Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

xp just boots in secure mode

Started by pupilli , Apr 23 2009 03:11 AM

  • Please log in to reply

#1
pupilli
Posted 23 April 2009 - 03:11 AM

pupilli

    New Member

  • Member
  • Pip
  • 1 posts
hi,

while booting my laptop stucks on the welcome page.
it is just possible to boot in safe mode without network drivers.

I tried to follow your cleaning guide but failed to install Malwarebytes' Anti-Malware.
I get the Run-time error '50003' in return.

as a next step I tried running some analysis tools i found in the forum in safe mode and here are the logfiles:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03, on 2009-04-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\zabkat\xplorer2\xplorer2_UC.exe
E:\stinger1001546.exe
C:\Dokumente und Einstellungen\HoSchi\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1219352757312
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GtDetectSc - OptionNV - C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Update Service (gupdate1c9bdc423955a40) (gupdate1c9bdc423955a40) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13259 bytes

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:146903 Mo/Free:725 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

2009-04-23|15:16

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Programme\zabkat\xplorer2\xplorer2_UC.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 2009-04-23|15:16
2 - "C:\Rooter$\Rooter_2.txt" - 2009-04-23|15:16

----------------------\\ Scan completed at 15:16

OTListIt logfile created on: 2009-04-23 15:20:42 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Dokumente und Einstellungen\HoSchi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143.46 Gb Total Space | 28.71 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUPSERASE
Current User Name: HoSchi
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programme\zabkat\xplorer2\xplorer2_UC.exe (ZabKat)
PRC - C:\Dokumente und Einstellungen\HoSchi\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcPrfMgrSvc [Auto | Stopped]) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc [Auto | Stopped]) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (btwdins [Auto | Stopped]) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Diskeeper [Auto | Stopped]) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (EvtEng [Auto | Stopped]) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GtDetectSc [Auto | Stopped]) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (GtFlashSwitch [Auto | Stopped]) -- C:\Programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe (OptionNV)
SRV - (gupdate1c9bdc423955a40 [Auto | Stopped]) -- C:\Programme\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Stopped]) -- C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Stopped]) -- C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [Auto | Stopped]) -- C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (IBMPMSVC [Auto | Stopped]) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IPSSVC [Auto | Stopped]) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (RegSrvc [Auto | Stopped]) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Stopped]) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (StarWindServiceAE [Auto | Stopped]) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (SUService [Auto | Stopped]) -- c:\programme\lenovo\system update\suservice.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service [Auto | Stopped]) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TPHDEXLGSVC [Auto | Stopped]) -- C:\WINDOWS\System32\TPHDEXLG.exe (Lenovo.)
SRV - (TSSCoreService [Auto | Stopped]) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
SRV - (TVT Backup Protection Service [Auto | Stopped]) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service [Auto | Stopped]) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TVT Scheduler [Auto | Stopped]) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (tvtnetwk [Auto | Stopped]) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (vsmon [Auto | Stopped]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WMPNetworkSvc [Auto | Stopped]) -- C:\Programme\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (ADIHdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\AEAudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Cisco Systems, Inc.)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ANC [System | Stopped]) -- C:\WINDOWS\System32\drivers\ANC.SYS (IBM Corp.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (atksgt [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\atksgt.sys ()
DRV - (atmeltpm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\atmeltpm.sys (Atmel, Inc.)
DRV - (btaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Stopped]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Stopped]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Stopped]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Stopped]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Stopped]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Stopped]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Stopped]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Stopped]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (e1express [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys (Intel Corporation)
DRV - (G400 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\G400m.sys (Matrox Graphics Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (GTFFBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\gtffbus.sys (Option N.V.)
DRV - (GTMNDISIRPXP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys (Option NV)
DRV - (GTPTSER [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\gtptser.sys (Option N.V.)
DRV - (GTUQBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\gtuqbus.sys (Option N.V.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys (Lenovo.)
DRV - (IBMTPCHK [System | Stopped]) -- C:\WINDOWS\system32\Drivers\IBMBLDID.sys ()
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (KLIF [System | Stopped]) -- C:\WINDOWS\System32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (lirsgt [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys ()
DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NETw4x32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsu [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (pmem [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (psadd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\psadd.sys (Lenovo (United States) Inc.)
DRV - (Ptilink [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (risdptsk [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (s217bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s217mdfl.sys (MCCI Corporation)
DRV - (s217mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s217mdm.sys (MCCI Corporation)
DRV - (s217mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s217mgmt.sys (MCCI Corporation)
DRV - (s217nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s217nd5.sys (MCCI Corporation)
DRV - (s217obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s217obex.sys (MCCI Corporation)
DRV - (s217unic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s217unic.sys (MCCI)
DRV - (s24trans [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Shockprf [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smihlp [Auto | Stopped]) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (srescan [Boot | Stopped]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TcUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (TPDIGIMN [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (TPHKDRV [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys (Lenovo Group Limited)
DRV - (TPPWRIF [System | Stopped]) -- C:\WINDOWS\System32\drivers\Tppwrif.sys ()
DRV - (TSMAPIP [System | Stopped]) -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS ()
DRV - (tvtfilter [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tvtfilter.sys (Lenovo)
DRV - (TVTI2C [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Tvti2c.sys (Lenovo (United States) Inc.)
DRV - (TVTPktFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys (Lenovo Group Limited)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (vsdatant [System | Stopped]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.704
FF - prefs.js..extensions.enabledItems: {B922D405-6D13-4A2B-AE89-08A030DA4402}:1.0
FF - prefs.js..extensions.enabledItems: {0f9daf7e-2ee2-4fcf-9d4f-d43d93963420}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {FCF36B88-1BBA-487f-B64B-D2E8980A9293}:3.01
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008-12-28 02:07:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAMME\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [2009-04-22 10:13:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAMME\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2009-03-15 19:26:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAMME\MOZILLA FIREFOX\COMPONENTS [2009-04-17 15:31:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAMME\MOZILLA FIREFOX\PLUGINS [2009-03-31 20:12:18 | 00,000,000 | ---D | M]

