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.27 19:27:54 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2010.06.27 19:27:54 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.06.27 19:27:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld
[2010.06.27 19:27:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2010.06.27 19:23:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Download Manager
[2010.06.27 18:39:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
[2010.06.27 18:32:53 | 166,440,096 | ---- | C] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe
[2010.06.27 17:47:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.27 17:47:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.27 17:47:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.27 17:47:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.27 17:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.27 17:44:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.27 17:40:29 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.27 13:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.06.27 10:34:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.06.27 10:34:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.06.27 10:34:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.06.27 10:34:49 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.06.27 10:22:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.27 09:52:44 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.26 15:33:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Malwarebytes
[2010.06.26 15:33:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.26 15:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.26 15:33:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.26 15:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.26 14:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.06.26 11:25:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.06.26 11:24:48 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.06.26 11:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.26 10:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.06.18 08:36:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync
[2010.06.17 17:04:08 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys
[2010.06.17 17:04:07 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys
[2010.06.17 17:04:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys
[2010.06.17 17:04:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys
[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys
[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys
[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys
[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys
[2010.06.17 16:32:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\SelfMV
[2010.06.17 12:23:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.06.14 14:34:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Galileo Press
[2010.06.10 08:30:17 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.06.09 10:53:28 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec
[2010.06.04 10:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474

========== Files - Modified Within 30 Days ==========

[2010.06.29 14:48:34 | 000,010,027 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010.06.29 14:46:37 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010.06.29 14:46:05 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.06.29 14:45:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.29 14:45:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.29 14:45:34 | 000,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.06.29 14:45:29 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.29 14:44:53 | 015,466,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.dat
[2010.06.29 14:44:31 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.ini
[2010.06.29 14:44:03 | 007,527,734 | -H-- | M] () -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.29 14:42:36 | 000,001,716 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.06.29 13:45:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.06.29 13:26:25 | 000,520,986 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.29 13:26:25 | 000,491,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.29 13:26:25 | 000,104,836 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.29 13:26:25 | 000,089,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.29 13:26:24 | 001,223,776 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.29 11:10:19 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010.06.29 08:31:18 | 000,407,846 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.29 07:00:42 | 000,039,675 | ---- | M] () -- C:\Kaspersky.html
[2010.06.28 19:44:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.28 19:43:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100629-083118.backup
[2010.06.28 18:29:50 | 003,722,957 | R--- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe
[2010.06.28 17:30:18 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2010.06.28 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job
[2010.06.28 15:34:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.06.27 23:18:53 | 000,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip
[2010.06.27 19:30:55 | 000,000,053 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.06.27 19:28:01 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.06.27 19:28:00 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.06.27 19:27:58 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
[2010.06.27 18:35:09 | 166,440,096 | ---- | M] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe
[2010.06.27 10:34:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.06.27 10:34:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.06.27 10:34:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.06.27 10:34:17 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.06.27 10:34:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.06.27 09:12:23 | 000,001,573 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.06.27 09:06:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS
[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010.06.26 10:29:39 | 000,409,923 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100626-131548.backup
[2010.06.26 10:10:13 | 000,000,246 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010.06.24 20:36:35 | 010,560,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Börge-Hendrik Spröde.QBW
[2010.06.24 20:28:21 | 000,018,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf
[2010.06.23 20:09:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.06.23 19:07:21 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc
[2010.06.23 18:56:34 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc
[2010.06.23 15:09:25 | 000,018,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf
[2010.06.23 08:59:50 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010.06.22 21:19:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.22 14:31:53 | 000,072,314 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg
[2010.06.18 09:26:33 | 007,844,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi
[2010.06.17 15:51:36 | 000,018,287 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf
[2010.06.17 10:19:45 | 000,247,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB
[2010.06.16 20:46:57 | 000,018,502 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf
[2010.06.12 00:28:06 | 000,070,995 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg
[2010.06.10 19:34:49 | 004,376,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.09 11:27:44 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\abrechnung.xlr
[2010.06.09 11:26:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010.06.09 11:26:50 | 000,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

========== Files Created - No Company Name ==========

[2010.06.29 14:42:36 | 000,001,716 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.06.29 07:00:42 | 000,039,675 | ---- | C] () -- C:\Kaspersky.html
[2010.06.28 18:29:48 | 003,722,957 | R--- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe
[2010.06.28 17:30:24 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.28 15:34:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.06.28 15:34:53 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.06.27 23:18:53 | 000,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip
[2010.06.27 19:28:25 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.06.27 19:27:59 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.06.27 17:47:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.27 17:47:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.27 17:47:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.27 17:47:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.27 17:47:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.26 19:57:59 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.26 19:57:57 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010.06.24 20:28:21 | 000,018,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf
[2010.06.23 19:01:08 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc
[2010.06.23 18:56:33 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc
[2010.06.23 15:09:25 | 000,018,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf
[2010.06.23 08:49:26 | 010,529,280 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.23 08:35:28 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\log.log
[2010.06.22 14:31:52 | 000,072,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg
[2010.06.18 09:50:55 | 000,247,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB
[2010.06.18 09:26:33 | 007,844,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi
[2010.06.17 15:51:36 | 000,018,287 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf
[2010.06.16 20:46:57 | 000,018,502 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf
[2010.06.12 00:28:06 | 000,070,995 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg
[2010.06.04 10:06:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.05.27 23:05:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.05.27 23:05:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.01.03 17:58:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.01.03 17:58:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.01.03 17:58:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008.07.04 10:02:26 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Backup.INI
[2008.02.09 20:16:29 | 000,000,246 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.02.04 21:30:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008.01.23 14:57:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.01.23 14:57:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.01.23 14:57:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.11.26 16:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.11.26 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2007.10.07 13:21:17 | 000,003,325 | ---- | C] () -- C:\WINDOWS\tm.ini
[2007.09.30 09:47:10 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007.09.30 09:47:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007.09.30 09:46:41 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007.09.30 09:46:41 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007.09.30 09:46:40 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007.09.08 00:42:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll
[2007.09.08 00:33:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.09.08 00:08:57 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007.09.07 19:13:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.09.07 19:05:58 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007.09.07 18:55:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007.09.07 18:55:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007.09.07 18:55:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007.09.07 18:55:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007.09.07 18:47:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007.09.07 18:46:20 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007.09.07 18:44:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007.09.07 18:44:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007.09.07 18:43:56 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2006.08.17 10:00:13 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.06.12 12:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2005.05.04 14:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.08.04 02:44:46 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000.12.04 20:27:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[1999.05.14 15:05:22 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL
[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >

Kiesopfer

29.06.2010 13:58

Protokoll Extras OTL:

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 29.06.2010 14:49:50 - Run 8

OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\Norman\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 70,17 Gb Total Space | 30,52 Gb Free Space | 43,49% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TEST

Current User Name: Norman

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server

"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server

"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server

"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Connect

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\IBP 10\IBP.exe" = C:\Programme\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP) -- (Axandra GmbH)

"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"E:\Programme\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = E:\Programme\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4 -- (Adobe Systems, Inc.)

"C:\Programme\sipgate X-Lite\sipgateXLite.exe" = C:\Programme\sipgate X-Lite\sipgateXLite.exe:*:Enabled:sipgateXLite -- ()

"C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{062831CB-A028-FA27-482B-35B935569892}" = CCC Help Spanish

"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data

"{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}" = sipgate Faxdrucker

"{0921D0A0-5A37-4318-9EDD-6B6EC12E6380}" = Lexware QuickBooks 2008

"{0940BBAB-2C46-E877-69CE-1A1B8100C6F3}" = Catalyst Control Center Localization Japanese

"{09672BC4-148F-3FCC-E1A9-A019453D9A4A}" = CCC Help Chinese Standard

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0F03AD68-3716-DC9C-45E3-72B519D0B64E}" = CCC Help Dutch

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'

"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series

"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{1ED554BA-058A-9664-2BA8-F6F2A68DE15E}" = Catalyst Control Center Localization Swedish