[2008-08-21 08:36:05 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\mozilla\Extensions
[2008-08-21 08:36:05 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-23 09:05:55 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\mozilla\Firefox\Profiles\2d56rjye.default\extensions
[2009-04-22 10:17:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\mozilla\Firefox\Profiles\2d56rjye.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(2)
[2008-08-21 18:39:20 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\mozilla\Firefox\Profiles\2d56rjye.default\extensions\{0f9daf7e-2ee2-4fcf-9d4f-d43d93963420}
[2009-04-22 10:12:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\mozilla\Firefox\Profiles\2d56rjye.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2008-08-30 01:44:57 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\mozilla\Firefox\Profiles\2d56rjye.default\extensions\[email protected]
[2008-08-30 01:52:07 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\mozilla\Firefox\Profiles\2d56rjye.default\extensions\[email protected]
[2009-04-22 00:23:08 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions
[2009-03-31 20:12:18 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-03-19 14:53:24 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009-04-16 11:56:51 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2008-10-18 18:17:28 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008-12-28 02:07:47 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-04-16 11:56:51 | 00,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions\[email protected]
[2009-03-31 20:12:10 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browserdirprovider.dll
[2009-03-31 20:12:10 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\brwsrcmp.dll
[2008-03-15 15:56:14 | 00,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2008-11-13 16:49:57 | 00,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2008-08-30 01:14:25 | 00,001,703 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml.bak
[2008-02-19 16:40:48 | 00,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2007-07-14 15:48:48 | 00,002,008 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\ppcw-rs.xml
[2007-07-15 13:02:26 | 00,002,137 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\ppcw-search-ebooks.xml
[2007-07-15 13:02:04 | 00,002,135 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\ppcw-search-games.xml
[2008-06-19 16:03:14 | 00,002,135 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\ppcw-search-gps.xml
[2007-07-15 13:01:22 | 00,002,135 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\ppcw-search-movies.xml
[2008-06-19 16:02:58 | 00,002,128 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\ppcw-search-roms.xml
[2007-07-15 13:02:42 | 00,002,145 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\ppcw-search-smartph.xml
[2007-07-15 13:01:42 | 00,002,140 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\ppcw-search-soft.xml
[2007-07-14 16:04:06 | 00,002,120 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\ppcw-search.xml
[2006-12-03 17:59:22 | 00,000,986 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2006-11-17 13:19:24 | 00,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2009-04-16 17:21:38 | 00,000,812 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe (LENOVO)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()
O4 - HKLM..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Limited)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect ()
O4 - HKLM..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1219352757312 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{0ac95250-7f0c-11dd-83f1-001f3b3ddcc1}\Shell\AutoRun\command - "" = E:\USBNB.exe -- File not found
O33 - MountPoints2\{1cb99544-edd5-11dd-b9ea-001f3affb9d9}\Shell - "" = AutoRun
O33 - MountPoints2\{1cb99544-edd5-11dd-b9ea-001f3affb9d9}\Shell\1\Command - "" = Recycled.exe
O33 - MountPoints2\{1cb99544-edd5-11dd-b9ea-001f3affb9d9}\Shell\2\Command - "" = Recycled.exe
O33 - MountPoints2\{1cb99544-edd5-11dd-b9ea-001f3affb9d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\hbcd\wintools\autorun.exe -- File not found
O33 - MountPoints2\D\Shell\Option1\Command - "" = D:\hbcd\wintools\autorun.exe -- [2009-02-07 23:39:51 | 00,010,240 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009-04-23 15:19:45 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOKUME~1\HoSchi\Desktop\OTListIt2.exe
[2009-04-23 15:15:36 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009-04-23 15:15:31 | 00,267,612 | ---- | C] () -- C:\DOKUME~1\HoSchi\Desktop\Rooter.exe
[2009-04-23 15:02:33 | 00,393,528 | ---- | C] (Trend Micro Inc.) -- C:\DOKUME~1\HoSchi\Desktop\HijackThis.exe
[2009-04-23 14:29:51 | 02,967,816 | ---- | C] (Malwarebytes Corporation ) -- C:\uehr.exe
[2009-04-23 12:56:30 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-04-23 12:01:33 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\DOKUME~1\HoSchi\Desktop\OTMoveIt3.exe
[2009-04-23 10:32:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-04-23 10:22:55 | 02,999,799 | R--- | C] () -- C:\DOKUME~1\HoSchi\Desktop\ComboFix.exe
[2009-04-23 10:06:48 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-04-23 09:11:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-04-23 09:11:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-04-23 09:11:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-04-23 09:11:50 | 00,109,568 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-04-23 09:11:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-04-23 09:11:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-04-23 09:11:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-04-23 09:11:50 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-04-23 09:11:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-04-23 09:07:30 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-04-23 09:07:30 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-04-23 09:06:50 | 00,000,000 | ---D | C] -- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Malwarebytes
[2009-04-23 09:06:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Malwarebytes
[2009-04-22 10:38:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009-04-22 10:33:32 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009-04-22 10:13:50 | 00,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2009-04-22 10:13:46 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PCSuite
[2009-04-22 10:12:18 | 00,000,000 | ---D | C] -- C:\Programme\iPod
[2009-04-22 10:12:11 | 00,000,000 | ---D | C] -- C:\Programme\iTunes
[2009-04-21 10:26:39 | 00,000,000 | ---D | C] -- C:\Programme\iPod(2)
[2009-04-21 10:26:33 | 00,000,000 | ---D | C] -- C:\Programme\iTunes(2)
[2009-04-21 10:26:33 | 00,000,000 | ---D | C] -- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-04-20 17:49:40 | 00,001,745 | ---- | C] () -- C:\DOKUME~1\ALLUSE~1\Desktop\Nokia PC Suite.lnk
[2009-04-20 17:47:46 | 00,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution(2)
[2009-04-16 17:21:38 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Search Settings
[2009-04-16 17:21:31 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\pdfforge
[2009-04-16 11:56:51 | 00,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2009-04-16 11:56:15 | 00,000,688 | ---- | C] () -- C:\DOKUME~1\ALLUSE~1\Desktop\PDFCreator.lnk
[2009-04-16 11:56:09 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2009-04-16 11:56:09 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009-04-16 11:56:08 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCDE.DLL
[2009-04-16 11:56:08 | 00,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL
[2009-04-16 11:56:08 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2DE.DLL
[2009-04-16 11:56:08 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2009-04-16 11:56:08 | 00,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2009-04-16 10:35:43 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2009-04-16 10:35:42 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2009-04-16 10:35:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\psconv
[2009-04-16 10:35:38 | 00,000,000 | ---D | C] -- C:\Programme\psconvert
[2009-04-15 14:20:33 | 00,001,818 | ---- | C] () -- C:\DOKUME~1\ALLUSE~1\Desktop\Google Earth.lnk