"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)

"{2E64DF28-426C-9E02-8295-485AB959225C}" = Catalyst Control Center Localization Spanish

"{2EE66895-2912-4980-82FD-0AF03FB884DC}" = Lexware QuickBooks 2008

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90

"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version

"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35431808-8D7E-345D-127B-BFC92CAA2352}" = CCC Help English

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{372853A4-796F-7042-4B26-AB2F8D780136}" = CCC Help Japanese

"{38EBEF35-18E3-4B74-A560-8F80685B9626}" = Lexware QuickBooks plus 2008

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX

"{3AEF318B-5987-09AF-949A-3D42837684D8}" = Catalyst Control Center Localization Italian

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support

"{40D5BDFB-D6E9-459E-92A8-118DA5AFBF86}" = Lexware online banking 4.20

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets

"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz

"{46CD7295-6B85-E6D1-9774-0C584F6497CB}" = Catalyst Control Center Graphics Full Existing

"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others

"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution

"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models

"{507C870C-C27E-4F53-A32A-23500AC62A46}" = Adobe GoLive CS (DEU)

"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs

"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities

"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter

"{593B41FE-0F9E-42FB-83B9-F54183F0E71D}" = Lexware Abschreibungsrechner 2006

"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor

"{66463B76-A188-C603-BF2F-AF6088F18012}" = CCC Help Italian

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{679DEB4F-FCC2-F5D7-2F23-EDF82D2CB76A}" = Catalyst Control Center Localization Korean

"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 

"{6FBABF2B-2355-4839-91BF-C86D9DB16934}" = Lexware Abschreibungsrechner 2008

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72BB5DC4-1C72-4306-9005-6B44190DF430}" = Lexware QuickBooks 2008

"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4

"{7596AEAB-2884-E87D-FD0B-BB02763998FB}" = ccc-utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery

"{795B7252-3FA5-20CA-D039-8E62DC590A10}" = Catalyst Control Center Graphics Light

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite

"{7A62B557-7A4F-CDB1-F6E5-E7AB5625ED16}" = ccc-core-preinstall

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files

"{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83E1D91E-6B79-8850-7CBB-3098BDD1D4C7}" = CCC Help Korean

"{83FEAEA2-0BAE-1E00-7264-C88A1BD55CE8}" = Catalyst Control Center Localization French

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{859744B2-A09C-4A8E-AF5A-1A1F333C7D53}" = Lexware Elster

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{8A59CF7D-58AB-A28D-F02D-8473A4431A28}" = Skins

"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9966A5DB-8BB0-4D89-A701-386ED84E79B8}" = Adobe Creative Suite 4 Master Collection

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models

"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models

"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant

"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager

"{A2289997-10A3-48F2-AA03-99180D761661}" = ThinkVantage Fingerprint Software 5.6

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A398B998-D540-A3D0-A35B-84A5549E1C5B}" = CCC Help Swedish

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5E81ECB-C322-35EF-E9B9-2CFE17BB1A28}" = CCC Help German

"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio

"{ABAD4282-5D79-93D6-5687-5657BC74DC51}" = Catalyst Control Center Localization German

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien

"{ADB68E57-C344-3C48-10B1-51B5959F4EA3}" = Catalyst Control Center Core Implementation

"{ADFAA190-E063-EB64-42A6-C5E8A1DA0A79}" = Catalyst Control Center Localization Dutch

"{AEA7DB99-E310-741E-D005-02BDF09E5AB3}" = CCC Help Portuguese

"{AEBDAEFE-DE1E-8622-C8DC-B7F8008E1925}" = CCC Help French

"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4

"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy

"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4

"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models

"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B6FA7BE5-6C3F-42AF-B3C1-C1F4536920C5}" = Lexware Abschreibungsrechner

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{B976F8E5-6A68-482C-8371-1DF9C70F7E2E}_is1" = sipgate X-Lite 1105c ger

"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BCEEDC10-441F-4E4E-8590-0955C4C6B3F6}" = Adobe Setup