[2009-04-15 14:17:27 | 00,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009-04-15 13:19:02 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009-04-15 13:19:00 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009-04-15 13:19:00 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009-04-15 13:19:00 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009-04-15 13:18:59 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009-04-15 13:18:59 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009-04-15 13:18:58 | 00,736,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009-04-15 13:18:58 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009-04-15 13:18:57 | 00,740,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009-04-15 13:18:57 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009-04-15 13:15:47 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009-04-15 08:38:46 | 00,168,063 | ---- | C] () -- C:\DOKUME~1\HoSchi\Desktop\05042009.jpg
[2009-03-27 11:05:26 | 00,000,880 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009-03-27 11:05:25 | 00,001,954 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2009-03-27 11:05:25 | 00,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2009-03-27 11:05:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP2.DIR
[2009-03-27 11:05:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\_ISTMP1.DIR
[2009-03-25 12:08:25 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\MailFrontier
[2009-03-25 12:04:54 | 10,584,0608 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-03-25 12:04:54 | 01,418,084 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-03-25 11:53:51 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009-03-25 11:53:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009-01-17 14:36:35 | 00,000,140 | ---- | C] () -- C:\WINDOWS\GSAK.INI
[2009-01-05 13:08:39 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-11-23 03:09:14 | 00,340,021 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2008-10-14 12:21:07 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-10-05 15:13:17 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-09-14 23:03:17 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008-09-14 23:03:17 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008-09-09 21:37:51 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008-09-09 21:37:51 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008-08-29 12:15:15 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-08-27 13:21:29 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008-08-27 13:21:11 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008-08-21 10:13:04 | 00,000,388 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2008-08-19 01:06:15 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008-08-18 17:49:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-08-18 17:40:09 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008-08-18 17:34:36 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-08-18 17:33:10 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008-08-18 17:33:10 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008-08-18 17:33:09 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008-08-18 17:33:09 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008-08-18 17:33:09 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008-08-18 17:33:09 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008-08-18 17:27:27 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-08-18 17:27:27 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-08-18 17:27:27 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-08-18 17:27:26 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-08-18 17:23:44 | 00,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008-08-18 17:22:40 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008-08-18 17:20:50 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008-05-26 22:23:36 | 00,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:23:34 | 00,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:23:32 | 00,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-02-04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007-04-12 08:02:14 | 00,000,108 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll
[2007-03-29 23:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007-03-02 14:15:36 | 00,025,261 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007-03-02 14:15:25 | 00,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007-02-27 17:48:38 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007-02-27 17:29:32 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007-01-16 17:12:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006-09-05 14:20:36 | 00,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006-01-27 19:18:01 | 00,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006-01-27 19:05:14 | 00,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-01-27 03:01:34 | 00,000,667 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-01-27 03:01:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005-02-17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001-11-14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009-04-23 15:17:12 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOKUME~1\HoSchi\Desktop\OTListIt2.exe
[2009-04-23 15:12:00 | 00,267,612 | ---- | M] () -- C:\DOKUME~1\HoSchi\Desktop\Rooter.exe
[2009-04-23 14:03:56 | 01,010,492 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-04-23 14:03:56 | 00,443,804 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009-04-23 14:03:56 | 00,403,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-04-23 14:03:56 | 00,085,812 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009-04-23 14:03:56 | 00,063,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-04-23 14:00:34 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-04-23 13:59:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-04-23 12:36:17 | 00,262,144 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009-04-23 12:36:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-04-23 11:58:36 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\DOKUME~1\HoSchi\Desktop\OTMoveIt3.exe
[2009-04-23 11:25:40 | 02,967,816 | ---- | M] (Malwarebytes Corporation ) -- C:\uehr.exe
[2009-04-23 10:49:00 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-04-23 10:29:38 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-04-23 10:29:13 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-04-23 09:49:07 | 00,000,239 | RHS- | M] () -- C:\boot.ini
[2009-04-23 09:49:06 | 00,000,667 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-04-23 09:10:46 | 02,999,799 | R--- | M] () -- C:\DOKUME~1\HoSchi\Desktop\ComboFix.exe
[2009-04-22 11:35:52 | 00,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009-04-22 08:22:54 | 03,712,656 | -H-- | M] () -- C:\DOKUME~1\HoSchi\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009-04-22 08:13:53 | 10,584,0608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-04-22 08:13:25 | 00,176,950 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009-04-22 01:34:18 | 01,418,084 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-04-22 00:37:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2009-04-22 00:21:06 | 01,303,063 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2009-04-22 00:20:56 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009-04-21 10:31:07 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-04-21 10:13:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-04-21 09:58:08 | 00,109,568 | ---- | M] () -- C:\WINDOWS\VFIND.exe
[2009-04-21 08:16:30 | 00,176,950 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009-04-16 11:56:15 | 00,000,688 | ---- | M] () -- C:\DOKUME~1\ALLUSE~1\Desktop\PDFCreator.lnk
[2009-04-16 10:35:42 | 00,000,164 | ---- | M] () -- C:\WINDOWS\System32\psconv.ini
[2009-04-16 00:44:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-04-15 14:20:33 | 00,001,818 | ---- | M] () -- C:\DOKUME~1\ALLUSE~1\Desktop\Google Earth.lnk
[2009-04-15 08:38:46 | 00,168,063 | ---- | M] () -- C:\DOKUME~1\HoSchi\Desktop\05042009.jpg
[2009-04-14 10:31:06 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009-04-06 16:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-03-27 11:05:26 | 00,000,880 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2009-03-27 11:05:25 | 00,001,954 | ---- | M] () -- C:\WINDOWS\_isenv31.ini
[2009-03-27 11:05:25 | 00,000,521 | ---- | M] () -- C:\WINDOWS\_iserr31.ini
[2009-03-27 08:49:30 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-03-25 19:32:05 | 00,003,942 | ---- | M] () -- C:\rollback.ini