"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other

"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter

"{C019A4C7-C791-450C-A5CF-FF95826CD276}" = Lexware QuickBooks 2008

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack

"{C5243A59-B2DD-EC07-23D2-D9CD9689B193}" = Catalyst Control Center Graphics Full New

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{C73D0E75-D147-CD6B-29F2-C5A1C8C6579C}" = ccc-core-static

"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com

"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC322D0B-CC8E-4351-90F2-19275DFFC134}" = Lexware QuickBooks 2008

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4

"{D52140C4-3CBD-1ED0-1CAA-7C4EAF5F75E1}" = Catalyst Control Center Localization Chinese Standard

"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad

"{D8482C8C-B0D9-EAF3-43DC-9770D3C7DB88}" = Catalyst Control Center Localization Chinese Traditional

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{DDFC5759-D6BC-FE35-D423-EE93B562B2CD}" = CCC Help Chinese Traditional

"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer

"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"

"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 

"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0

"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F358E676-72D0-40C3-BED7-113DCFAE4F32}" = Lexware QuickBooks PLUS 2007

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage

"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4

"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90

"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F8EF9F7F-5C73-4908-92F8-4A7F92968520}" = Lexware QuickBooks PLUS 2007

"{F91040C8-F3F6-BBA5-2762-EB720EA4B556}" = Catalyst Control Center Localization Portuguese

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs

"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe SVG Viewer" = Adobe SVG Viewer

"Adobe_7e74552a59eaf9fafd13f90894ac9bd" = Adobe Creative Suite 4 Master Collection

"Alice" = Alice-Installationsdateien entfernen

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AwayTask" = ThinkVantage Away Manager

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Content Manager 2" = Content Manager 2

"Digital Editions" = Adobe Digital Editions

"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition

"eDocPrintPro" = eDocPrintPro

"ElsterFormular 11.2.0.4074" = ElsterFormular

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"GraphicsMagick 1.1.10 Q8_is1" = GraphicsMagick 1.1.10 Q8 (2007-09-19)

"GSiteCrawler" = GSiteCrawler

"HaufeReader" = HaufeReader

"HijackThis" = HijackThis 2.0.2

"HP OfficeJet 6100 Series" = HP Foto und Bildbearbeitung 2.0 - hp officejet 6100 series

"IBP10_is1" = IBP 10.2

"IBP11_is1" = IBP 11.7.4

"IBP9_is1" = IBP & ARELIS 9.7.1

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Link Popularity Check_is1" = Link Popularity Check 3.0.3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MozBackup_is1" = MozBackup 1.4.7

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Office8.0" = Microsoft Office 97, Professional Edition

"OnScreenDisplay" = Anzeige am Bildschirm

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"PCMCIAPW" = ThinkPad PC Card Power Policy

"Picasa2" = Picasa 2

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel(R) PROSet/Wireless Software

"PROSet" = Intel(R) Network Connections Drivers

"QB_BKH" = QuickBooks Business-KnowHow

"Remove Multimedia Center" = Remove Multimedia Center

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMCSetup" = Windows Media Connect

"WMFDist11" = Windows Media Format 11 runtime

"Works2003Setup" = Microsoft Works 2003-Setup-Start

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 29.06.2010 08:06:24 | Computer Name = TEST | Source = MsiInstaller | ID = 11311

Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1311. Die Quelldatei (CAB-Datei)

 wurde nicht gefunden: C:\Programme\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A90000000001}\Data1.cab.

 Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen können.

 

Error - 29.06.2010 08:06:27 | Computer Name = TEST | Source = MsiInstaller | ID = 11311

Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1311. Die Quelldatei (CAB-Datei)

 wurde nicht gefunden: C:\Programme\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A90000000001}\Data1.cab.

 Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen können.

 

Error - 29.06.2010 08:14:14 | Computer Name = TEST | Source = MsiInstaller | ID = 11316

Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1316. Beim Versuch, die

 Datei C:\WINDOWS\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

 

Error - 29.06.2010 08:16:13 | Computer Name = TEST | Source = MsiInstaller | ID = 11316

Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1316. Beim Versuch, die

 Datei C:\WINDOWS\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

 

Error - 29.06.2010 08:17:24 | Computer Name = TEST | Source = MsiInstaller | ID = 11316

Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1316. Beim Versuch, die

 Datei C:\WINDOWS\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

 

Error - 29.06.2010 08:23:32 | Computer Name = TEST | Source = MsiInstaller | ID = 11316

Description = Produkt: Adobe Reader 9 - Deutsch -- Fehler 1316. Beim Versuch, die

 Datei C:\WINDOWS\Installer\AcroRead.msi zu lesen, ist ein Netzwerkfehler aufgetreten.

 

Error - 29.06.2010 08:32:44 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 29.06.2010 08:32:48 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 29.06.2010 08:47:33 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

Error - 29.06.2010 08:47:38 | Computer Name = TEST | Source = PerfNet | ID = 2004

Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden

 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

 

[ System Events ]

Error - 29.06.2010 07:26:19 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "tvtnetwk" wurde unerwartet beendet. Dies ist bereits 1 Mal

 passiert.

 

Error - 29.06.2010 07:26:19 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "Power Manager DBC Service" wurde unerwartet beendet. Dies 

ist bereits 1 Mal passiert.

 

Error - 29.06.2010 07:26:20 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "System Update" wurde unerwartet beendet. Dies ist bereits 

1 Mal passiert.

 

Error - 29.06.2010 07:26:20 | Computer Name = TEST | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Access Connections Main Service" wurde unerwartet beendet.

 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000

 Millisekunden durchgeführt: Starten Sie den Dienst neu..

 

Error - 29.06.2010 07:26:20 | Computer Name = TEST | Source = Service Control Manager | ID = 7034

Description = Dienst "Pml Driver HPZ12" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 29.06.2010 07:31:18 | Computer Name = TEST | Source = Service Control Manager | ID = 7000

Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht 

gestartet:   %%3

 

Error - 29.06.2010 07:40:07 | Computer Name = TEST | Source = Service Control Manager | ID = 7000

Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht 

gestartet:   %%3

 

Error - 29.06.2010 08:04:31 | Computer Name = TEST | Source = Service Control Manager | ID = 7000

Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht 

gestartet:   %%3

 

Error - 29.06.2010 08:33:42 | Computer Name = TEST | Source = Service Control Manager | ID = 7000

Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht 

gestartet:   %%3

 

Error - 29.06.2010 08:48:35 | Computer Name = TEST | Source = Service Control Manager | ID = 7000

Description = Der Dienst "XAMPP Service" wurde aufgrund folgenden Fehlers nicht 

gestartet:   %%3

 

 

< End of report >

--- --- ---

Larusso

29.06.2010 14:08

Windows + R Taste drücken.
Kopiere nun folgendes in die Zeile

sc delete XAMPP

und drücke OK

Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Kiesopfer

29.06.2010 14:47

An dieser Stelle erstmal vielen Dank :dankeschoen:
für:
=> die Unterstützung
=> den Service
=> die Tipps
=> die Zeit
=> und für Deine Geduld ! ! !

Einige kurze Fragen habe ich noch:

1) Gab es Anzeichen für einen gezielten Angriff auf meinen Rechner?

2) Was hälst Du von Komplettsoftware wie z.b. von den diversen Internet-Security Paketen?

3) Wie hoch sind denn so die Spenden, die Ihr bekommt, was wird dort so erwartet?

Ich sage nochmals Danke und von mir aus kannst Du das hier nun schließen!