========== LOP Check ==========

[2009-04-23 10:08:33 | 00,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten
[2008-10-19 19:29:38 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Adobe
[2008-10-14 20:24:33 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Ahead
[2008-10-29 10:00:12 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Anvil-Soft
[2009-01-30 15:26:04 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Apple Computer
[2009-02-24 13:28:33 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Autodesk
[2008-09-03 21:24:01 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Download Manager
[2008-10-19 20:09:41 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\FileZilla
[2009-03-12 15:42:13 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\GARMIN
[2008-08-24 01:27:36 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Google
[2008-12-08 15:38:00 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Help
[2008-12-04 15:29:53 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\HP
[2009-04-20 17:43:53 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\HPAppData
[2008-08-21 14:38:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\HTML Executable
[2006-01-26 00:26:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Identities
[2008-08-21 15:28:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\IDMComp
[2008-08-18 17:21:53 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\InstallShield
[2008-11-29 22:11:04 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Intel
[2008-08-29 12:40:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\KompoZer
[2008-08-21 09:55:57 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Leadertech
[2008-08-24 02:09:45 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Lenovo
[2008-08-21 10:07:03 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Macromedia
[2009-03-25 18:52:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\MailFrontier
[2009-04-23 09:06:49 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Malwarebytes
[2009-01-24 20:23:39 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Microsoft
[2008-12-05 12:35:30 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\mIRC
[2008-08-21 08:36:05 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Mozilla
[2008-09-29 11:34:03 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Nokia
[2008-09-29 11:34:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\PC Suite
[2009-04-23 09:05:58 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\pdfforge
[2009-04-16 17:21:38 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Search Settings
[2009-04-21 17:25:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Skype
[2009-04-21 16:05:58 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\skypePM
[2008-12-30 01:01:42 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Sony
[2008-09-24 09:05:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Sun
[2008-11-15 23:05:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Unity
[2009-03-25 12:03:40 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\uTorrent
[2008-08-21 15:40:26 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Winamp
[2008-08-21 22:39:57 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Windows Desktop Search
[2008-09-29 22:00:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\Windows Search
[2008-08-21 15:26:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HoSchi\Anwendungsdaten\WinRAR
[2009-04-21 10:13:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009-04-22 00:37:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2004-08-04 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-04-23 10:49:00 | 00,001,044 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009-04-22 11:35:52 | 00,000,874 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009-04-22 00:20:56 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009-04-23 12:36:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\WINDOWS:
< End of report >