Larusso

29.06.2010 14:56

1) Gab es Anzeichen für einen gezielten Angriff auf meinen Rechner?
mir ist nichts aufgefallen, dir ? ;)

2) Was hälst Du von Komplettsoftware wie z.b. von den diversen Internet-Security Paketen?
Finger weg

3) Wie hoch sind denn so die Spenden, die Ihr bekommt, was wird dort so erwartet?
Pro post 10 euro :lach:

Ne keine Ahnung, ich hab darauf keinen Zugriff. Was man sich halt leisten will

pannenmann

30.06.2010 09:27

Hallo larusso und co.

ich habe leider das gleiche problem... ich habe auch schon filelister durchlaufen lassen der erstellt aber nur eine leere txt-datei

hier noch die gmer log datei:

GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-06-30 00:19:35

Windows 6.1.7600 

Running: u8e06d8m.exe; Driver: C:\Users\Klaus\AppData\Local\Temp\kglcqpog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            96EF0C34                                                                                                            ZwCreateThread

SSDT            96EF0C20                                                                                                            ZwOpenProcess

SSDT            96EF0C25                                                                                                            ZwOpenThread

SSDT            96EF0C2F                                                                                                            ZwTerminateProcess
 

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82A32AF8

INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82A32104

INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82A323F4

INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82A1AFB4

INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82A321DC

INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82A32958

INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82A326F8

INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82A32F2C

INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82A331A8
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                              84A771F8

Device          \Driver\NetBT \Device\NetBT_Tcpip_{DE32F4C4-D68A-4043-A306-59BB286FB2BA}                                            85EBC1F8

Device          \Driver\NetBT \Device\NetBT_Tcpip_{8CD7E3AA-8308-4B05-8708-D52D0BB8F05F}                                            85EBC1F8

Device          \Driver\volmgr \Device\VolMgrControl                                                                                84A721F8

Device          \Driver\usbohci \Device\USBPDO-0                                                                                    85FAD1F8

Device          \Driver\usbehci \Device\USBPDO-1                                                                                    85FAA1F8

Device          \Driver\ACPI_HAL \Device\00000046                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device          \Driver\nvstor \Device\00000060                                                                                     84A751F8

Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              84A721F8
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              84A721F8
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

Device          \Driver\cdrom \Device\CdRom0                                                                                        85E0D1F8

Device          \Driver\cdrom \Device\CdRom1                                                                                        85E0D1F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  84A741F8

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  84A741F8

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             85EBC1F8

Device          \Driver\PCI_PNP2046 \Device\0000004e                                                                                spzh.sys

Device          \Driver\nvstor \Device\RaidPort0                                                                                    84A751F8

Device          \Driver\nvstor \Device\RaidPort1                                                                                    84A751F8

Device          \Driver\nvstor \Device\RaidPort2                                                                                    84A751F8

Device          \Driver\usbohci \Device\USBFDO-0                                                                                    85FAD1F8

Device          \Driver\sptd \Device\2370553296                                                                                     spzh.sys

Device          \Driver\usbehci \Device\USBFDO-1                                                                                    85FAA1F8

Device          \Driver\ah26fap2 \Device\Scsi\ah26fap21                                                                             860D91F8

Device          \Driver\ah26fap2 \Device\Scsi\ah26fap21Port5Path0Target0Lun0                                                        860D91F8

Device          \FileSystem\cdfs \Cdfs                                                                                              85E381F8

Device           -> \Driver\nvstor \Device\Harddisk0\DR0                                                                            85F1FEC5
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x1C 0x9B 0xE4 0xA9 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xE8 0x0E 0xF2 0x49 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x7C 0x1D 0xEE 0xD1 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x1C 0x9B 0xE4 0xA9 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xE8 0x0E 0xF2 0x49 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x7C 0x1D 0xEE 0xD1 ...
 

---- Files - GMER 1.0.15 ----
 

File            C:\Windows\system32\drivers\nvstor.sys                                                                              suspicious modification
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Larusso

30.06.2010 09:37

Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich.