OTListIt Extras logfile created on: 2009-04-23 15:20:42 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Dokumente und Einstellungen\HoSchi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143.46 Gb Total Space | 28.71 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUPSERASE
Current User Name: HoSchi
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.ini [@ = UltraEdit.ini] -- C:\Programme\IDM Computer Solutions\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Programme\IDM Computer Solutions\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Programme\IDM Computer Solutions\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Dokumente und Einstellungen\HoSchi\Lokale Einstellungen\Temp\7zS39C7\setup\HPZnui01.exe:*:Enabled:hpznui01.exe File not found
C:\Dokumente und Einstellungen\HoSchi\Lokale Einstellungen\Temp\7zS1644\setup\HPZnui01.exe:*:Enabled:hpznui01.exe File not found
C:\Dokumente und Einstellungen\HoSchi\Lokale Einstellungen\Temp\7zS17B8\setup\hpznui01.exe:*:Enabled:hpznui01.exe File not found
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe (Hewlett-Packard)
C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)
C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe (Hewlett-Packard Development Co. L.P.)
C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC (mIRC Co. Ltd.)
C:\Spiele\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 (Related Designs Software GmbH)
C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek ()
C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process (Nokia Corporation)
C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater (Nokia Corporation)
C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 (Sony Creative Software Inc.)
C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe (Hewlett-Packard)
C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)
C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe (Hewlett-Packard Development Co. L.P.)
C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
C:\Programme\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe (Hewlett-Packard Co.)
C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe (Hewlett-Packard)
C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03AE37D1-AEE3-46F3-A674-CB8527C6896B}" = Garmin BlueChart Atlantic 2008
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1240A058-8BCE-4A3B-BF82-6E5B801D71BA}" = Garmin City Navigator Europe NT 2009 Update
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}" = Nokia Software Updater
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1995E1D4-E9D7-411E-A9A7-F42BD872054A}" = GlobeTrotter Connect
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31492759-0E89-46B5-9770-F6E5808E3017}" = xImage
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3E5C5F80-14E4-4BA1-8699-7C7533562C24}" = TopoGuide Hungary V2.1G
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{46BBED5D-05F1-44D4-8068-8A56DD60A37D}" = AdriaTOPO 2.11
"{46E7E808-5AD2-44B6-B52C-68EB15182D8A}" = TrekMap v2
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523D8C1B-3309-4F8E-A15B-6C0E8A0B7D72}" = Groundspeak Wherigo Builder
"{5414086B-AE06-4332-8A59-26FF0F630D1B}" = Garmin Trip and Waypoint Manager v3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-6000-0409-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2008
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71907510-82AE-49EA-AA22-D9C703C5A987}" = Garmin City Navigator South Africa v6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7D25A304-C82D-41C3-85A8-3BEF84E04887}" = Garmin WebUpdater
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8131E9E7-BA33-472D-99AE-231457F5027F}" = Garmin Communicator Plugin
"{828A3BA6-B5AB-4B03-AC13-443BE0C64C17}" = AdriaROUTE 2.20
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{955D8242-B99E-4A9A-80C4-3FF7D7587EA3}" = Msxml4 SP2
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9643F141-FCC6-4D09-A675-E4790A171564}" = Ukraine v.3.66eL
"{96AF271A-43B5-4615-8D00-26B45EE58FC8}" = Garmin City Navigator North America NT 2008 Update
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D0FB354-3D85-483A-A899-99FB3084942D}" = Garmin MapSource
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1D7AC59-0B14-4B41-B0A4-08D0308147C8}" = RO.A.D.2008
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{B8BFB69F-BBBA-48A9-A788-851222571C77}" = MapSource Product Install
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BF4720EC-795A-4DE4-8A03-F80C52256E03}" = SCG Route 1.90
"{C07B86C3-1816-4C59-927E-0287925DFB96}" = Garmin City Navigator Europe NT 2010 Update
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}" = Garmin USB Drivers
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C3EBEF79-DE34-44AE-8774-F6A17ABE27B2}" = Garmin nRoute
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEA791BB-6F54-48ED-BC2A-F78157C1D558}" = Adobe Setup
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{CFEB72CB-80CC-4233-810E-FE0849E54DC7}" = UltraEdit 14.10
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3492D9E-7FBB-1DF6-F759-2A37FA231031}" = Nero 7 Demo
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D9A3F64E-E496-4BF7-91E0-1BF5F52CAB85}" = GlobeTrotter Connect
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}" = Autodesk Vault 2008
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FAFEC8A4-B37A-4F52-8A72-D9B4F3A67CDA}" = Garmin BlueChart Atlantic v9.5
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)
"Abev6" = Abev6 (Verzió: 6.5.22)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c015d5ef39552390a753ee735d16041" = Adobe Illustrator CS3
"Anthelion 'The Galactic Alliance'" = Anthelion 'The Galactic Alliance'
"AutoCAD Civil 3D 2008" = AutoCAD Civil 3D 2008
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"Autodesk Vault 2008" = Autodesk Vault 2008
"AwayTask" = Maintenance Manager
"BG OFFRoadMap" = BG OFFRoadMap 4.70
"BG Topo Maps_is1" = BG Topo Maps 2.12
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Czech Map (GPS maps)" = Czech Map (GPS maps)
"Czech TOPO 20 (GPS maps)" = Czech TOPO 20 (GPS maps)
"DeInst_d2vexcrd C:/Programme/Austrian Map Fly" = AMap Fly basierend auf Geogrid®-Viewer Version 3.1
"Easy CD-DA Extractor 10" = Easy CD-DA Extractor 10
"Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F13EE0B22AD5D087DFA50E3D4D6F13FC1AAAFB32" = Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"FileZilla Client" = FileZilla Client 3.1.3.1
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"FreePDF_XP" = FreePDF XP (Remove only)
"Garmin Mapsource Greece_is1" = Garmin Mapsource Greece 7.08
"Garmin TOPO Swiss_is1" = Garmin TOPO Swiss
"Geogrid_DPV" = Geogrid® DPV
"Google Updater" = Google Updater
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GSAK (Geocaching Swiss Army Knife)_is1" = GSAK 7.5.1.26 (Beta patch)
"GSAK_is1" = GSAK 7.5.1.28 (Final)
"GSview 4.6" = GSview 4.6
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"Hungary TOPO_is1" = Hungary TOPO
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"Island (TOPO)_is1" = Island (TOPO) für MapSource
"ITopo50_is1" = Italy Topo 50 v1.1
"KompoZer_is1" = KompoZer 0.77
"Lenovo Registration" = Lenovo Registration
"LodeRunner" = LodeRunner
"MakeGoogleMap_is1" = MakeGoogleMap 0.8.178 01.09.2008
"MapSource - Topo Czech & Slovakia" = MapSource - Topo Czech & Slovakia
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"mIRC" = mIRC
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = Anzeige am Bildschirm
"OSM-Austria_is1" = MapSource - OpenStreetMap Austria (2008-10-05)
"PathAway GPS 5 for Windows Mobile" = PathAway GPS 5 for Windows Mobile
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Remove Multimedia Center" = Remove Multimedia Center
"Resco Brain Games" = Resco Brain Games
"Resco Photo Viewer Pro" = Resco Photo Viewer Pro
"Shop for HP Supplies" = Shop for HP Supplies
"Soulseek2" = SoulSeek 157 NS 13c
"ST5UNST #1" = ENIGMA
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Touratech QV 4_is1" = Touratech QV 4
"UnityWebPlayer" = Unity Web Player
"Update Service" = Update Service
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"xplorer2p" = xplorer² professional
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-04-21 00:37:50 | Computer Name = PUPSERASE | Source = Google Update | ID = 20
Description =

Error - 2009-04-21 01:37:50 | Computer Name = PUPSERASE | Source = Google Update | ID = 20
Description =

Error - 2009-04-22 02:13:29 | Computer Name = PUPSERASE | Source = Userenv | ID = 1508
Description = Die Registrierung konnte nicht geladen werden. Dies wird oft durch
zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen
Prozess verwendet wird. for C:\Dokumente und Einstellungen\HoSchi\ntuser.dat

Error - 2009-04-22 02:13:50 | Computer Name = PUPSERASE | Source = Userenv | ID = 1502
Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche
Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigter lokales
Profil. Wenden Sie sich an den Netzwerkadministrator, wenn das Problem weiterhin
besteht. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem
anderen Prozess verwendet wird.

Error - 2009-04-22 02:13:53 | Computer Name = PUPSERASE | Source = Userenv | ID = 1515
Description = Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung
dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error - 2009-04-22 02:13:58 | Computer Name = PUPSERASE | Source = Userenv | ID = 1511
Description = Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem
temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen,
gehen bei der Abmeldung verloren.