Jeder andere möge bitte einen eigenen Thread starten.

pannenmann

30.06.2010 09:41

hier noch der OTL report

OTL Logfile:

Code:

OTL logfile created on: 30.06.2010 10:36:06 - Run 1

OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Klaus\Downloads

 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 127,99 Gb Total Space | 66,92 Gb Free Space | 52,29% Space Free | Partition Type: NTFS

Drive D: | 170,10 Gb Total Space | 63,43 Gb Free Space | 37,29% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: *****

Current User Name: *****

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Klaus\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Winamp\winampa.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Klaus\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E C0 2D 2E 3B 5B CA 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "web.de"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:14.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 01:26:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.28 01:26:59 | 000,000,000 | ---D | M]

 

[2009.11.01 23:41:18 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\mozilla\Extensions

[2010.06.29 12:29:16 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions

[2010.06.28 13:05:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.04.09 13:06:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009.11.07 15:06:13 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions\moveplayer@movenetworks.com

[2010.04.08 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\lpflhio7.default\extensions\qtl.co.il@gmail.com

[2010.06.23 23:15:20 | 000,001,056 | ---- | M] () -- C:\Users\Klaus\AppData\Roaming\Mozilla\FireFox\Profiles\lpflhio7.default\searchplugins\icqplugin.xml

[2010.01.31 12:56:29 | 000,002,108 | ---- | M] () -- C:\Users\Klaus\AppData\Roaming\Mozilla\FireFox\Profiles\lpflhio7.default\searchplugins\qtl.xml

[2010.06.30 00:20:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.05.02 23:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.03.12 13:55:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.03.12 13:55:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.03.12 13:55:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.03.12 13:55:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.03.12 13:55:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.06.30 01:39:46 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.142.0.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{98b45394-c734-11de-9be0-001617d75309}\Shell - "" = AutoRun

O33 - MountPoints2\{98b45394-c734-11de-9be0-001617d75309}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.06.30 01:04:37 | 000,000,000 | ---D | C] -- C:\Users\Klaus\DoctorWeb

[2010.06.30 00:58:25 | 000,000,000 | ---D | C] -- C:\Programme\DrWeb

[2010.06.30 00:40:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2010.06.30 00:37:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010.06.30 00:37:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010.06.30 00:37:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010.06.30 00:37:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010.06.30 00:35:17 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010.06.30 00:34:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.06.30 00:34:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010.06.29 23:57:51 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\Download Manager

[2010.06.29 23:49:32 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\Malwarebytes

[2010.06.29 23:48:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.06.29 23:48:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.06.29 23:48:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.06.29 23:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.06.29 09:25:17 | 000,000,000 | ---D | C] -- C:\Programme\Guitar Pro 5

[2010.06.29 09:11:38 | 000,000,000 | ---D | C] -- C:\Programme\PowerISO

[2010.06.28 19:35:28 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\Guitar Pro 6

[2010.06.28 19:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6

[2010.06.23 15:41:20 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010.06.23 15:41:20 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010.06.23 15:41:20 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010.06.23 10:51:43 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Local\AOL

[2010.06.23 10:51:19 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2

[2010.06.23 09:43:06 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll

[2010.06.23 09:43:05 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll

[2010.06.23 09:43:05 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010.06.23 09:43:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010.06.18 03:20:33 | 000,000,000 | ---D | C] -- C:\Programme\Veetle

[2010.06.09 01:25:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010.06.09 01:25:05 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010.06.09 01:25:02 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010.06.09 01:25:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010.06.09 01:25:01 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010.06.09 01:25:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010.06.09 01:24:57 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010.06.09 01:24:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.06.30 10:36:14 | 002,359,296 | -HS- | M] () -- C:\Users\Klaus\NTUSER.DAT

[2010.06.30 10:33:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010.06.30 10:29:05 | 000,040,808 | ---- | M] () -- C:\Users\Klaus\Desktop\85104-otl-otlogfile-oldtimer.html

[2010.06.30 10:25:29 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010.06.30 10:25:29 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010.06.30 10:18:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010.06.30 10:18:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.06.30 10:17:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.06.30 10:17:42 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys

[2010.06.30 01:55:19 | 001,980,579 | -H-- | M] () -- C:\Users\Klaus\AppData\Local\IconCache.db

[2010.06.30 01:54:36 | 001,515,082 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.06.30 01:54:36 | 000,658,934 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.06.30 01:54:36 | 000,619,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.06.30 01:54:36 | 000,133,488 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.06.30 01:54:36 | 000,109,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.06.30 01:39:46 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010.06.29 20:17:22 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2010.06.29 20:17:22 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010.06.29 19:17:10 | 000,451,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.06.29 09:26:09 | 000,123,672 | ---- | M] () -- C:\Users\Klaus\AppData\Local\GDIPFONTCACHEV1.DAT

[2010.06.29 09:25:31 | 000,000,902 | ---- | M] () -- C:\Users\Klaus\Desktop\Guitar Pro 5.lnk

[2010.06.29 09:11:40 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk

[2010.06.23 23:34:41 | 000,014,193 | ---- | M] () -- C:\Users\Klaus\Documents\Ronja23.docx

[2010.06.13 13:22:30 | 000,001,814 | ---- | M] () -- C:\Users\Klaus\Desktop\Zattoo.lnk

[2010.06.13 13:22:13 | 016,245,350 | ---- | M] () -- C:\Users\Klaus\Desktop\Zattoo-4.0.5.exe

[2010.06.13 13:19:13 | 000,017,408 | ---- | M] () -- C:\Users\Klaus\AppData\Local\WebpageIcons.db

[2010.06.11 13:25:13 | 000,042,851 | ---- | M] () -- C:\Users\Klaus\Documents\text spanisch.docx

[2010.06.11 00:28:39 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010.06.09 13:20:38 | 000,086,684 | ---- | M] () -- C:\Users\Klaus\Documents\16.03.2010.m3u

 
 ========== Files Created - No Company Name ==========

 

[2010.06.30 10:29:03 | 000,040,808 | ---- | C] () -- C:\Users\Klaus\Desktop\85104-otl-otlogfile-oldtimer.html

[2010.06.30 00:37:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010.06.30 00:37:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010.06.30 00:37:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010.06.30 00:37:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010.06.30 00:37:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010.06.30 00:28:36 | 000,027,671 | ---- | C] () -- C:\Users\Klaus\Desktop\FileLister.vbe

[2010.06.30 00:28:36 | 000,012,043 | ---- | C] () -- C:\Users\Klaus\Desktop\svcwht.dat

[2010.06.29 20:13:26 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2010.06.29 20:13:26 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010.06.29 09:25:31 | 000,000,902 | ---- | C] () -- C:\Users\Klaus\Desktop\Guitar Pro 5.lnk

[2010.06.29 09:11:40 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk

[2010.06.23 23:34:41 | 000,014,193 | ---- | C] () -- C:\Users\Klaus\Documents\Ronja23.docx

[2010.06.13 13:22:11 | 016,245,350 | ---- | C] () -- C:\Users\Klaus\Desktop\Zattoo-4.0.5.exe

[2010.06.11 13:25:12 | 000,042,851 | ---- | C] () -- C:\Users\Klaus\Documents\text spanisch.docx

[2010.02.28 00:21:46 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll

[2010.02.28 00:21:46 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll

[2010.02.28 00:21:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll

[2009.11.01 23:42:16 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL

[2009.11.01 23:42:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL

[2009.10.16 07:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini

[2009.07.21 17:42:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2009.07.14 02:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2008.11.13 07:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini

[2007.12.04 06:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini

[2007.06.07 06:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini

[2005.03.08 07:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

 
 ========== LOP Check ==========

 

[2010.02.09 00:03:03 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\AnvSoft

[2009.11.02 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\DAEMON Tools Lite

[2010.06.28 19:37:11 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Guitar Pro 6

[2010.06.27 10:07:35 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\ICQ

[2010.03.17 14:13:27 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Langenscheidt

[2010.03.01 02:27:56 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\lyx16

[2009.12.17 16:09:23 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\OpenOffice.org

[2010.01.25 01:56:32 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Opera

[2010.04.08 13:21:01 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\Spotify

[2010.05.16 02:37:05 | 000,000,000 | ---D | M] -- C:\Users\Klaus\AppData\Roaming\TS3Client

[2010.06.18 21:16:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

< End of report >

--- --- ---

Alle Zeitangaben in WEZ +1. Es ist jetzt 04:20 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131