Error - 2009-04-22 08:17:08 | Computer Name = PUPSERASE | Source = Diskeeper | ID = 25
Description = DCOM-Fehler. Diskeeper konnte keine Verbindung zu dem Dienst herstellen.
Fehlercode 1.

Error - 2009-04-22 08:17:29 | Computer Name = PUPSERASE | Source = Diskeeper | ID = 25
Description = DCOM-Fehler. Diskeeper konnte keine Verbindung zu dem Dienst herstellen.
Fehlercode 1.

Error - 2009-04-23 03:12:34 | Computer Name = PUPSERASE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pv.cfexe, Version 0.0.0.0, fehlgeschlagenes
Modul pv.cfexe, Version 0.0.0.0, Fehleradresse 0x00005994.

Error - 2009-04-23 03:51:29 | Computer Name = PUPSERASE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pv.cfexe, Version 0.0.0.0, fehlgeschlagenes
Modul pv.cfexe, Version 0.0.0.0, Fehleradresse 0x00005994.

[ OSession Events ]
Error - 2008-09-16 03:21:37 | Computer Name = PUPSERASE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 61433
seconds with 780 seconds of active time. This session ended with a crash.

Error - 2008-09-16 03:21:39 | Computer Name = PUPSERASE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2304
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2008-09-18 09:04:35 | Computer Name = PUPSERASE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24271
seconds with 540 seconds of active time. This session ended with a crash.

Error - 2008-11-07 09:58:22 | Computer Name = PUPSERASE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 448
seconds with 420 seconds of active time. This session ended with a crash.

Error - 2008-11-20 05:40:02 | Computer Name = PUPSERASE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8628
seconds with 240 seconds of active time. This session ended with a crash.

Error - 2008-11-23 13:02:10 | Computer Name = PUPSERASE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 65033
seconds with 660 seconds of active time. This session ended with a crash.

Error - 2009-03-24 06:56:04 | Computer Name = PUPSERASE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12775
seconds with 540 seconds of active time. This session ended with a crash.

Error - 2009-03-27 05:02:10 | Computer Name = PUPSERASE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2882
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2009-04-14 11:04:18 | Computer Name = PUPSERASE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3851
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2009-04-23 08:59:08 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-04-23 09:14:11 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-04-23 09:14:22 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-04-23 09:16:13 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-04-23 09:16:45 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-04-23 09:17:51 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-04-23 09:17:53 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-04-23 09:18:39 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-04-23 09:19:23 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2009-04-23 09:19:50 | Computer Name = PUPSERASE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

ComboFix 09-04-23.04 - HoSchi 2009-04-23 10:23.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3054.2691 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\HoSchi\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *enabled*

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\pdfxls2.dll
c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\EurekaLog
c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\EurekaLog\EurekaLog.ini

.
((((((((((((((((((((((( Dateien erstellt von 2009-05-23 bis 2009-4-23 ))))))))))))))))))))))))))))))
.

2009-04-23 09:58 . 2009-04-23 09:10 2999799 ----a-r c:\dokumente und einstellungen\HoSchi\ComboFix.exe
2009-04-23 07:07 . 2009-02-11 07:19 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 07:07 . 2009-02-11 07:19 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 07:06 . 2009-04-23 07:06 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-04-23 07:06 . 2009-04-23 07:06 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\Malwarebytes
2009-04-22 08:13 . 2009-04-22 08:13 -------- d-----w c:\programme\PC Connectivity Solution
2009-04-22 08:13 . 2009-04-22 08:13 -------- d-----w c:\programme\Gemeinsame Dateien\PCSuite
2009-04-22 08:12 . 2009-04-22 08:12 -------- d-----w c:\programme\iPod
2009-04-22 08:12 . 2009-04-22 08:12 -------- d-----w c:\programme\iTunes
2009-04-22 06:14 . 2009-04-22 08:10 -------- d-----w c:\dokumente und einstellungen\TEMP(2)\Favoriten(2)
2009-04-22 06:14 . 2009-04-22 08:10 -------- d-----w c:\dokumente und einstellungen\TEMP(2)\Eigene Dateien(2)
2009-04-22 06:14 . 2009-04-22 08:10 -------- d-----w c:\dokumente und einstellungen\TEMP(2)\Anwendungsdaten(2)
2009-04-22 06:14 . 2009-04-22 06:14 -------- d-----w c:\dokumente und einstellungen\TEMP(2)\Cookies(2)
2009-04-22 06:14 . 2009-04-22 08:10 -------- d-----w c:\dokumente und einstellungen\TEMP(2)\Lokale Einstellungen(2)
2009-04-22 06:14 . 2009-04-22 08:10 -------- d-----w c:\dokumente und einstellungen\TEMP(2)\Vorlagen(2)
2009-04-22 06:13 . 2009-04-22 08:10 -------- d-s---w c:\dokumente und einstellungen\TEMP(2)
2009-04-21 08:26 . 2009-04-22 08:12 -------- d-----w c:\programme\iPod(2)
2009-04-21 08:26 . 2009-04-22 08:12 -------- d-----w c:\programme\iTunes(2)
2009-04-21 08:26 . 2009-04-21 08:27 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-20 15:47 . 2009-04-22 08:13 -------- d-----w c:\programme\PC Connectivity Solution(2)
2009-04-16 15:21 . 2009-04-16 15:21 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\Search Settings
2009-04-16 15:21 . 2009-04-23 07:05 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\pdfforge
2009-04-16 09:56 . 2009-04-16 09:56 -------- d-----w c:\programme\pdfforge Toolbar
2009-04-16 09:56 . 2004-03-08 23:00 662288 ----a-w c:\windows\system32\MSCOMCT2.OCX
2009-04-16 09:56 . 2001-10-28 15:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-04-16 09:56 . 2009-04-16 09:57 -------- d-----w c:\programme\PDFCreator
2009-04-16 09:56 . 1998-07-06 16:56 125712 ----a-w c:\windows\system32\VB6DE.DLL
2009-04-16 09:56 . 1998-07-06 16:55 158208 ----a-w c:\windows\system32\MSCMCDE.DLL
2009-04-16 09:56 . 1998-07-06 16:55 64512 ----a-w c:\windows\system32\MSCC2DE.DLL
2009-04-16 09:56 . 1998-07-05 23:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-04-16 08:35 . 2001-10-28 23:42 116224 ----a-w c:\windows\system32\pdfmonnt.dll
2009-04-16 08:35 . 2009-04-16 08:35 164 ----a-w c:\windows\system32\psconv.ini
2009-04-16 08:35 . 2009-04-16 08:35 -------- d-----w c:\windows\system32\psconv
2009-04-16 08:35 . 2009-04-16 08:35 -------- d-----w c:\programme\psconvert
2009-04-15 11:19 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:19 . 2009-03-06 14:19 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 11:19 . 2009-02-09 11:21 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 11:19 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:18 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:18 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 11:18 . 2009-02-09 10:51 736768 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 11:18 . 2009-02-09 10:51 678400 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 11:18 . 2009-02-09 10:51 740352 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:18 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:15 . 2008-04-21 21:13 217600 ------w c:\windows\system32\dllcache\wordpad.exe
2009-03-27 09:05 . 2009-03-27 09:05 880 ----a-w c:\windows\_delis32.ini
2009-03-27 09:05 . 2009-03-27 09:05 521 ----a-w c:\windows\_iserr31.ini
2009-03-27 09:05 . 2009-03-27 09:05 1954 ----a-w c:\windows\_isenv31.ini
2009-03-27 09:05 . 2009-03-27 09:05 -------- d-----w c:\windows\_ISTMP2.DIR
2009-03-27 09:05 . 2009-03-27 09:05 -------- d-----w c:\windows\_ISTMP1.DIR
2009-03-25 10:08 . 2009-03-25 16:52 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\MailFrontier
2009-03-25 10:04 . 2009-04-22 06:13 105840608 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-25 10:04 . 2009-04-21 23:34 1418084 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-25 09:53 . 2009-02-15 22:10 72584 ----a-w c:\windows\zllsputility.exe
2009-03-25 09:53 . 2009-02-15 22:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-03-25 09:53 . 2009-04-23 08:11 262144 ----a-w c:\windows\system32\vsconfig.xml
2009-03-24 11:05 . 2009-03-24 11:05 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-24 11:02 . 2009-03-24 11:02 -------- d-----w c:\programme\QuickTime

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 08:17 . 2006-01-27 01:01 85812 ----a-w c:\windows\system32\perfc007.dat
2009-04-23 08:17 . 2006-01-27 01:01 443804 ----a-w c:\windows\system32\perfh007.dat
2009-04-23 07:54 . 2009-04-23 08:11 2291712 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-04-23 07:54 . 2009-04-23 08:11 187392 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-04-22 14:08 . 2009-04-22 14:18 2291200 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-04-22 08:13 . 2008-09-29 09:29 -------- d-----w c:\programme\Nokia
2009-04-22 08:12 . 2008-12-11 10:46 -------- d-----w c:\programme\Gemeinsame Dateien\Apple
2009-04-22 06:14 . 2009-04-22 06:14 2387456 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-04-21 23:28 . 2008-08-23 23:25 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2009-04-21 15:26 . 2009-04-21 22:19 1051136 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-04-21 15:25 . 2008-08-21 13:19 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\Skype
2009-04-21 14:05 . 2008-08-21 13:24 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\skypePM
2009-04-21 06:16 . 2008-11-29 20:19 176950 ----a-w c:\windows\system32\nvModes.dat
2009-04-20 22:31 . 2009-04-20 22:31 57138 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_20_22_53_12_small.dmp.zip
2009-04-20 15:49 . 2008-09-29 09:30 -------- d-----w c:\programme\Gemeinsame Dateien\Nokia
2009-04-20 15:43 . 2008-12-04 14:55 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\HPAppData
2009-04-20 15:42 . 2008-09-29 09:29 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations
2009-04-20 15:11 . 2009-04-20 15:35 220672 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-04-19 23:02 . 2009-04-20 06:11 542208 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-04-17 13:33 . 2009-04-17 13:48 689664 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-04-16 09:56 . 2009-04-22 08:21 2298880 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-04-15 22:40 . 2008-08-20 19:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-04-15 12:20 . 2008-08-18 15:40 -------- d-----w c:\programme\Google
2009-04-14 15:05 . 2009-04-14 16:59 3085312 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-04-14 08:31 . 2008-08-21 06:41 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-03-27 13:11 . 2009-03-27 16:09 361984 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-03-27 08:57 . 2008-08-29 10:18 -------- d-----w c:\programme\TTQV4
2009-03-26 19:07 . 2009-03-26 21:30 263680 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-03-25 17:32 . 2008-08-21 19:44 3942 -c--a-w C:\rollback.ini
2009-03-25 14:09 . 2009-03-25 16:46 501760 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-03-25 10:03 . 2008-11-22 23:51 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\uTorrent
2009-03-21 14:06 . 2009-03-21 14:06 1063424 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 12:54 . 2009-03-19 12:53 -------- d-----r c:\programme\Skype
2009-03-19 12:54 . 2009-03-19 12:54 -------- d-----w c:\programme\Gemeinsame Dateien\Skype
2009-03-19 12:54 . 2008-08-21 13:18 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2009-03-19 08:14 . 2008-09-11 13:30 -------- d-----w c:\programme\Bonjour
2009-03-15 17:28 . 2009-03-15 17:16 159190 ----a-w c:\windows\hpoins30.dat
2009-03-15 17:28 . 2008-08-25 11:18 -------- d-----w c:\programme\HP
2009-03-15 17:25 . 2008-08-25 11:32 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP
2009-03-15 17:25 . 2009-03-15 17:25 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Product Assistant
2009-03-15 17:18 . 2009-03-15 17:18 -------- d-----w c:\programme\Gemeinsame Dateien\HP
2009-03-15 17:18 . 2009-03-15 17:18 -------- d-----w c:\programme\Hewlett-Packard
2009-03-15 11:11 . 2008-10-03 12:45 8451270 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-12 13:42 . 2008-08-21 09:27 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\GARMIN
2009-03-12 13:40 . 2008-09-20 14:32 -------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-03-06 14:19 . 2006-01-27 01:01 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-11-07 19:03 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:03 . 2006-01-27 01:01 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 10:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-24 11:28 . 2008-11-25 13:43 -------- d-----w c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\Autodesk
2009-02-24 11:28 . 2008-11-25 13:43 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Autodesk
2009-02-24 11:28 . 2008-11-25 13:43 -------- d-----w c:\programme\AutoCAD Civil 3D 2008
2009-02-20 10:20 . 2008-08-21 08:50 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 01:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 01:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-13 13:11 . 2008-09-29 20:58 216 -c--a-w C:\ASLog.txt
2009-02-10 17:03 . 2008-10-15 06:21 2068352 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:04 . 2008-10-15 06:21 1846912 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2006-01-27 01:00 1846912 ------w c:\windows\system32\win32k.sys
2009-02-09 11:21 . 2008-10-15 06:21 2191360 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:21 . 2008-10-15 06:21 2026496 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:21 . 2004-08-04 00:50 2026496 ------w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:21 . 2008-10-15 06:21 2147840 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:21 . 2006-01-27 01:00 2147840 ------w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2006-01-27 01:01 111104 ------w c:\windows\system32\services.exe
2009-02-09 10:51 . 2006-01-27 01:01 736768 ------w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2006-01-27 01:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2006-01-27 01:00 678400 ------w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2006-01-27 01:01 740352 ------w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2006-01-27 01:01 35328 ------w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2009-02-03 19:57 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2006-01-27 01:01 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-25 14:29 . 2008-08-20 18:20 100808 ------w c:\dokumente und einstellungen\HoSchi\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-10-02 17:58 . 2008-08-23 08:43 69240 ------w c:\dokumente und einstellungen\BussiMaus\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-10-02 17:58 . 2008-08-21 18:32 142 ------w c:\dokumente und einstellungen\BussiMaus\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2008-08-21 19:40 . 2008-08-20 11:20 139 ------w c:\dokumente und einstellungen\HoSchi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2006-02-16 08:18 . 2006-02-16 08:18 146 ------w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2007-04-12 06:02 . 2007-04-12 06:02 108 --sh--r c:\windows\neoqaz2.dll
2008-08-18 15:52 . 2008-08-18 15:52 32768 --sh--w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008081820080819\index.dat
2008-08-20 11:14 . 2008-08-20 11:12 32768 --sh--w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008082020080821\index.dat
2008-08-21 08:41 . 2008-08-21 08:41 32768 --sh--w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008082120080822\index.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 13:12 650752 ----a-w c:\programme\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\programme\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-28 925696]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-01-05 413696]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-16 13537280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"hpqSRMon"="c:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-07 243248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 2618944]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"AMSG"="c:\progra~1\THINKV~2\AMSG\amsg.exe" [2007-02-01 419376]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-15 425984]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SearchSettings"="c:\programme\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-03-29 181808]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-07-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 20:17 89600 ------w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w c:\programme\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 18:14 28672 ------w c:\programme\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-08-15 20:37 32768 ------w c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\mIRC\\mirc.exe"=
"c:\\Spiele\\Anno 1701\\Anno1701.exe"=
"c:\\Programme\\SoulseekNS\\slsk.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"427:UDP"= 427:UDP:SLP_Port(427)

R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2008-08-15 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\Drivers\IBMBLDID.sys [2008-08-15 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2006-12-19 4442]
R2 GtDetectSc;GtDetectSc;c:\programme\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704]
R2 GtFlashSwitch;GtFlashSwitch;c:\programme\Gemeinsame Dateien\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]
R2 gupdate1c9bdc423955a40;Google Update Service (gupdate1c9bdc423955a40);c:\programme\Google\Update\GoogleUpdate.exe [2009-04-15 133104]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programme\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344]
R3 GTFFBUS;GT FF BUS;c:\windows\system32\DRIVERS\gtffbus.sys [2007-01-15 17152]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 122240]
R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-01-15 8064]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-01-15 36992]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
S0 Shockprf;Shockprf;c:\windows\System32\DRIVERS\Apsx86.sys [2007-03-02 100656]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2007-03-02 19760]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ac95250-7f0c-11dd-83f1-001f3b3ddcc1}]
\Shell\AutoRun\command - E:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cb99544-edd5-11dd-b9ea-001f3affb9d9}]
\shell\1\Command - Recycled.exe
\shell\2\Command - Recycled.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
.
Inhalt des "geplante Tasks" Ordners

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-21 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]

2009-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-18 09:54]

2009-04-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-15 12:17]

2009-04-21 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-08-18 16:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.live.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumente und einstellungen\HoSchi\Anwendungsdaten\Mozilla\Firefox\Profiles\2d56rjye.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - component: c:\programme\Lenovo\Client Security Solution\PWM Firefox Extension\components\tvtpwm_moz_xpcom.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\programme\Mozilla Firefox\extensions\[email protected]\components\SearchSettingsFF.dll
FF - component: c:\programme\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Garmin GPS Plugin\npGarmin.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programme\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 10:29
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(364)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\ThinkVantage Fingerprint Software\crypto.dll
c:\programme\ThinkVantage Fingerprint Software\remote.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(420)
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkPad\ConnectUtilities\ACGina.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACON.dll
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\programme\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
Zeit der Fertigstellung: 2009-04-23 10:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-04-23 08:31

Vor Suchlauf: 36 Verzeichnis(se), 13,720,293,376 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 14,534,463,488 Bytes frei

383 --- E O F --- 2009-04-15 22:44


I hope you can help me out somehow

Edited by pupilli, 23 April 2009 - 07:31 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP