EXP/pidief.dis

Frischling · 08.11.2012, 12:33

Hallo erstmal

gestern Abend ließ ich Avira durchlaufen und dann kam auch schon der Fund "EXP/pidief.dis". Wirklich was aufgefallen ist mir nicht und ohne Avira wäre es mir auch gar nicht aufgefallen. Das einzige was ich gestern Abend bemerkte, waren zweimal kurze...wie soll ich das beschreiben...Tonabfolgen, die von irgendwo her kamen und die ich nicht zuordnen konnte und das mein Laptop auf einer Seite sozusagen gehangen hat (das passierte ungefähr zeitgleich) es war im übrigen eine Seite zu Smaragden

, das hat mich misstrauisch gemacht und deswegen hab ich Avira mal durchlaufen lassen. Habe den Fund auch direkt in Quarantäne verschoben.
Abgesehen davon hat Aivra zwei Warnungen gegeben, von wegen Kennwort geschützt...joah aber das eine mit dem Kennwort (welches sich auf Avira selbst bezieht) zeigt Avira ständig an (also die hier: C:\Users\Musterfrau\Downloads\avira_free_antivirus_de12001125.exe
[WARNUNG] Die Datei ist kennwortgeschützt ) bitte sagt mir nicht, dass ist noch dazu irgendein Virus x.x ich dachte mir bei der Meldung nie viel

Habe die Liste abgearbeitet, die für alle Hilfesuchenden

Report von Avira:

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 7. November 2012  22:15

Es wird nach 4462997 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : Musterfrau-LAPTOP

Versionsinformationen:
BUILD.DAT      : 12.0.0.1199    40869 Bytes  07.09.2012 22:14:00
AVSCAN.EXE     : 12.3.0.33     468472 Bytes  08.08.2012 20:31:29
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  02.05.2012 00:02:50
LUKE.DLL       : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL      : 12.3.0.17     232200 Bytes  16.05.2012 13:29:00
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 15:13:07
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 12:42:06
VBASE007.VDF   : 7.11.45.207  2363904 Bytes  11.10.2012 12:10:28
VBASE008.VDF   : 7.11.45.208     2048 Bytes  11.10.2012 12:10:28
VBASE009.VDF   : 7.11.45.209     2048 Bytes  11.10.2012 12:10:28
VBASE010.VDF   : 7.11.45.210     2048 Bytes  11.10.2012 12:10:28
VBASE011.VDF   : 7.11.45.211     2048 Bytes  11.10.2012 12:10:28
VBASE012.VDF   : 7.11.45.212     2048 Bytes  11.10.2012 12:10:28
VBASE013.VDF   : 7.11.45.213     2048 Bytes  11.10.2012 12:10:28
VBASE014.VDF   : 7.11.46.65    220160 Bytes  16.10.2012 19:16:32
VBASE015.VDF   : 7.11.46.153   173568 Bytes  18.10.2012 19:31:42
VBASE016.VDF   : 7.11.46.223   162304 Bytes  19.10.2012 19:35:47
VBASE017.VDF   : 7.11.47.35    126464 Bytes  22.10.2012 10:37:24
VBASE018.VDF   : 7.11.47.95    175616 Bytes  24.10.2012 10:37:25
VBASE019.VDF   : 7.11.47.177   164352 Bytes  26.10.2012 12:11:05
VBASE020.VDF   : 7.11.47.229   143360 Bytes  28.10.2012 12:11:05
VBASE021.VDF   : 7.11.48.47    138240 Bytes  30.10.2012 11:28:22
VBASE022.VDF   : 7.11.48.135   122880 Bytes  01.11.2012 11:28:22
VBASE023.VDF   : 7.11.48.209   142848 Bytes  05.11.2012 18:40:22
VBASE024.VDF   : 7.11.48.243   119296 Bytes  05.11.2012 18:40:22
VBASE025.VDF   : 7.11.49.47    136704 Bytes  07.11.2012 18:41:01
VBASE026.VDF   : 7.11.49.48      2048 Bytes  07.11.2012 18:41:01
VBASE027.VDF   : 7.11.49.49      2048 Bytes  07.11.2012 18:41:01
VBASE028.VDF   : 7.11.49.50      2048 Bytes  07.11.2012 18:41:01
VBASE029.VDF   : 7.11.49.51      2048 Bytes  07.11.2012 18:41:01
VBASE030.VDF   : 7.11.49.52      2048 Bytes  07.11.2012 18:41:02
VBASE031.VDF   : 7.11.49.74     55808 Bytes  07.11.2012 18:41:02
Engineversion  : 8.2.10.196
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 11:33:45
AESCRIPT.DLL   : 8.1.4.64      463228 Bytes  06.11.2012 18:40:24
AESCN.DLL      : 8.1.9.2       131444 Bytes  01.10.2012 12:31:58
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 20:13:04
AERDL.DLL      : 8.2.0.74      643445 Bytes  07.11.2012 18:41:05
AEPACK.DLL     : 8.3.0.38      811382 Bytes  01.10.2012 12:31:58
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  06.11.2012 18:40:24
AEHEUR.DLL     : 8.1.4.130    5513592 Bytes  07.11.2012 18:41:05
AEHELP.DLL     : 8.1.25.2      258423 Bytes  12.10.2012 12:10:37
AEGEN.DLL      : 8.1.6.8       434548 Bytes  07.11.2012 18:41:03
AEEXP.DLL      : 8.2.0.10      119158 Bytes  06.11.2012 18:40:24
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 11:33:45
AECORE.DLL     : 8.1.29.2      201079 Bytes  07.11.2012 18:41:02
AEBB.DLL       : 8.1.1.4        53619 Bytes  06.11.2012 18:40:23
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL     : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL      : 12.3.0.15     179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL     : 12.3.0.15     211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 20:31:29
NETNT.DLL      : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 20:31:26
RCTEXT.DLL     : 12.3.0.31     100088 Bytes  08.08.2012 20:31:26

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PFS,+SPR,

Beginn des Suchlaufs: Mittwoch, 7. November 2012  22:15

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '179' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_4_402_287.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_4_402_287.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '166' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUService.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'PWMDBSVC.EXE' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'pidgin.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACTray.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPKNRRES.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlkd.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '198' Modul(e) wurden durchsucht
Durchsuche Prozess 'tposdsvc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'PWMEWSVC.EXE' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPKNRSVC.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'MICMUTE.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAMMUTE.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKLOAD.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'atibtmon.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2115' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Musterfrau\AppData\Local\Mozilla\Firefox\Profiles\Musterfrau\Cache\1\53\5F912d01
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/Pidief.dis
C:\Users\Musterfrau\Downloads\avira_free_antivirus_de12001125.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Users\Musterfrau\Dropbox\Bilogie Semester III (1)\ALTKLAUSUREN\3.Semester\Biochemie 2012\Biochemie Klausuren 2011\Biochemie Klausuren 2011.zip
  [WARNUNG]   Die Datei ist kennwortgeschützt

Beginne mit der Desinfektion:
C:\Users\Musterfrau\AppData\Local\Mozilla\Firefox\Profiles\Musterfrau\Cache\1\53\5F912d01
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/Pidief.dis
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55c043ce.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 7. November 2012  23:28
Benötigte Zeit:  1:12:52 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  22877 Verzeichnisse wurden überprüft
 435356 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 435355 Dateien ohne Befall
   3965 Archive wurden durchsucht
      2 Warnungen
      2 Hinweise
 409833 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden

Nun habe ich wie in der Anleitung beschrieben mir DeFogger runtergeladen und das ausgeführt, was in der Einleutung stand. Die defogger_disable Log stand in meinem Downloadordner, als ich ihn öffnete:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:33 on 07/11/2012 (Musterfrau)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

Danach habe ich mir OTL von Oldtimer runtergeladen und den Quick Scan ausgeführt, die logs wurden ausgespuckt:

1. Inhalt aus OTL.txt

Code:

ATTFilter

 OTL logfile created on: 07.11.2012 23:40:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Musterfrau\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 66,20% Memory free
5,49 Gb Paging File | 4,41 Gb Available in Paging File | 80,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270,35 Gb Total Space | 133,81 Gb Free Space | 49,50% Space Free | Partition Type: NTFS
 
Computer Name: Musterfrau-LAPTOP | User Name: Musterfrau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.07 23:01:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Musterfrau\Downloads\OTL.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.06 12:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.08 21:31:28 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Musterfrau\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.08.20 18:05:44 | 000,048,618 | ---- | M] (The Pidgin developer community) -- C:\Programme\Pidgin\pidgin.exe
PRC - [2011.07.25 22:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2011.07.15 14:44:18 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011.07.04 02:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011.07.04 02:02:00 | 000,083,304 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2011.07.04 02:02:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.06.13 17:43:28 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2011.06.13 17:43:28 | 000,804,128 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2011.06.13 17:43:28 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2011.05.26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.14 12:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011.04.14 12:22:30 | 000,431,464 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\ACTray.exe
PRC - [2011.04.14 12:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe
PRC - [2011.04.14 12:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011.04.04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011.04.04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.03.29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.27 12:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010.07.27 12:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010.07.27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2010.07.06 20:51:12 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.07.06 20:50:44 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.04.07 13:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 13:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 21:08:50 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 21:08:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 21:08:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 23:00:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 22:58:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 22:58:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 22:58:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 22:58:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.09.14 20:05:15 | 000,904,525 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2011.09.14 20:05:15 | 000,535,264 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\freetype6.dll
MOD - [2011.09.14 20:05:15 | 000,482,872 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2011.09.14 20:05:15 | 000,279,059 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2011.09.14 20:05:15 | 000,219,305 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2011.09.14 20:05:15 | 000,143,096 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2011.09.14 20:05:15 | 000,095,189 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2011.09.14 20:05:15 | 000,090,496 | ---- | M] () -- C:\Programme\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2011.09.14 20:05:15 | 000,055,808 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\zlib1.dll
MOD - [2011.08.20 18:05:44 | 000,325,180 | ---- | M] () -- C:\Programme\Pidgin\libjabber.dll
MOD - [2011.08.20 18:05:44 | 000,288,309 | ---- | M] () -- C:\Programme\Pidgin\plugins\libmsn.dll
MOD - [2011.08.20 18:05:44 | 000,251,285 | ---- | M] () -- C:\Programme\Pidgin\liboscar.dll
MOD - [2011.08.20 18:05:44 | 000,190,214 | ---- | M] () -- C:\Programme\Pidgin\libymsg.dll
MOD - [2011.08.20 18:05:44 | 000,180,516 | ---- | M] () -- C:\Programme\Pidgin\plugins\libgg.dll
MOD - [2011.08.20 18:05:44 | 000,147,158 | ---- | M] () -- C:\Programme\Pidgin\plugins\libsilc.dll
MOD - [2011.08.20 18:05:44 | 000,119,368 | ---- | M] () -- C:\Programme\Pidgin\plugins\libmxit.dll
MOD - [2011.08.20 18:05:44 | 000,093,250 | ---- | M] () -- C:\Programme\Pidgin\plugins\libsametime.dll
MOD - [2011.08.20 18:05:44 | 000,087,918 | ---- | M] () -- C:\Programme\Pidgin\plugins\libnovell.dll
MOD - [2011.08.20 18:05:44 | 000,086,376 | ---- | M] () -- C:\Programme\Pidgin\plugins\libmyspace.dll
MOD - [2011.08.20 18:05:44 | 000,075,085 | ---- | M] () -- C:\Programme\Pidgin\plugins\libirc.dll
MOD - [2011.08.20 18:05:44 | 000,070,345 | ---- | M] () -- C:\Programme\Pidgin\plugins\libbonjour.dll
MOD - [2011.08.20 18:05:44 | 000,061,569 | ---- | M] () -- C:\Programme\Pidgin\plugins\spellchk.dll
MOD - [2011.08.20 18:05:44 | 000,043,176 | ---- | M] () -- C:\Programme\Pidgin\plugins\libsimple.dll
MOD - [2011.08.20 18:05:44 | 000,038,873 | ---- | M] () -- C:\Programme\Pidgin\plugins\log_reader.dll
MOD - [2011.08.20 18:05:44 | 000,033,896 | ---- | M] () -- C:\Programme\Pidgin\plugins\xmppdisco.dll
MOD - [2011.08.20 18:05:44 | 000,029,185 | ---- | M] () -- C:\Programme\Pidgin\plugins\xmppconsole.dll
MOD - [2011.08.20 18:05:44 | 000,023,339 | ---- | M] () -- C:\Programme\Pidgin\plugins\themeedit.dll
MOD - [2011.08.20 18:05:44 | 000,022,446 | ---- | M] () -- C:\Programme\Pidgin\plugins\ticker.dll
MOD - [2011.08.20 18:05:44 | 000,022,242 | ---- | M] () -- C:\Programme\Pidgin\plugins\pidginrc.dll
MOD - [2011.08.20 18:05:44 | 000,021,753 | ---- | M] () -- C:\Programme\Pidgin\plugins\win2ktrans.dll
MOD - [2011.08.20 18:05:44 | 000,021,709 | ---- | M] () -- C:\Programme\Pidgin\plugins\winprefs.dll
MOD - [2011.08.20 18:05:44 | 000,021,699 | ---- | M] () -- C:\Programme\Pidgin\plugins\notify.dll
MOD - [2011.08.20 18:05:44 | 000,018,706 | ---- | M] () -- C:\Programme\Pidgin\plugins\ssl-nss.dll
MOD - [2011.08.20 18:05:44 | 000,017,910 | ---- | M] () -- C:\Programme\Pidgin\plugins\convcolors.dll
MOD - [2011.08.20 18:05:44 | 000,016,371 | ---- | M] () -- C:\Programme\Pidgin\plugins\libxmpp.dll
MOD - [2011.08.20 18:05:44 | 000,016,330 | ---- | M] () -- C:\Programme\Pidgin\plugins\libyahoo.dll
MOD - [2011.08.20 18:05:44 | 000,016,291 | ---- | M] () -- C:\Programme\Pidgin\plugins\timestamp_format.dll
MOD - [2011.08.20 18:05:44 | 000,014,269 | ---- | M] () -- C:\Programme\Pidgin\plugins\markerline.dll
MOD - [2011.08.20 18:05:44 | 000,013,426 | ---- | M] () -- C:\Programme\Pidgin\plugins\autoaccept.dll
MOD - [2011.08.20 18:05:44 | 000,013,291 | ---- | M] () -- C:\Programme\Pidgin\plugins\libyahoojp.dll
MOD - [2011.08.20 18:05:44 | 000,012,953 | ---- | M] () -- C:\Programme\Pidgin\plugins\timestamp.dll
MOD - [2011.08.20 18:05:44 | 000,012,380 | ---- | M] () -- C:\Programme\Pidgin\plugins\history.dll
MOD - [2011.08.20 18:05:44 | 000,011,517 | ---- | M] () -- C:\Programme\Pidgin\plugins\idle.dll
MOD - [2011.08.20 18:05:44 | 000,011,029 | ---- | M] () -- C:\Programme\Pidgin\plugins\joinpart.dll
MOD - [2011.08.20 18:05:44 | 000,010,521 | ---- | M] () -- C:\Programme\Pidgin\plugins\offlinemsg.dll
MOD - [2011.08.20 18:05:44 | 000,010,015 | ---- | M] () -- C:\Programme\Pidgin\plugins\libicq.dll
MOD - [2011.08.20 18:05:44 | 000,009,712 | ---- | M] () -- C:\Programme\Pidgin\plugins\extplacement.dll
MOD - [2011.08.20 18:05:44 | 000,009,476 | ---- | M] () -- C:\Programme\Pidgin\plugins\statenotify.dll
MOD - [2011.08.20 18:05:44 | 000,009,084 | ---- | M] () -- C:\Programme\Pidgin\plugins\libaim.dll
MOD - [2011.08.20 18:05:44 | 000,009,055 | ---- | M] () -- C:\Programme\Pidgin\plugins\sendbutton.dll
MOD - [2011.08.20 18:05:44 | 000,008,927 | ---- | M] () -- C:\Programme\Pidgin\plugins\relnot.dll
MOD - [2011.08.20 18:05:44 | 000,008,878 | ---- | M] () -- C:\Programme\Pidgin\plugins\psychic.dll
MOD - [2011.08.20 18:05:44 | 000,007,645 | ---- | M] () -- C:\Programme\Pidgin\plugins\gtkbuddynote.dll
MOD - [2011.08.20 18:05:44 | 000,006,954 | ---- | M] () -- C:\Programme\Pidgin\plugins\newline.dll
MOD - [2011.08.20 18:05:44 | 000,006,875 | ---- | M] () -- C:\Programme\Pidgin\plugins\iconaway.dll
MOD - [2011.08.20 18:05:44 | 000,006,751 | ---- | M] () -- C:\Programme\Pidgin\plugins\buddynote.dll
MOD - [2011.08.20 18:05:44 | 000,006,526 | ---- | M] () -- C:\Programme\Pidgin\plugins\ssl.dll
MOD - [2011.08.20 18:05:42 | 002,719,062 | ---- | M] () -- C:\Programme\Pidgin\libsilc-1-1-2.dll
MOD - [2011.08.20 18:05:42 | 001,206,642 | ---- | M] () -- C:\Programme\Pidgin\libsilcclient-1-1-2.dll
MOD - [2011.08.20 18:05:42 | 000,582,656 | ---- | M] () -- C:\Programme\Pidgin\exchndl.dll
MOD - [2011.08.20 18:05:42 | 000,475,580 | ---- | M] () -- C:\Programme\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2011.08.20 18:05:42 | 000,417,501 | ---- | M] () -- C:\Programme\Pidgin\sqlite3.dll
MOD - [2011.08.20 18:05:42 | 000,173,805 | ---- | M] () -- C:\Programme\Pidgin\libmeanwhile-1.dll
MOD - [2011.08.20 18:05:40 | 001,213,633 | ---- | M] () -- C:\Programme\Pidgin\libxml2-2.dll
MOD - [2011.07.15 14:43:48 | 000,066,856 | ---- | M] () -- C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2011.07.04 02:02:00 | 000,054,272 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2011.06.13 17:43:40 | 000,132,384 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.06 20:26:46 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.05.15 14:01:26 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.30 16:55:12 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.08 20:59:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.25 22:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.04 02:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.07.04 02:02:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.06.13 17:43:28 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.04.20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.14 12:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011.04.14 12:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.04.04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.07.27 12:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010.07.27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.07.06 20:50:44 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.04.07 13:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.11.24 22:23:16 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011.11.24 22:23:12 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.09.14 22:42:20 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.09.14 22:42:20 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.07.04 02:02:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.03.29 18:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.03.29 18:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2011.02.23 08:14:44 | 001,033,832 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.08.18 09:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010.07.06 21:29:18 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.07.06 21:29:18 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.07.06 20:15:26 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.06.22 12:27:46 | 000,521,344 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010.06.17 16:18:24 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.29 04:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010.04.28 10:40:34 | 000,125,824 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.02.19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 80 F9 77 70 95 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{49BFE588-6A3B-4B1B-92C4-D79FABAF2BCC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=6AA7EBE3-47A0-4247-8CF7-E5891F0EBA89&apn_sauid=56AE5403-EF0B-4141-B33A-59E9D14F4457
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 20:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 16:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 16:55:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.09.14 18:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Extensions
[2012.11.04 20:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Musterfrau\extensions
[2012.10.12 22:12:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Musterfrau\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.10.22 09:59:23 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Musterfrau\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.10.13 16:37:10 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Musterfrau\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.10.12 22:17:50 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Musterfrau\extensions\firefox@ghostery.com
[2012.09.19 08:01:07 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\autopager@mozilla.org.xpi
[2011.10.14 19:37:38 | 000,008,359 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\copy-pure-text@kashiif-gmail.com.xpi
[2012.10.12 22:15:45 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\extension@ciuvo.com.xpi
[2012.10.08 09:57:13 | 000,142,418 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\firegestures@xuldev.org.xpi
[2012.10.12 22:17:50 | 000,083,513 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\secureLogin@blueimp.net.xpi
[2012.10.12 22:17:50 | 000,631,898 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\stefanvandamme@stefanvd.net.xpi
[2012.10.12 22:12:13 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.11.04 20:42:38 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.10.12 22:12:13 | 000,015,706 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi
[2012.07.21 16:25:54 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.10.12 22:14:34 | 000,697,733 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Musterfrau\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2012.09.07 13:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.02 17:34:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 13:43:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.05.03 20:58:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.03 20:58:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.03 20:58:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.03 20:58:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.03 20:58:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.03 20:58:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.03 20:58:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ACTray] C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Users\Musterfrau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Musterfrau\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Musterfrau\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A65FC52-78A1-44CF-B1BC-E9F84375F9D4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFCCDD02-CE7E-437B-BB4E-8FE22EBB2FB8}: NameServer = 204.152.184.76,85.214.73.63
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.30 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.22 12:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.10.22 12:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.15 21:09:27 | 000,000,000 | ---D | C] -- C:\Users\Musterfrau\AppData\Local\PDF24
[2012.10.15 21:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.10.15 21:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2012.10.13 10:58:13 | 000,000,000 | R--D | C] -- C:\Users\Musterfrau\Desktop\Bilogie Semester III (1)
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.07 23:43:04 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 23:43:04 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 23:40:22 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.07 23:40:22 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.07 23:40:22 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.07 23:40:22 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.07 23:35:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.07 23:35:34 | 2213,146,624 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.07 23:34:35 | 000,015,674 | ---- | M] () -- C:\Users\Musterfrau\Desktop\TROJANERFORUM.rtf
[2012.11.07 23:34:21 | 000,000,020 | ---- | M] () -- C:\Users\Musterfrau\defogger_reenable
[2012.11.07 23:22:19 | 000,003,031 | ---- | M] () -- C:\Users\Musterfrau\Desktop\HILFETROJANER.rtf
[2012.11.07 22:59:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.07 22:18:00 | 000,090,143 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Hiryoavat.jpg
[2012.11.07 19:33:48 | 000,010,561 | ---- | M] () -- C:\Users\Musterfrau\Desktop\SternisBogen.rtf
[2012.11.07 18:49:15 | 000,169,990 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Marion-portrait.jpg
[2012.10.30 14:50:11 | 000,472,405 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Musterfrau3.pdf
[2012.10.30 14:49:32 | 000,430,413 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Musterfrau.pdf
[2012.10.18 21:44:41 | 000,002,031 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Kies Air Discovery Service.lnk
[2012.10.16 15:13:38 | 000,097,447 | ---- | M] () -- C:\Users\Musterfrau\Desktop\bewerbungsformularaushilfen2112.pdf
[2012.10.15 21:40:40 | 000,087,347 | ---- | M] () -- C:\Users\Musterfrau\Desktop\chemie.jpg
[2012.10.15 21:26:27 | 000,846,160 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Musterfrau.pdf
[2012.10.15 21:16:14 | 000,902,275 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Musterfrau.pdf
[2012.10.15 21:08:35 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.15 21:08:35 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.15 21:04:36 | 002,757,078 | ---- | M] () -- C:\Users\Musterfrau\Desktop\20121015_220436.jpg
[2012.10.15 21:04:24 | 002,846,093 | ---- | M] () -- C:\Users\Musterfrau\Desktop\20121015_220424.jpg
[2012.10.15 21:04:10 | 002,620,556 | ---- | M] () -- C:\Users\Musterfrau\Desktop\20121015_220410.jpg
[2012.10.15 21:04:01 | 002,550,232 | ---- | M] () -- C:\Users\Musterfrau\Desktop\20121015_220401.jpg
[2012.10.11 20:50:05 | 000,089,069 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Stundenplan3.png
[2012.10.09 18:17:51 | 001,206,309 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Laika5.jpg
[2012.10.09 18:17:21 | 001,103,194 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Laika4.jpg
[2012.10.09 18:16:57 | 000,945,724 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Laika2.jpg
[2012.10.09 18:15:52 | 000,978,038 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Laika3.jpg
[2012.10.09 17:50:44 | 001,526,266 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Laika1.PNG
 
========== Files Created - No Company Name ==========
 
[2012.11.07 23:33:55 | 000,000,020 | ---- | C] () -- C:\Users\Musterfrau\defogger_reenable
[2012.11.07 23:27:56 | 000,015,674 | ---- | C] () -- C:\Users\Musterfrau\Desktop\TROJANERFORUM.rtf
[2012.11.07 23:22:19 | 000,003,031 | ---- | C] () -- C:\Users\Musterfrau\Desktop\HILFETROJANER.rtf
[2012.11.07 22:17:58 | 000,090,143 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Hiryoavat.jpg
[2012.11.07 18:48:18 | 000,169,990 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Marion-portrait.jpg
[2012.11.03 13:48:51 | 000,010,561 | ---- | C] () -- C:\Users\Musterfrau\Desktop\SternisBogen.rtf
[2012.10.30 14:50:10 | 000,472,405 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Musterfrau3.pdf
[2012.10.30 14:49:29 | 000,430,413 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Musterfrau3.pdf
[2012.10.18 21:44:41 | 000,002,031 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Kies Air Discovery Service.lnk
[2012.10.16 15:13:38 | 000,097,447 | ---- | C] () -- C:\Users\Musterfrau\Desktop\bewerbungsformularaushilfen2112.pdf
[2012.10.15 21:40:39 | 000,087,347 | ---- | C] () -- C:\Users\Musterfrau\Desktop\chemie.jpg
[2012.10.15 21:16:10 | 000,902,275 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Musterfrau.pdf
[2012.10.15 21:13:36 | 000,846,160 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Musterfrau.pdf
[2012.10.15 21:08:35 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.15 21:08:35 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.15 21:04:20 | 002,846,093 | ---- | C] () -- C:\Users\Musterfrau\Desktop\20121015_220424.jpg
[2012.10.15 21:04:19 | 002,620,556 | ---- | C] () -- C:\Users\Musterfrau\Desktop\20121015_220410.jpg
[2012.10.15 21:04:19 | 002,550,232 | ---- | C] () -- C:\Users\Musterfrau\Desktop\20121015_220401.jpg
[2012.10.15 21:04:18 | 002,757,078 | ---- | C] () -- C:\Users\Musterfrau\Desktop\20121015_220436.jpg
[2012.10.09 18:17:50 | 001,206,309 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Laika5.jpg
[2012.10.09 18:17:21 | 001,103,194 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Laika4.jpg
[2012.10.09 18:16:56 | 000,945,724 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Laika2.jpg
[2012.10.09 18:15:52 | 000,978,038 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Laika3.jpg
[2012.10.09 17:50:44 | 001,526,266 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Laika1.PNG
[2012.07.22 15:47:22 | 000,003,584 | ---- | C] () -- C:\Users\Musterfrau\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.08 23:43:06 | 000,000,218 | ---- | C] () -- C:\Users\Musterfrau\.recently-used.xbel
[2011.10.10 07:19:44 | 000,000,017 | ---- | C] () -- C:\Users\Musterfrau\AppData\Local\resmon.resmoncfg
[2011.09.14 22:42:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.09.14 22:42:20 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.09.14 18:44:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.09.14 16:19:55 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.14 16:19:53 | 000,205,156 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.14 15:46:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.07 23:37:23 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\.purple
[2011.09.14 22:37:55 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\DAEMON Tools Lite
[2012.11.07 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Dropbox
[2012.05.04 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\DVDVideoSoft
[2012.06.16 00:03:58 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Foxit Software
[2012.03.08 21:41:18 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\gtk-2.0
[2011.09.14 02:08:21 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\PwrMgr
[2011.09.14 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Thunderbird
 
========== Purity Check ==========

< End of report >

2. Inhalt aus Extra.txt

Code:

ATTFilter

 OTL Extras logfile created on: 07.11.2012 23:40:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Musterfrau\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 66,20% Memory free
5,49 Gb Paging File | 4,41 Gb Available in Paging File | 80,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270,35 Gb Total Space | 133,81 Gb Free Space | 49,50% Space Free | Partition Type: NTFS
 
Computer Name: Musterfrau-LAPTOP | User Name: Musterfrau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DA9008-5A17-433A-B87C-4C17C9DD2EE3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{09A64B59-1F4B-42A2-A8F8-FCBA3C446202}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4626928B-DE85-4797-8418-9BE9CD2BB7AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{47DBC66E-3733-43BA-B12A-FDFD50DC14F0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{48E33685-ED0E-45D4-9E9F-79DC7CCEC9D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4E7398B0-3F6B-4EF3-BFDF-52687C8F5522}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F8EB866-EBE0-41D7-A8C2-A218FBD794DE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{53898EA2-520B-4EF3-959A-8CCF161D6288}" = rport=137 | protocol=17 | dir=out | app=system | 
"{56961AFB-6BDC-409E-AF84-C1EFA5CD065B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E94C27B-69AB-43D3-885A-1CA47522511E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{63F68837-0622-4843-9BED-2B91E80E69F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6AF4C9C2-81FF-4C26-8AAB-9E1176CA352F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6BAC6B8B-58AE-40CD-BEF0-3B6ABCF1E3B9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7C4C9F97-DECB-4F9C-A57C-653A7B1674AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{80632543-B4A4-465C-8567-FA4DB45081AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85A5E150-605B-40EF-8592-F89AF72623A6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8D12DB9B-F171-4521-9A1C-17E4BDA30F47}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ABFAB69A-B280-42A4-A550-29445F80DBC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B08D3279-6F0D-4E80-BAB0-12E6A5125D0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D028C1C9-6F63-4685-BC59-B523612A4F2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D2283637-49A1-41B5-BB4C-50C916D95456}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E1F473BF-85E2-4B86-B958-B77C1CB20571}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E22A2AEF-A4F7-4640-960D-6CA7D9859D14}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057319D1-DE15-4DD3-8C4D-018CDC2F9943}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{06E2C145-E832-4C44-AD21-C5BFEFDBE800}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A85650E-3270-408C-9663-8CBAE712FD99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{102B6EC0-9E1A-4F4A-8153-628F965CB682}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1511E4BB-6CD5-43C0-9A5E-BC433E04AF8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{206FB3E6-626D-417C-A58E-84BA43414526}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2E9C2653-E3EE-49C2-9308-660575D721F0}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe | 
"{4557A257-2FDA-4ECA-8C4B-708381508FC0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{52A168D1-ED24-42A6-AF9D-072391524BBF}" = protocol=6 | dir=in | app=c:\program files\anno 1404\tools\addonweb.exe | 
"{52BD1CE6-8124-42F9-808F-0CFF360ACB3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BFFF0BF-FD73-40CA-91B3-CD23D8FABB46}" = protocol=17 | dir=in | app=c:\program files\anno 1404\addon.exe | 
"{7CC5E74A-F357-4407-9B62-BAB63E34B90D}" = protocol=6 | dir=in | app=c:\users\Musterfrau\appdata\roaming\dropbox\bin\dropbox.exe | 
"{84E08918-4D22-46EE-BFA1-1369211073E7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91B37AEC-9B97-4B4A-8DAB-F267D46583AD}" = protocol=6 | dir=in | app=c:\program files\anno 1404\addon.exe | 
"{A428891C-A9C4-4A6B-891E-4AF77589FB54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5B9B4CA-C663-409C-A098-87FE2DA105D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B65E10BC-859C-4650-96A1-8E6D1A19BEC6}" = protocol=6 | dir=out | app=system | 
"{B7A97F77-E87E-4422-811F-B6BF6FD1645A}" = protocol=17 | dir=in | app=c:\users\Musterfrau\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D35AB443-99E6-47B3-A92D-7E60CCE4896A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D51C10E5-61CB-4F09-AA3D-2C3F6F74052B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD16C766-726B-4DB8-9DE7-5458CBD5BD46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE7AC001-CEF3-4AC2-9EC3-9AADB2D525E0}" = protocol=17 | dir=in | app=c:\users\Musterfrau\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DF1B2281-8F2C-4AA3-9FA9-143B187752DC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0579E42-84A8-4D95-8241-B7CF4765BB99}" = protocol=6 | dir=in | app=c:\users\Musterfrau\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E501CD7A-36E2-416F-A24D-922ABBAD9BD6}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe | 
"{F78DD2D7-A3A0-4674-8B80-2F91E719BB73}" = protocol=17 | dir=in | app=c:\program files\anno 1404\tools\addonweb.exe | 
"{F82A8EFA-28E7-46BD-ADC6-7E1A7930C961}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{A73D7935-13D8-4534-BA14-94D6C9A208E7}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"UDP Query User{3DF12A42-A240-4CA1-B038-5CE0199B5C5E}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01934B90-1176-7D9F-597E-CEB81533DEEA}" = CCC Help Finnish
"{16A15E1C-892F-CBB5-7A09-8E2C3ECFCF03}" = ATI Catalyst Install Manager
"{17D68A8C-F1E7-036B-DCCC-45C05FD053F4}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2B4720AB-3986-512D-5EC9-35CDAD6EC23A}" = ccc-core-static
"{2D1DA081-A918-81F0-18AE-4B51CEDAAB6E}" = CCC Help Italian
"{32B38A00-2786-EC14-B615-6864DAFA9774}" = CCC Help Chinese Standard
"{3B0BE6FE-C467-86DD-BDA2-E59D46DD82A9}" = CCC Help Thai
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D848860-252A-23A0-A16F-44962731044C}" = CCC Help German
"{41F25F17-35D9-0B05-F8FD-7B3AD1C122E4}" = CCC Help Polish
"{451689AF-1C3A-ECBA-AFA0-A1103BDD536B}" = CCC Help Russian
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52D6A34C-4DE9-8AA7-AB7F-C05833D270CD}" = CCC Help Chinese Traditional
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{5D923D23-4CD2-A29B-A398-9B919C39D8A6}" = CCC Help Norwegian
"{5FDB3B24-A39C-5D8A-A7E2-92F445C09252}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6E9AF2B5-AE25-6F7E-2AD6-452816F7BF6A}" = CCC Help Greek
"{6FC9ABDA-CA6B-231F-55C5-BD5A1D924477}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{941ED5D5-C954-35CB-1B9D-4F919731E104}" = Catalyst Control Center Graphics Previews Vista
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D3D2C60-A55F-4fed-B2B9-17311226DF01}" = ThinkPad Wireless LAN Adapter Software
"{9D3D2C60-A55F-4fed-B2B9-17394396DF01}" = ThinkPad Wireless LAN Adapter Software
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A4DCD482-4F23-B2A6-6DE7-FE364B4C1613}" = CCC Help Swedish
"{A4E2D0D6-681C-4B39-4FB0-26AF6CFE9262}" = CCC Help Dutch
"{A79A2CE3-3E20-7064-47A9-29857EBAC6FA}" = CCC Help Hungarian
"{A90E920C-A2A3-8861-4DE7-EDB05637DDAC}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACF7EEC7-03A8-19D3-B10E-CB0E691936B8}" = Catalyst Control Center Localization All
"{AD055BBF-B56E-7A38-3B2B-71C2ED15DAC9}" = CCC Help Danish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAEB748D-B024-795E-6224-7410E04DB7F1}" = CCC Help Turkish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.0.1.8
"{C43AB192-E85C-0F71-EFC6-E5DD9BD3E0AA}" = CCC Help Korean
"{CF1E28A5-E99F-8A3B-0968-614FD3F0D87B}" = CCC Help French
"{D4C8956F-83EE-572A-B96B-53B2FADA35BA}" = ccc-utility
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi-Software
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DEDB888F-E02C-11F0-AF71-393642E8694B}" = CCC Help Czech
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4E3A09C-8978-C9E6-B6F7-CEE75D896217}" = CCC Help Spanish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CNXT_AUDIO_HDA" = Conexant CX20582 SmartAudio HD
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader_is1" = Foxit Reader
"IrfanView" = IrfanView (remove only)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = Anzeige am Bildschirm
"Pidgin" = Pidgin
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 1.1.11
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Kies Air Discovery Service" = Kies Air Discovery Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.10.2012 15:17:35 | Computer Name = Musterfrau-Laptop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 29.10.2012 15:19:15 | Computer Name = Musterfrau-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
 update\session\85d808ww\Bin64\InstallManagerApp.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.10.2012 15:19:15 | Computer Name = Musterfrau-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
 update\session\85d808ww\Bin64\Setup.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.11.2012 06:08:46 | Computer Name = Musterfrau-Laptop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 05.11.2012 06:10:30 | Computer Name = Musterfrau-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
 update\session\85d808ww\Bin64\InstallManagerApp.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.11.2012 06:10:30 | Computer Name = Musterfrau-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
 update\session\85d808ww\Bin64\Setup.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 10:05:39 | Computer Name = Musterfrau-Laptop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 07.11.2012 10:07:35 | Computer Name = Musterfrau-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
 update\session\85d808ww\Bin64\InstallManagerApp.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 10:07:36 | Computer Name = Musterfrau-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system
 update\session\85d808ww\Bin64\Setup.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.11.2012 14:33:47 | Computer Name = Musterfrau-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f920759  Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x5066df1c  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x60868ce3  ID des fehlerhaften Prozesses: 0x161c  Startzeit der fehlerhaften Anwendung:
 0x01cdbcee1e0a321a  Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll  Berichtskennung: aa7f1c4b-2909-11e2-9d38-60eb69fb60e4
 
[ System Events ]
Error - 03.11.2012 05:47:05 | Computer Name = Musterfrau-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 04.11.2012 15:41:03 | Computer Name = Musterfrau-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 05.11.2012 03:55:22 | Computer Name = Musterfrau-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 06.11.2012 14:35:27 | Computer Name = Musterfrau-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 06.11.2012 18:11:07 | Computer Name = Musterfrau-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.11.2012 09:44:05 | Computer Name = Musterfrau-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.11.2012 14:36:09 | Computer Name = Musterfrau-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.11.2012 16:12:23 | Computer Name = Musterfrau-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 07.11.2012 18:34:36 | Computer Name = Musterfrau-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 07.11.2012 18:35:59 | Computer Name = Musterfrau-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
< End of report >

Und nun 3. habe ich ein 32 bit System...hab nun GMER runtergeladen und auch die Punkte ausgeführt, da war ich mri aber nicht so sicher, was genau ich anklicken bzw. nicht anklicken soll, hatte die Anelitung nicht ganz verstanden, also
den Haken rausgenommen habe ich bei: IAT/EAT und Show all
den Haken drinne gelassen habe ich bei: Files: C:\
ich hoffe, so sollte es sein

gmer.txt

Code:

ATTFilter

 GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-08 12:09:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS725050A9A364 rev.PC4ZC70F
Running: dvq7xkum.exe; Driver: C:\Users\SAZPRI~1\AppData\Local\Temp\uglyrpob.sys


---- System - GMER 1.0.15 ----

SSDT            989F95F6                                                                                                            ZwCreateSection
SSDT            989F9600                                                                                                            ZwRequestWaitReplyPort
SSDT            989F95FB                                                                                                            ZwSetContextThread
SSDT            989F9605                                                                                                            ZwSetSecurityObject
SSDT            989F960A                                                                                                            ZwSystemDebugControl
SSDT            989F9597                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                            82C42A49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82C7C4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                 82C8362C 4 Bytes  [F6, 95, 9F, 98]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                 82C83988 4 Bytes  [00, 96, 9F, 98]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                 82C839CC 4 Bytes  [FB, 95, 9F, 98] {STI ; XCHG EBP, EAX; LAHF ; CWDE }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                 82C83A48 4 Bytes  [05, 96, 9F, 98]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                 82C83A9C 4 Bytes  [0A, 96, 9F, 98]
.text           ...                                                                                                                 
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x90412000, 0x31BA76, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0x99543300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0x99586300, 0x1BEE, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000052                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000079                                                                                     bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9de3a36                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xFF 0xF7 0xF1 0x3A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x9B 0xDE 0x1A 0x04 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x32 0x51 0xA2 0x68 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9de3a36 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xFF 0xF7 0xF1 0x3A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x9B 0xDE 0x1A 0x04 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x32 0x51 0xA2 0x68 ...

---- EOF - GMER 1.0.15 ----

So damit wäre ich durch, nun noch einige wenige Fragen...
woher kommt der Virus? Also könnte ich ihn gestern beim Surfen bekommen haben? Avira lasse ich mehrmals im Monat durchlaufen, von daher...
Könnte ich den irgendwie auf mein Smartphone, Sticks oder ähnliches übertragen haben?

Das war nun alles, vielen dank schon mal im voraus!

Liebe grüße

cosinus · 09.11.2012, 22:44

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Schon irgendwelche Scans mit anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Frischling · 15.11.2012, 20:35

Gut, ich weiß nicht, ob ich nun auf den Beitrag antworten sollte...dachte mehr, dass wäre so etwas allgemeines, das jeder bekommt...

hab nur noch Avira mal drüber laufen lassen, aber keinen Befund mehr (außer die zwei Passwort geschützen, die schon oben drin stehen), ansonsten hab ich nichts mehr gemacht

die Anleitung hatte ich ja schon oben abgearbeitet

und ansonsten ist mir nur aufgefallen, dass mein Laptop länger braucht, wenn ich ihn angemacht habe und nachdem ich mein Passwort eingegeben habe, ist der Bildschirm schwarz, die Leiste links bei mir weiß...das braucht dann einige Zeit, bis es normal wird...

cosinus · 15.11.2012, 22:54

Zitat:

Gut, ich weiß nicht, ob ich nun auf den Beitrag antworten sollte...

Was soll diese Bemerkung? Hast du meine Frage ganz unten ignoriert?

Frischling · 15.11.2012, 23:25

Wie ich schon vorhin schrieb: ich habe nichts mehr gemacht, also gleichzusetzen mit, nein, ich habe keine anderen Tools drüber laufen lassen, als die, die oben (in meinem ersten Beitrag) stehen. (Tut mir leid, ich dachte aus meinem ersten Beitrag würde sich erschließen, was ich alles gemacht habe, hätte ich mehr gemacht, hätte ich es noch dazu geschrieben [außerdem hatte ich irgendwo gelesen, dass ich nur Sachen runterladen soll und drüber laufen lassen soll, um die man mich gebeten hat, deswegen wollte ich jetzt nicht einfach noch irgendwas runterladen uws.])

Ich hoffe, es ist nun klarer :/

cosinus · 16.11.2012, 09:44

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Frischling · 16.11.2012, 12:31

Okay gut, hab beides gemacht, keine Probleme dabei gehabt.

Log von aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-16 11:30:36
-----------------------------
11:30:36.022    OS Version: Windows 6.1.7601 Service Pack 1
11:30:36.032    Number of processors: 2 586 0x603
11:30:36.032    ComputerName: Muster-LAPTOP  UserName: 
11:31:12.482    Initialize success
11:33:35.940    AVAST engine defs: 12111501
11:34:36.090    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:34:36.090    Disk 0 Vendor: HITACHI_HTS725050A9A364 PC4ZC70F Size: 476940MB BusType: 11
11:34:36.110    Disk 0 MBR read successfully
11:34:36.120    Disk 0 MBR scan
11:34:36.130    Disk 0 Windows 7 default MBR code
11:34:36.140    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:34:36.170    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       276838 MB offset 206848
11:34:36.180    Disk 0 scanning sectors +567171072
11:34:36.270    Disk 0 scanning C:\Windows\system32\drivers
11:34:52.580    Service scanning
11:35:30.920    Modules scanning
11:35:42.550    Disk 0 trace - called modules:
11:35:42.590    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
11:35:42.950    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fdf7a0]
11:35:42.960    3 CLASSPNP.SYS[8abbd59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85f9a030]
11:35:44.710    AVAST engine scan C:\Windows
11:35:48.620    AVAST engine scan C:\Windows\system32
11:40:25.861    AVAST engine scan C:\Windows\system32\drivers
11:40:46.631    AVAST engine scan C:\Users\Musterfrau
12:05:40.364    AVAST engine scan C:\ProgramData
12:06:25.974    Scan finished successfully
12:13:15.544    Disk 0 MBR has been saved successfully to "C:\Users\Musterfrau\Desktop\MBR.dat"
12:13:15.554    The log file has been saved successfully to "C:\Users\Musterfrau\Desktop\aswMBR.txt"

Log von TDSS-Killer

Code:

ATTFilter

 12:14:42.0872 4068  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:14:43.0342 4068  ============================================================
12:14:43.0342 4068  Current date / time: 2012/11/16 12:14:43.0342
12:14:43.0342 4068  SystemInfo:
12:14:43.0342 4068  
12:14:43.0342 4068  OS Version: 6.1.7601 ServicePack: 1.0
12:14:43.0342 4068  Product type: Workstation
12:14:43.0342 4068  ComputerName: Muster-LAPTOP
12:14:43.0342 4068  UserName: Musterfrau
12:14:43.0342 4068  Windows directory: C:\Windows
12:14:43.0342 4068  System windows directory: C:\Windows
12:14:43.0342 4068  Processor architecture: Intel x86
12:14:43.0342 4068  Number of processors: 2
12:14:43.0342 4068  Page size: 0x1000
12:14:43.0342 4068  Boot type: Normal boot
12:14:43.0342 4068  ============================================================
12:14:44.0712 4068  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:14:44.0712 4068  ============================================================
12:14:44.0712 4068  \Device\Harddisk0\DR0:
12:14:44.0712 4068  MBR partitions:
12:14:44.0712 4068  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:14:44.0712 4068  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x21CB3000
12:14:44.0712 4068  ============================================================
12:14:44.0732 4068  C: <-> \Device\Harddisk0\DR0\Partition2
12:14:44.0752 4068  ============================================================
12:14:44.0752 4068  Initialize success
12:14:44.0752 4068  ============================================================
12:17:42.0383 4400  ============================================================
12:17:42.0383 4400  Scan started
12:17:42.0383 4400  Mode: Manual; SigCheck; TDLFS; 
12:17:42.0383 4400  ============================================================
12:17:43.0053 4400  ================ Scan system memory ========================
12:17:43.0053 4400  System memory - ok
12:17:43.0053 4400  ================ Scan services =============================
12:17:43.0213 4400  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:17:43.0393 4400  1394ohci - ok
12:17:43.0453 4400  [ 5C53B98D9067F3CF176837F12A31B020 ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
12:17:43.0513 4400  5U877 - ok
12:17:43.0563 4400  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:17:43.0603 4400  ACPI - ok
12:17:43.0633 4400  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:17:43.0703 4400  AcpiPmi - ok
12:17:43.0813 4400  [ DEECCADBD25F65D65293A09721B3A447 ] AcPrfMgrSvc     C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
12:17:43.0843 4400  AcPrfMgrSvc - ok
12:17:43.0873 4400  [ A7753804C6C66C9C80F4E29659FD721C ] AcSvc           C:\Program Files\Lenovo\Access Connections\AcSvc.exe
12:17:43.0903 4400  AcSvc - ok
12:17:43.0983 4400  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:17:44.0013 4400  AdobeARMservice - ok
12:17:44.0103 4400  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:17:44.0143 4400  AdobeFlashPlayerUpdateSvc - ok
12:17:44.0193 4400  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:17:44.0243 4400  adp94xx - ok
12:17:44.0273 4400  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:17:44.0313 4400  adpahci - ok
12:17:44.0333 4400  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:17:44.0373 4400  adpu320 - ok
12:17:44.0413 4400  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:17:44.0463 4400  AeLookupSvc - ok
12:17:44.0533 4400  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
12:17:44.0593 4400  AFD - ok
12:17:44.0653 4400  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:17:44.0683 4400  agp440 - ok
12:17:44.0713 4400  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:17:44.0753 4400  aic78xx - ok
12:17:44.0773 4400  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:17:44.0823 4400  ALG - ok
12:17:44.0843 4400  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:17:44.0873 4400  aliide - ok
12:17:44.0923 4400  [ FC3644BBF2AB02A9B5EE910DBFF096B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:17:45.0013 4400  AMD External Events Utility - ok
12:17:45.0043 4400  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:17:45.0073 4400  amdagp - ok
12:17:45.0113 4400  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:17:45.0153 4400  amdide - ok
12:17:45.0193 4400  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:17:45.0253 4400  AmdK8 - ok
12:17:45.0443 4400  [ 71EDF946145D2BEAD3C16F4FD2FA3773 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:17:45.0703 4400  amdkmdag - ok
12:17:45.0763 4400  [ 41876830A043176F7902E781238F95EF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:17:45.0813 4400  amdkmdap - ok
12:17:45.0863 4400  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:17:45.0893 4400  AmdPPM - ok
12:17:45.0943 4400  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:17:45.0983 4400  amdsata - ok
12:17:46.0013 4400  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:17:46.0053 4400  amdsbs - ok
12:17:46.0073 4400  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:17:46.0103 4400  amdxata - ok
12:17:46.0193 4400  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:17:46.0243 4400  AntiVirSchedulerService - ok
12:17:46.0283 4400  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:17:46.0333 4400  AntiVirService - ok
12:17:46.0403 4400  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
12:17:46.0533 4400  AppID - ok
12:17:46.0563 4400  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:17:46.0643 4400  AppIDSvc - ok
12:17:46.0693 4400  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
12:17:46.0773 4400  Appinfo - ok
12:17:46.0793 4400  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:17:46.0833 4400  AppMgmt - ok
12:17:46.0873 4400  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:17:46.0913 4400  arc - ok
12:17:46.0933 4400  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:17:46.0973 4400  arcsas - ok
12:17:46.0993 4400  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:17:47.0113 4400  AsyncMac - ok
12:17:47.0183 4400  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
12:17:47.0213 4400  atapi - ok
12:17:47.0273 4400  [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
12:17:47.0313 4400  AtiHdmiService - ok
12:17:47.0493 4400  [ 71EDF946145D2BEAD3C16F4FD2FA3773 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:17:47.0693 4400  atikmdag - ok
12:17:47.0763 4400  [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
12:17:47.0783 4400  AtiPcie - ok
12:17:47.0843 4400  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
12:17:47.0893 4400  atksgt - ok
12:17:47.0953 4400  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:17:48.0043 4400  AudioEndpointBuilder - ok
12:17:48.0063 4400  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:17:48.0143 4400  Audiosrv - ok
12:17:48.0203 4400  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:17:48.0243 4400  avgntflt - ok
12:17:48.0263 4400  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:17:48.0303 4400  avipbb - ok
12:17:48.0313 4400  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:17:48.0343 4400  avkmgr - ok
12:17:48.0393 4400  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:17:48.0453 4400  AxInstSV - ok
12:17:48.0503 4400  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:17:48.0583 4400  b06bdrv - ok
12:17:48.0633 4400  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:17:48.0693 4400  b57nd60x - ok
12:17:48.0753 4400  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:17:48.0803 4400  BDESVC - ok
12:17:48.0833 4400  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:17:48.0933 4400  Beep - ok
12:17:48.0993 4400  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
12:17:49.0083 4400  BFE - ok
12:17:49.0133 4400  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
12:17:49.0233 4400  BITS - ok
12:17:49.0263 4400  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:17:49.0303 4400  blbdrive - ok
12:17:49.0353 4400  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:17:49.0403 4400  bowser - ok
12:17:49.0433 4400  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:17:49.0503 4400  BrFiltLo - ok
12:17:49.0523 4400  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:17:49.0563 4400  BrFiltUp - ok
12:17:49.0613 4400  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
12:17:49.0663 4400  Browser - ok
12:17:49.0713 4400  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:17:49.0773 4400  Brserid - ok
12:17:49.0803 4400  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:17:49.0853 4400  BrSerWdm - ok
12:17:49.0863 4400  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:17:49.0913 4400  BrUsbMdm - ok
12:17:49.0933 4400  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:17:49.0983 4400  BrUsbSer - ok
12:17:50.0043 4400  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:17:50.0113 4400  BthEnum - ok
12:17:50.0143 4400  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:17:50.0203 4400  BTHMODEM - ok
12:17:50.0233 4400  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:17:50.0273 4400  BthPan - ok
12:17:50.0303 4400  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:17:50.0373 4400  BTHPORT - ok
12:17:50.0413 4400  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:17:50.0513 4400  bthserv - ok
12:17:50.0543 4400  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:17:50.0583 4400  BTHUSB - ok
12:17:50.0633 4400  [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
12:17:50.0663 4400  btusbflt - ok
12:17:50.0703 4400  [ F8B4F60768328FAA2FFE2727F66809F8 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
12:17:50.0733 4400  btwaudio - ok
12:17:50.0763 4400  [ FA7446DD38DE84D4988D1F2EBB854589 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
12:17:50.0793 4400  btwavdt - ok
12:17:50.0903 4400  [ 56CB951571E2C6E69990F40220467359 ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
12:17:50.0953 4400  btwdins - ok
12:17:50.0973 4400  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
12:17:51.0003 4400  btwl2cap - ok
12:17:51.0033 4400  [ D5862FBC1CBC0404614FD9D85C8D880E ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
12:17:51.0063 4400  btwrchid - ok
12:17:51.0093 4400  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:17:51.0223 4400  cdfs - ok
12:17:51.0283 4400  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:17:51.0343 4400  cdrom - ok
12:17:51.0383 4400  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:17:51.0443 4400  CertPropSvc - ok
12:17:51.0473 4400  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:17:51.0503 4400  circlass - ok
12:17:51.0533 4400  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:17:51.0573 4400  CLFS - ok
12:17:51.0643 4400  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:51.0673 4400  clr_optimization_v2.0.50727_32 - ok
12:17:51.0753 4400  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:51.0793 4400  clr_optimization_v4.0.30319_32 - ok
12:17:51.0803 4400  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:17:51.0843 4400  CmBatt - ok
12:17:51.0883 4400  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:17:51.0913 4400  cmdide - ok
12:17:51.0963 4400  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:17:52.0053 4400  CNG - ok
12:17:52.0103 4400  [ A08D9A4EB4F9D2FAA1D4E10BC91B695C ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
12:17:52.0153 4400  CnxtHdAudService - ok
12:17:52.0183 4400  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:17:52.0223 4400  Compbatt - ok
12:17:52.0263 4400  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:17:52.0313 4400  CompositeBus - ok
12:17:52.0323 4400  COMSysApp - ok
12:17:52.0353 4400  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:17:52.0393 4400  crcdisk - ok
12:17:52.0463 4400  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:17:52.0523 4400  CryptSvc - ok
12:17:52.0573 4400  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
12:17:52.0643 4400  CSC - ok
12:17:52.0673 4400  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
12:17:52.0743 4400  CscService - ok
12:17:52.0783 4400  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:17:52.0873 4400  DcomLaunch - ok
12:17:52.0903 4400  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:17:53.0033 4400  defragsvc - ok
12:17:53.0093 4400  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:17:53.0173 4400  DfsC - ok
12:17:53.0233 4400  [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:17:53.0263 4400  dg_ssudbus - ok
12:17:53.0333 4400  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:17:53.0373 4400  Dhcp - ok
12:17:53.0403 4400  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:17:53.0483 4400  discache - ok
12:17:53.0503 4400  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:17:53.0543 4400  Disk - ok
12:17:53.0583 4400  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:17:53.0633 4400  Dnscache - ok
12:17:53.0673 4400  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:17:53.0753 4400  dot3svc - ok
12:17:53.0763 4400  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
12:17:53.0843 4400  DPS - ok
12:17:53.0873 4400  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:17:53.0923 4400  drmkaud - ok
12:17:53.0983 4400  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:17:54.0043 4400  DXGKrnl - ok
12:17:54.0073 4400  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:17:54.0153 4400  EapHost - ok
12:17:54.0253 4400  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:17:54.0383 4400  ebdrv - ok
12:17:54.0423 4400  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
12:17:54.0463 4400  EFS - ok
12:17:54.0533 4400  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:17:54.0593 4400  ehRecvr - ok
12:17:54.0623 4400  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:17:54.0663 4400  ehSched - ok
12:17:54.0703 4400  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:17:54.0753 4400  elxstor - ok
12:17:54.0793 4400  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:17:54.0833 4400  ErrDev - ok
12:17:54.0883 4400  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:17:54.0973 4400  EventSystem - ok
12:17:55.0003 4400  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:17:55.0083 4400  exfat - ok
12:17:55.0093 4400  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:17:55.0173 4400  fastfat - ok
12:17:55.0233 4400  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
12:17:55.0283 4400  Fax - ok
12:17:55.0323 4400  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:17:55.0353 4400  fdc - ok
12:17:55.0383 4400  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:17:55.0453 4400  fdPHost - ok
12:17:55.0483 4400  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:17:55.0563 4400  FDResPub - ok
12:17:55.0593 4400  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:17:55.0623 4400  FileInfo - ok
12:17:55.0633 4400  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:17:55.0713 4400  Filetrace - ok
12:17:55.0743 4400  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:17:55.0783 4400  flpydisk - ok
12:17:55.0823 4400  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:17:55.0863 4400  FltMgr - ok
12:17:55.0913 4400  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
12:17:55.0973 4400  FontCache - ok
12:17:56.0013 4400  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:17:56.0043 4400  FontCache3.0.0.0 - ok
12:17:56.0053 4400  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:17:56.0093 4400  FsDepends - ok
12:17:56.0123 4400  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:17:56.0153 4400  Fs_Rec - ok
12:17:56.0213 4400  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:17:56.0263 4400  fvevol - ok
12:17:56.0293 4400  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:17:56.0323 4400  gagp30kx - ok
12:17:56.0383 4400  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:17:56.0473 4400  gpsvc - ok
12:17:56.0523 4400  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
12:17:56.0553 4400  hamachi - ok
12:17:56.0573 4400  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:17:56.0623 4400  hcw85cir - ok
12:17:56.0663 4400  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:17:56.0723 4400  HdAudAddService - ok
12:17:56.0753 4400  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:17:56.0803 4400  HDAudBus - ok
12:17:56.0813 4400  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:17:56.0863 4400  HidBatt - ok
12:17:56.0873 4400  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:17:56.0923 4400  HidBth - ok
12:17:56.0933 4400  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:17:56.0973 4400  HidIr - ok
12:17:57.0003 4400  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
12:17:57.0083 4400  hidserv - ok
12:17:57.0103 4400  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:17:57.0143 4400  HidUsb - ok
12:17:57.0183 4400  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:17:57.0253 4400  hkmsvc - ok
12:17:57.0303 4400  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:17:57.0363 4400  HomeGroupListener - ok
12:17:57.0403 4400  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:17:57.0453 4400  HomeGroupProvider - ok
12:17:57.0483 4400  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:17:57.0523 4400  HpSAMD - ok
12:17:57.0583 4400  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:17:57.0653 4400  HTTP - ok
12:17:57.0703 4400  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:17:57.0733 4400  hwpolicy - ok
12:17:57.0743 4400  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:17:57.0803 4400  i8042prt - ok
12:17:57.0843 4400  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:17:57.0883 4400  iaStorV - ok
12:17:57.0933 4400  [ FA3D0A6DA7BB7968EFE5C5BC267F0E55 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
12:17:57.0963 4400  IBMPMDRV - ok
12:17:57.0973 4400  [ 495F184A29B80B51735BCEE91D84FE8F ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
12:17:58.0003 4400  IBMPMSVC - ok
12:17:58.0073 4400  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:17:58.0183 4400  idsvc - ok
12:17:58.0263 4400  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:17:58.0293 4400  iirsp - ok
12:17:58.0363 4400  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:17:58.0463 4400  IKEEXT - ok
12:17:58.0493 4400  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:17:58.0523 4400  intelide - ok
12:17:58.0573 4400  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:17:58.0613 4400  intelppm - ok
12:17:58.0643 4400  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:17:58.0733 4400  IPBusEnum - ok
12:17:58.0763 4400  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:17:58.0843 4400  IpFilterDriver - ok
12:17:58.0913 4400  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:17:58.0993 4400  iphlpsvc - ok
12:17:59.0043 4400  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:17:59.0083 4400  IPMIDRV - ok
12:17:59.0103 4400  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:17:59.0183 4400  IPNAT - ok
12:17:59.0213 4400  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:17:59.0273 4400  IRENUM - ok
12:17:59.0293 4400  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:17:59.0323 4400  isapnp - ok
12:17:59.0353 4400  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:17:59.0403 4400  iScsiPrt - ok
12:17:59.0433 4400  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:17:59.0463 4400  kbdclass - ok
12:17:59.0513 4400  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:17:59.0553 4400  kbdhid - ok
12:17:59.0573 4400  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
12:17:59.0603 4400  KeyIso - ok
12:17:59.0643 4400  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:17:59.0683 4400  KSecDD - ok
12:17:59.0713 4400  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:17:59.0753 4400  KSecPkg - ok
12:17:59.0783 4400  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:17:59.0863 4400  KtmRm - ok
12:17:59.0883 4400  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:17:59.0973 4400  LanmanServer - ok
12:18:00.0013 4400  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:18:00.0093 4400  LanmanWorkstation - ok
12:18:00.0133 4400  [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
12:18:00.0163 4400  LENOVO.CAMMUTE - ok
12:18:00.0193 4400  [ 128158D8B1DF639BF3E3FDBCBB64CDAC ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
12:18:00.0223 4400  LENOVO.MICMUTE - ok
12:18:00.0233 4400  [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi      C:\Windows\system32\DRIVERS\smiif32.sys
12:18:00.0263 4400  lenovo.smi - ok
12:18:00.0273 4400  [ 04B5F7F44CCB2FAB615C67ED0E6C8323 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
12:18:00.0303 4400  LENOVO.TPKNRSVC - ok
12:18:00.0313 4400  [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
12:18:00.0343 4400  Lenovo.VIRTSCRLSVC - ok
12:18:00.0363 4400  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
12:18:00.0393 4400  lirsgt - ok
12:18:00.0433 4400  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:18:00.0523 4400  lltdio - ok
12:18:00.0563 4400  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:18:00.0633 4400  lltdsvc - ok
12:18:00.0653 4400  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:18:00.0723 4400  lmhosts - ok
12:18:00.0753 4400  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:18:00.0783 4400  LSI_FC - ok
12:18:00.0803 4400  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:18:00.0843 4400  LSI_SAS - ok
12:18:00.0863 4400  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:18:00.0893 4400  LSI_SAS2 - ok
12:18:00.0913 4400  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:18:00.0953 4400  LSI_SCSI - ok
12:18:00.0973 4400  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:18:01.0043 4400  luafv - ok
12:18:01.0133 4400  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
12:18:01.0163 4400  McComponentHostService - ok
12:18:01.0213 4400  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:18:01.0243 4400  Mcx2Svc - ok
12:18:01.0283 4400  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:18:01.0313 4400  megasas - ok
12:18:01.0333 4400  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:18:01.0373 4400  MegaSR - ok
12:18:01.0403 4400  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:18:01.0483 4400  MMCSS - ok
12:18:01.0503 4400  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:18:01.0573 4400  Modem - ok
12:18:01.0613 4400  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:18:01.0663 4400  monitor - ok
12:18:01.0673 4400  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:18:01.0713 4400  mouclass - ok
12:18:01.0733 4400  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:18:01.0783 4400  mouhid - ok
12:18:01.0823 4400  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:18:01.0853 4400  mountmgr - ok
12:18:01.0923 4400  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:18:01.0953 4400  MozillaMaintenance - ok
12:18:01.0993 4400  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:18:02.0023 4400  mpio - ok
12:18:02.0043 4400  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:18:02.0113 4400  mpsdrv - ok
12:18:02.0163 4400  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:18:02.0273 4400  MpsSvc - ok
12:18:02.0303 4400  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:18:02.0373 4400  MRxDAV - ok
12:18:02.0413 4400  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:18:02.0463 4400  mrxsmb - ok
12:18:02.0503 4400  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:18:02.0553 4400  mrxsmb10 - ok
12:18:02.0573 4400  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:18:02.0623 4400  mrxsmb20 - ok
12:18:02.0673 4400  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
12:18:02.0713 4400  msahci - ok
12:18:02.0733 4400  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:18:02.0763 4400  msdsm - ok
12:18:02.0803 4400  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:18:02.0853 4400  MSDTC - ok
12:18:02.0933 4400  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:18:03.0003 4400  Msfs - ok
12:18:03.0013 4400  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:18:03.0093 4400  mshidkmdf - ok
12:18:03.0113 4400  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:18:03.0143 4400  msisadrv - ok
12:18:03.0183 4400  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:18:03.0263 4400  MSiSCSI - ok
12:18:03.0273 4400  msiserver - ok
12:18:03.0303 4400  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:18:03.0383 4400  MSKSSRV - ok
12:18:03.0393 4400  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:18:03.0473 4400  MSPCLOCK - ok
12:18:03.0483 4400  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:18:03.0553 4400  MSPQM - ok
12:18:03.0583 4400  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:18:03.0623 4400  MsRPC - ok
12:18:03.0673 4400  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:18:03.0703 4400  mssmbios - ok
12:18:03.0713 4400  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:18:03.0783 4400  MSTEE - ok
12:18:03.0793 4400  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:18:03.0833 4400  MTConfig - ok
12:18:03.0853 4400  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:18:03.0883 4400  Mup - ok
12:18:03.0923 4400  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
12:18:04.0003 4400  napagent - ok
12:18:04.0033 4400  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:18:04.0073 4400  NativeWifiP - ok
12:18:04.0143 4400  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:18:04.0203 4400  NDIS - ok
12:18:04.0213 4400  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:18:04.0303 4400  NdisCap - ok
12:18:04.0333 4400  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:18:04.0413 4400  NdisTapi - ok
12:18:04.0463 4400  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:18:04.0523 4400  Ndisuio - ok
12:18:04.0563 4400  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:18:04.0633 4400  NdisWan - ok
12:18:04.0653 4400  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:18:04.0733 4400  NDProxy - ok
12:18:04.0743 4400  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:18:04.0823 4400  NetBIOS - ok
12:18:04.0873 4400  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:18:04.0953 4400  NetBT - ok
12:18:04.0993 4400  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
12:18:05.0023 4400  Netlogon - ok
12:18:05.0053 4400  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:18:05.0133 4400  Netman - ok
12:18:05.0163 4400  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:18:05.0263 4400  netprofm - ok
12:18:05.0303 4400  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:18:05.0333 4400  NetTcpPortSharing - ok
12:18:05.0373 4400  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:18:05.0393 4400  nfrd960 - ok
12:18:05.0433 4400  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:18:05.0463 4400  NlaSvc - ok
12:18:05.0513 4400  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\Windows\system32\drivers\npf.sys
12:18:05.0533 4400  NPF - ok
12:18:05.0543 4400  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:18:05.0613 4400  Npfs - ok
12:18:05.0643 4400  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:18:05.0723 4400  nsi - ok
12:18:05.0733 4400  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:18:05.0813 4400  nsiproxy - ok
12:18:05.0883 4400  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:18:05.0973 4400  Ntfs - ok
12:18:05.0993 4400  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:18:06.0073 4400  Null - ok
12:18:06.0133 4400  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:18:06.0173 4400  nvraid - ok
12:18:06.0193 4400  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:18:06.0233 4400  nvstor - ok
12:18:06.0253 4400  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:18:06.0293 4400  nv_agp - ok
12:18:06.0363 4400  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:18:06.0413 4400  odserv - ok
12:18:06.0443 4400  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:18:06.0483 4400  ohci1394 - ok
12:18:06.0523 4400  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:18:06.0553 4400  ose - ok
12:18:06.0593 4400  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:18:06.0643 4400  p2pimsvc - ok
12:18:06.0673 4400  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:18:06.0733 4400  p2psvc - ok
12:18:06.0753 4400  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:18:06.0803 4400  Parport - ok
12:18:06.0853 4400  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:18:06.0883 4400  partmgr - ok
12:18:06.0903 4400  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:18:06.0943 4400  Parvdm - ok
12:18:06.0973 4400  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:18:07.0013 4400  PcaSvc - ok
12:18:07.0053 4400  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
12:18:07.0093 4400  pci - ok
12:18:07.0123 4400  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:18:07.0163 4400  pciide - ok
12:18:07.0183 4400  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:18:07.0223 4400  pcmcia - ok
12:18:07.0243 4400  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:18:07.0273 4400  pcw - ok
12:18:07.0313 4400  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:18:07.0413 4400  PEAUTH - ok
12:18:07.0473 4400  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:18:07.0543 4400  PeerDistSvc - ok
12:18:07.0653 4400  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
12:18:07.0783 4400  pla - ok
12:18:07.0833 4400  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:18:07.0923 4400  PlugPlay - ok
12:18:07.0963 4400  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:18:07.0993 4400  PNRPAutoReg - ok
12:18:08.0023 4400  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:18:08.0083 4400  PNRPsvc - ok
12:18:08.0153 4400  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:18:08.0213 4400  PolicyAgent - ok
12:18:08.0263 4400  [ AC42F771CC29727BD1663F211E9AC507 ] Power           C:\Windows\system32\umpo.dll
12:18:08.0303 4400  Power - ok
12:18:08.0353 4400  [ 7A1E6CF32EDFF1F13186997FCA086FC7 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
12:18:08.0373 4400  Power Manager DBC Service - ok
12:18:08.0413 4400  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:18:08.0463 4400  PptpMiniport - ok
12:18:08.0473 4400  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:18:08.0513 4400  Processor - ok
12:18:08.0553 4400  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:18:08.0593 4400  ProfSvc - ok
12:18:08.0603 4400  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:18:08.0633 4400  ProtectedStorage - ok
12:18:08.0643 4400  [ 651D3ABC1D82D61B6CFB40CB947B3DB3 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
12:18:08.0683 4400  psadd - ok
12:18:08.0703 4400  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:18:08.0763 4400  Psched - ok
12:18:08.0833 4400  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
12:18:08.0843 4400  PSI - ok
12:18:08.0873 4400  [ 20EFF1CA8922F6A834261B985550A51D ] PwmEWSvc        C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
12:18:08.0893 4400  PwmEWSvc - ok
12:18:08.0933 4400  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:18:09.0003 4400  ql2300 - ok
12:18:09.0043 4400  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:18:09.0073 4400  ql40xx - ok
12:18:09.0103 4400  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:18:09.0153 4400  QWAVE - ok
12:18:09.0183 4400  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:18:09.0213 4400  QWAVEdrv - ok
12:18:09.0223 4400  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:18:09.0273 4400  RasAcd - ok
12:18:09.0313 4400  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:18:09.0373 4400  RasAgileVpn - ok
12:18:09.0393 4400  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:18:09.0473 4400  RasAuto - ok
12:18:09.0493 4400  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:18:09.0563 4400  Rasl2tp - ok
12:18:09.0623 4400  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
12:18:09.0683 4400  RasMan - ok
12:18:09.0703 4400  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:18:09.0763 4400  RasPppoe - ok
12:18:09.0783 4400  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:18:09.0893 4400  RasSstp - ok
12:18:09.0913 4400  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:18:09.0963 4400  rdbss - ok
12:18:09.0983 4400  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:18:10.0023 4400  rdpbus - ok
12:18:10.0063 4400  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:18:10.0143 4400  RDPCDD - ok
12:18:10.0193 4400  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:18:10.0213 4400  RDPDR - ok
12:18:10.0283 4400  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:18:10.0383 4400  RDPENCDD - ok
12:18:10.0393 4400  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:18:10.0443 4400  RDPREFMP - ok
12:18:10.0523 4400  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:18:10.0553 4400  RdpVideoMiniport - ok
12:18:10.0583 4400  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:18:10.0603 4400  RDPWD - ok
12:18:10.0663 4400  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:18:10.0683 4400  rdyboost - ok
12:18:10.0723 4400  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:18:10.0773 4400  RemoteAccess - ok
12:18:10.0803 4400  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:18:10.0843 4400  RemoteRegistry - ok
12:18:10.0873 4400  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:18:10.0893 4400  RFCOMM - ok
12:18:10.0933 4400  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
12:18:10.0963 4400  rpcapd - ok
12:18:10.0973 4400  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:18:11.0053 4400  RpcEptMapper - ok
12:18:11.0073 4400  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:18:11.0113 4400  RpcLocator - ok
12:18:11.0133 4400  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
12:18:11.0213 4400  RpcSs - ok
12:18:11.0243 4400  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:18:11.0323 4400  rspndr - ok
12:18:11.0353 4400  [ F1ED9FFA59C369E72BC53A7631346F61 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:18:11.0383 4400  RSUSBSTOR - ok
12:18:11.0413 4400  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
12:18:11.0453 4400  RTL8167 - ok
12:18:11.0523 4400  [ 3B8B213ED74A77065B40D0C3DBDDBD9B ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
12:18:11.0593 4400  RTL8192Ce - ok
12:18:11.0633 4400  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:18:11.0683 4400  s3cap - ok
12:18:11.0693 4400  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
12:18:11.0733 4400  SamSs - ok
12:18:11.0763 4400  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:18:11.0803 4400  sbp2port - ok
12:18:11.0843 4400  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:18:11.0973 4400  SCardSvr - ok
12:18:12.0013 4400  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:18:12.0083 4400  scfilter - ok
12:18:12.0153 4400  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
12:18:12.0253 4400  Schedule - ok
12:18:12.0283 4400  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:18:12.0363 4400  SCPolicySvc - ok
12:18:12.0423 4400  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:18:12.0473 4400  SDRSVC - ok
12:18:12.0503 4400  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:18:12.0583 4400  secdrv - ok
12:18:12.0613 4400  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:18:12.0703 4400  seclogon - ok
12:18:12.0873 4400  [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
12:18:12.0953 4400  Secunia PSI Agent - ok
12:18:13.0013 4400  [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
12:18:13.0063 4400  Secunia Update Agent - ok
12:18:13.0093 4400  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:18:13.0183 4400  SENS - ok
12:18:13.0223 4400  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:18:13.0263 4400  SensrSvc - ok
12:18:13.0293 4400  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:18:13.0323 4400  Serenum - ok
12:18:13.0333 4400  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:18:13.0393 4400  Serial - ok
12:18:13.0453 4400  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:18:13.0513 4400  sermouse - ok
12:18:13.0553 4400  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:18:13.0613 4400  SessionEnv - ok
12:18:13.0633 4400  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:18:13.0663 4400  sffdisk - ok
12:18:13.0693 4400  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:18:13.0723 4400  sffp_mmc - ok
12:18:13.0753 4400  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:18:13.0783 4400  sffp_sd - ok
12:18:13.0813 4400  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:18:13.0853 4400  sfloppy - ok
12:18:13.0893 4400  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:18:13.0953 4400  SharedAccess - ok
12:18:13.0983 4400  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:18:14.0033 4400  ShellHWDetection - ok
12:18:14.0083 4400  [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx86.sys
12:18:14.0103 4400  Shockprf - ok
12:18:14.0143 4400  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:18:14.0163 4400  sisagp - ok
12:18:14.0193 4400  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:18:14.0213 4400  SiSRaid2 - ok
12:18:14.0223 4400  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:18:14.0243 4400  SiSRaid4 - ok
12:18:14.0423 4400  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:18:14.0583 4400  Skype C2C Service - ok
12:18:14.0653 4400  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:18:14.0693 4400  SkypeUpdate - ok
12:18:14.0733 4400  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:18:14.0803 4400  Smb - ok
12:18:14.0843 4400  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:18:14.0963 4400  SNMPTRAP - ok
12:18:14.0993 4400  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:18:15.0013 4400  spldr - ok
12:18:15.0063 4400  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
12:18:15.0123 4400  Spooler - ok
12:18:15.0213 4400  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:18:15.0333 4400  sppsvc - ok
12:18:15.0373 4400  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:18:15.0413 4400  sppuinotify - ok
12:18:15.0443 4400  sptd - ok
12:18:15.0503 4400  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:18:15.0563 4400  srv - ok
12:18:15.0603 4400  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:18:15.0633 4400  srv2 - ok
12:18:15.0653 4400  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:18:15.0683 4400  srvnet - ok
12:18:15.0713 4400  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:18:15.0753 4400  SSDPSRV - ok
12:18:15.0813 4400  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
12:18:15.0823 4400  ssmdrv - ok
12:18:15.0833 4400  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:18:15.0873 4400  SstpSvc - ok
12:18:15.0923 4400  [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:18:15.0943 4400  ssudmdm - ok
12:18:15.0973 4400  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:18:15.0993 4400  stexstor - ok
12:18:16.0053 4400  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:18:16.0093 4400  StiSvc - ok
12:18:16.0123 4400  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:18:16.0133 4400  storflt - ok
12:18:16.0173 4400  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
12:18:16.0183 4400  StorSvc - ok
12:18:16.0223 4400  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:18:16.0243 4400  storvsc - ok
12:18:16.0283 4400  [ 6EA2F517373771CAC5188E82617C9C0B ] SUService       C:\Program Files\Lenovo\System Update\SUService.exe
12:18:16.0293 4400  SUService ( UnsignedFile.Multi.Generic ) - warning
12:18:16.0293 4400  SUService - detected UnsignedFile.Multi.Generic (1)
12:18:16.0323 4400  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:18:16.0353 4400  swenum - ok
12:18:16.0393 4400  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:18:16.0483 4400  swprv - ok
12:18:16.0563 4400  [ 7E194E86BF306E07470A0AC56B41DE83 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:18:16.0653 4400  SynTP - ok
12:18:16.0723 4400  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
12:18:16.0803 4400  SysMain - ok
12:18:16.0863 4400  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:18:16.0913 4400  TabletInputService - ok
12:18:16.0993 4400  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:18:17.0043 4400  TapiSrv - ok
12:18:17.0073 4400  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:18:17.0143 4400  TBS - ok
12:18:17.0213 4400  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:18:17.0273 4400  Tcpip - ok
12:18:17.0303 4400  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:18:17.0353 4400  TCPIP6 - ok
12:18:17.0373 4400  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:18:17.0403 4400  tcpipreg - ok
12:18:17.0463 4400  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:18:17.0493 4400  TDPIPE - ok
12:18:17.0553 4400  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:18:17.0593 4400  TDTCP - ok
12:18:17.0623 4400  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:18:17.0673 4400  tdx - ok
12:18:17.0703 4400  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:18:17.0733 4400  TermDD - ok
12:18:17.0773 4400  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
12:18:17.0903 4400  TermService - ok
12:18:17.0933 4400  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:18:18.0013 4400  Themes - ok
12:18:18.0033 4400  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:18:18.0103 4400  THREADORDER - ok
12:18:18.0143 4400  [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM86.sys
12:18:18.0173 4400  TPDIGIMN - ok
12:18:18.0193 4400  [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG.exe
12:18:18.0223 4400  TPHDEXLGSVC - ok
12:18:18.0273 4400  [ 1DBF0267CEBF80F0BD24DFE895367DB5 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
12:18:18.0303 4400  TPHKLOAD - ok
12:18:18.0343 4400  [ CB0625C2F5B7C72C50C5AE34F8E8F7D0 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
12:18:18.0373 4400  TPHKSVC - ok
12:18:18.0393 4400  [ C16EC6A5390904D3971179553852025B ] TPPWRIF         C:\Windows\system32\drivers\Tppwr32v.sys
12:18:18.0423 4400  TPPWRIF - ok
12:18:18.0443 4400  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:18:18.0523 4400  TrkWks - ok
12:18:18.0583 4400  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:18:18.0673 4400  TrustedInstaller - ok
12:18:18.0703 4400  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:18:18.0783 4400  tssecsrv - ok
12:18:18.0823 4400  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:18:18.0863 4400  TsUsbFlt - ok
12:18:18.0933 4400  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:18:19.0123 4400  tunnel - ok
12:18:19.0153 4400  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:18:19.0173 4400  uagp35 - ok
12:18:19.0213 4400  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:18:19.0273 4400  udfs - ok
12:18:19.0303 4400  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:18:19.0343 4400  UI0Detect - ok
12:18:19.0373 4400  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:18:19.0393 4400  uliagpkx - ok
12:18:19.0463 4400  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
12:18:19.0483 4400  umbus - ok
12:18:19.0513 4400  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:18:19.0533 4400  UmPass - ok
12:18:19.0633 4400  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:18:19.0673 4400  UmRdpService - ok
12:18:19.0703 4400  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:18:19.0763 4400  upnphost - ok
12:18:19.0813 4400  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
12:18:19.0823 4400  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
12:18:19.0823 4400  USBAAPL - detected UnsignedFile.Multi.Generic (1)
12:18:19.0833 4400  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:19.0863 4400  usbccgp - ok
12:18:19.0883 4400  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:18:19.0963 4400  usbcir - ok
12:18:19.0993 4400  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:18:20.0023 4400  usbehci - ok
12:18:20.0063 4400  [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
12:18:20.0083 4400  usbfilter - ok
12:18:20.0103 4400  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:18:20.0133 4400  usbhub - ok
12:18:20.0163 4400  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:18:20.0193 4400  usbohci - ok
12:18:20.0213 4400  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:18:20.0233 4400  usbprint - ok
12:18:20.0273 4400  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:18:20.0303 4400  usbscan - ok
12:18:20.0343 4400  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:20.0353 4400  USBSTOR - ok
12:18:20.0373 4400  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:18:20.0383 4400  usbuhci - ok
12:18:20.0413 4400  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:18:20.0443 4400  usbvideo - ok
12:18:20.0473 4400  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:18:20.0523 4400  UxSms - ok
12:18:20.0533 4400  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
12:18:20.0543 4400  VaultSvc - ok
12:18:20.0573 4400  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:18:20.0593 4400  vdrvroot - ok
12:18:20.0623 4400  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
12:18:20.0693 4400  vds - ok
12:18:20.0733 4400  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:20.0763 4400  vga - ok
12:18:20.0783 4400  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:18:20.0813 4400  VgaSave - ok
12:18:20.0863 4400  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:18:20.0883 4400  vhdmp - ok
12:18:20.0893 4400  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:18:20.0903 4400  viaagp - ok
12:18:20.0943 4400  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:18:20.0993 4400  ViaC7 - ok
12:18:21.0043 4400  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:18:21.0063 4400  viaide - ok
12:18:21.0083 4400  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:18:21.0103 4400  vmbus - ok
12:18:21.0123 4400  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:18:21.0153 4400  VMBusHID - ok
12:18:21.0163 4400  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:18:21.0183 4400  volmgr - ok
12:18:21.0193 4400  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:18:21.0213 4400  volmgrx - ok
12:18:21.0233 4400  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:18:21.0253 4400  volsnap - ok
12:18:21.0273 4400  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:18:21.0293 4400  vsmraid - ok
12:18:21.0343 4400  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
12:18:21.0403 4400  VSS - ok
12:18:21.0413 4400  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:18:21.0443 4400  vwifibus - ok
12:18:21.0463 4400  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:18:21.0483 4400  vwififlt - ok
12:18:21.0503 4400  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:18:21.0573 4400  W32Time - ok
12:18:21.0613 4400  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:18:21.0653 4400  WacomPen - ok
12:18:21.0683 4400  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:18:21.0743 4400  WANARP - ok
12:18:21.0753 4400  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:18:21.0823 4400  Wanarpv6 - ok
12:18:21.0863 4400  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
12:18:21.0953 4400  wbengine - ok
12:18:21.0973 4400  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:18:22.0073 4400  WbioSrvc - ok
12:18:22.0133 4400  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:18:22.0193 4400  wcncsvc - ok
12:18:22.0213 4400  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:18:22.0243 4400  WcsPlugInService - ok
12:18:22.0273 4400  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:18:22.0293 4400  Wd - ok
12:18:22.0343 4400  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:18:22.0383 4400  Wdf01000 - ok
12:18:22.0403 4400  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:18:22.0443 4400  WdiServiceHost - ok
12:18:22.0453 4400  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:18:22.0483 4400  WdiSystemHost - ok
12:18:22.0533 4400  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
12:18:22.0583 4400  WebClient - ok
12:18:22.0613 4400  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:18:22.0673 4400  Wecsvc - ok
12:18:22.0683 4400  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:18:22.0733 4400  wercplsupport - ok
12:18:22.0753 4400  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:18:22.0823 4400  WerSvc - ok
12:18:22.0843 4400  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:18:22.0893 4400  WfpLwf - ok
12:18:22.0913 4400  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:18:22.0943 4400  WIMMount - ok
12:18:23.0013 4400  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:18:23.0203 4400  WinDefend - ok
12:18:23.0213 4400  WinHttpAutoProxySvc - ok
12:18:23.0283 4400  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:18:23.0443 4400  Winmgmt - ok
12:18:23.0543 4400  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:18:23.0633 4400  WinRM - ok
12:18:23.0683 4400  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:18:23.0723 4400  WinUsb - ok
12:18:23.0763 4400  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:18:23.0833 4400  Wlansvc - ok
12:18:23.0893 4400  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:18:23.0933 4400  WmiAcpi - ok
12:18:23.0953 4400  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:18:23.0993 4400  wmiApSrv - ok
12:18:24.0133 4400  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:18:24.0193 4400  WMPNetworkSvc - ok
12:18:24.0233 4400  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:18:24.0293 4400  WPCSvc - ok
12:18:24.0333 4400  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:18:24.0373 4400  WPDBusEnum - ok
12:18:24.0403 4400  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:18:24.0453 4400  ws2ifsl - ok
12:18:24.0463 4400  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:18:24.0493 4400  wscsvc - ok
12:18:24.0503 4400  WSearch - ok
12:18:24.0573 4400  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:18:24.0643 4400  wuauserv - ok
12:18:24.0683 4400  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:18:24.0703 4400  WudfPf - ok
12:18:24.0723 4400  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:18:24.0763 4400  WUDFRd - ok
12:18:24.0813 4400  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:18:24.0863 4400  wudfsvc - ok
12:18:24.0893 4400  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:18:24.0943 4400  WwanSvc - ok
12:18:24.0973 4400  ================ Scan global ===============================
12:18:25.0013 4400  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:18:25.0063 4400  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
12:18:25.0083 4400  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
12:18:25.0143 4400  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:18:25.0173 4400  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:18:25.0183 4400  [Global] - ok
12:18:25.0183 4400  ================ Scan MBR ==================================
12:18:25.0203 4400  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:18:25.0483 4400  \Device\Harddisk0\DR0 - ok
12:18:25.0483 4400  ================ Scan VBR ==================================
12:18:25.0493 4400  [ CE81DEADC80F6613C6605093D169013E ] \Device\Harddisk0\DR0\Partition1
12:18:25.0493 4400  \Device\Harddisk0\DR0\Partition1 - ok
12:18:25.0533 4400  [ 53C6AFF2D4BCA5EE9510A015C5FE3031 ] \Device\Harddisk0\DR0\Partition2
12:18:25.0533 4400  \Device\Harddisk0\DR0\Partition2 - ok
12:18:25.0533 4400  ============================================================
12:18:25.0533 4400  Scan finished
12:18:25.0533 4400  ============================================================
12:18:25.0563 4876  Detected object count: 2
12:18:25.0563 4876  Actual detected object count: 2
12:18:54.0783 4876  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:54.0783 4876  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:54.0783 4876  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:54.0783 4876  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Gelöscht habe ich nichts, habe soweit alle Anweisungen befolgt.

cosinus · 16.11.2012, 14:10

Ist soweit unauffällig

Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Frischling · 16.11.2012, 14:42

Soo habe ich gemacht...aber wo sollte das 'ok' gewesen sein? o.o

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.11.2012 14:15:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Musterfrau\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 54,48% Memory free
5,49 Gb Paging File | 4,09 Gb Available in Paging File | 74,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270,35 Gb Total Space | 196,94 Gb Free Space | 72,85% Space Free | Partition Type: NTFS
 
Computer Name: MUSTER-LAPTOP | User Name: Musterfrau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.16 14:11:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Musterfrau\Downloads\OTL(1).exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.08 21:31:28 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.07.25 22:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2011.07.04 02:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011.07.04 02:02:00 | 000,083,304 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2011.07.04 02:02:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.06.13 17:43:28 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2011.05.26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.14 12:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011.04.14 12:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe
PRC - [2011.04.14 12:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011.04.04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011.04.04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.03.29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.27 12:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010.07.27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2010.07.06 20:51:12 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.07.06 20:50:44 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.04.07 13:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 13:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.04 02:02:00 | 000,054,272 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.08 13:46:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 16:55:12 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.25 22:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.04 02:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.07.04 02:02:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.06.13 17:43:28 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.04.20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.14 12:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011.04.14 12:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.04.04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.07.27 12:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010.07.27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.07.06 20:50:44 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.04.07 13:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\SAZPRI~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.16 15:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011.11.24 22:23:16 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011.11.24 22:23:12 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.09.14 22:42:20 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.09.14 22:42:20 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.07.04 02:02:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.03.29 18:14:08 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.03.29 18:12:16 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2011.02.23 08:14:44 | 001,033,832 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.08.18 09:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010.07.06 21:29:18 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.07.06 21:29:18 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.07.06 20:15:26 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.06.22 12:27:46 | 000,521,344 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010.06.17 16:18:24 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.29 04:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010.04.28 10:40:34 | 000,125,824 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.02.19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1052799760-4035677146-943743392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1052799760-4035677146-943743392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1052799760-4035677146-943743392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 80 F9 77 70 95 CD 01  [binary data]
IE - HKU\S-1-5-21-1052799760-4035677146-943743392-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1052799760-4035677146-943743392-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1052799760-4035677146-943743392-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1052799760-4035677146-943743392-1000\..\SearchScopes\{49BFE588-6A3B-4B1B-92C4-D79FABAF2BCC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=6AA7EBE3-47A0-4247-8CF7-E5891F0EBA89&apn_sauid=56AE5403-EF0B-4141-B33A-59E9D14F4457
IE - HKU\S-1-5-21-1052799760-4035677146-943743392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.08 13:47:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 16:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 16:55:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.09.14 18:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Extensions
[2012.11.16 00:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Muster\extensions
[2012.11.08 21:51:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Muster\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.12 16:33:17 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Muster\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.10.13 16:37:10 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Muster\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.10.12 22:17:50 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\Firefox\Profiles\Muster\extensions\firefox@ghostery.com
[2012.09.19 08:01:07 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\autopager@mozilla.org.xpi
[2011.10.14 19:37:38 | 000,008,359 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\copy-pure-text@kashiif-gmail.com.xpi
[2012.10.12 22:15:45 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\extension@ciuvo.com.xpi
[2012.10.08 09:57:13 | 000,142,418 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\firegestures@xuldev.org.xpi
[2012.11.16 00:19:14 | 000,083,626 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\secureLogin@blueimp.net.xpi
[2012.11.08 21:51:29 | 000,634,131 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\stefanvandamme@stefanvd.net.xpi
[2012.10.12 22:12:13 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.11.14 07:22:21 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.08 13:09:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.12 22:12:13 | 000,015,706 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi
[2012.07.21 16:25:54 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.10.12 22:14:34 | 000,697,733 | ---- | M] () (No name found) -- C:\Users\Musterfrau\AppData\Roaming\mozilla\firefox\profiles\Muster\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2012.11.08 13:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.02 17:34:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.08 13:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1052799760-4035677146-943743392-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKU\S-1-5-21-1052799760-4035677146-943743392-1000..\Run: [Pidgin] C:\Programme\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Musterfrau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Musterfrau\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Musterfrau\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A65FC52-78A1-44CF-B1BC-E9F84375F9D4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFCCDD02-CE7E-437B-BB4E-8FE22EBB2FB8}: NameServer = 204.152.184.76,85.214.73.63
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Users^Musterfrau^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk -  - File not found
MsConfig - StartUpReg: ACTray - hkey= - key= - C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo)
MsConfig - StartUpReg: AcWin7Hlpr - hkey= - key= - C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: LENOVO.TPKNRRES - hkey= - key= - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: SmartAudio - hkey= - key= - C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= -  File not found
MsConfig - StartUpReg: TpShocks - hkey= - key= -  File not found
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.16 11:28:10 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Musterfrau\Desktop\aswMBR.exe
[2012.11.14 15:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012.11.14 15:41:43 | 000,000,000 | ---D | C] -- C:\Users\Musterfrau\Documents\Electronic Arts
[2012.11.14 15:34:14 | 000,000,000 | ---D | C] -- C:\Users\Musterfrau\AppData\Local\Apps
[2012.11.14 15:17:28 | 000,000,000 | ---D | C] -- C:\Users\Musterfrau\Desktop\3.Semester
[2012.11.14 11:20:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.08 13:27:05 | 000,000,000 | ---D | C] -- C:\Users\Musterfrau\AppData\Local\Secunia PSI
[2012.11.08 13:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.11.08 13:12:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.30 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.22 12:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.10.22 12:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.16 13:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.16 12:13:15 | 000,000,512 | ---- | M] () -- C:\Users\Musterfrau\Desktop\MBR.dat
[2012.11.16 11:28:34 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Musterfrau\Desktop\aswMBR.exe
[2012.11.16 08:30:43 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.16 08:30:43 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.16 08:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.16 08:21:05 | 2213,146,624 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 16:13:16 | 000,654,346 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 16:13:16 | 000,616,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 16:13:16 | 000,130,186 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.15 16:13:16 | 000,106,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.14 16:29:19 | 000,339,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.14 16:21:27 | 000,001,061 | ---- | M] () -- C:\Users\Musterfrau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.11.08 13:26:48 | 000,001,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.11.08 12:22:12 | 000,111,710 | ---- | M] () -- C:\Users\Musterfrau\Desktop\TROJANERFORUM.rtf
[2012.11.08 11:39:39 | 000,302,592 | ---- | M] () -- C:\Users\Musterfrau\Desktop\dvq7xkum.exe
[2012.11.07 23:34:21 | 000,000,020 | ---- | M] () -- C:\Users\Musterfrau\defogger_reenable
[2012.11.07 23:22:19 | 000,003,031 | ---- | M] () -- C:\Users\Musterfrau\Desktop\HILFETROJANER.rtf
[2012.11.07 22:18:00 | 000,090,143 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Hiryoavat.jpg
[2012.11.07 19:33:48 | 000,010,561 | ---- | M] () -- C:\Users\Musterfrau\Documents\SternisBogen.rtf
[2012.11.07 19:05:51 | 000,142,270 | ---- | M] () -- C:\Users\Musterfrau\Documents\$RZPDY9M.jpg
[2012.11.07 19:05:10 | 000,103,147 | ---- | M] () -- C:\Users\Musterfrau\Documents\$RZF7CYC.jpg
[2012.11.07 18:49:15 | 000,169,990 | ---- | M] () -- C:\Users\Musterfrau\Desktop\Marion-portrait.jpg
[2012.11.03 13:12:29 | 000,623,884 | ---- | M] () -- C:\Users\Musterfrau\Documents\$RZCSVQ2.png
 
========== Files Created - No Company Name ==========
 
[2012.11.16 12:13:15 | 000,000,512 | ---- | C] () -- C:\Users\Musterfrau\Desktop\MBR.dat
[2012.11.14 16:21:27 | 000,001,061 | ---- | C] () -- C:\Users\Musterfrau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.11.14 15:59:31 | 000,009,884 | ---- | C] () -- C:\Users\Musterfrau\Documents\modern-wizard.bmp
[2012.11.14 11:16:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 11:15:45 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.08 13:26:48 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.11.08 13:26:48 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.11.08 11:39:39 | 000,302,592 | ---- | C] () -- C:\Users\Musterfrau\Desktop\dvq7xkum.exe
[2012.11.07 23:33:55 | 000,000,020 | ---- | C] () -- C:\Users\Musterfrau\defogger_reenable
[2012.11.07 23:27:56 | 000,111,710 | ---- | C] () -- C:\Users\Musterfrau\Desktop\TROJANERFORUM.rtf
[2012.11.07 23:22:19 | 000,003,031 | ---- | C] () -- C:\Users\Musterfrau\Desktop\HILFETROJANER.rtf
[2012.11.07 22:17:58 | 000,090,143 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Hiryoavat.jpg
[2012.11.07 19:02:26 | 000,142,270 | ---- | C] () -- C:\Users\Musterfrau\Documents\$RZPDY9M.jpg
[2012.11.07 19:02:26 | 000,103,147 | ---- | C] () -- C:\Users\Musterfrau\Documents\$RZF7CYC.jpg
[2012.11.07 18:48:18 | 000,169,990 | ---- | C] () -- C:\Users\Musterfrau\Desktop\Marion-portrait.jpg
[2012.11.03 13:48:51 | 000,010,561 | ---- | C] () -- C:\Users\Musterfrau\Documents\SternisBogen.rtf
[2012.11.03 13:12:29 | 000,623,884 | ---- | C] () -- C:\Users\Musterfrau\Documents\$RZCSVQ2.png
[2012.07.22 15:47:22 | 000,003,584 | ---- | C] () -- C:\Users\Musterfrau\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.08 23:43:06 | 000,000,218 | ---- | C] () -- C:\Users\Musterfrau\.recently-used.xbel
[2011.10.10 07:19:44 | 000,000,017 | ---- | C] () -- C:\Users\Musterfrau\AppData\Local\resmon.resmoncfg
[2011.09.14 22:42:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.09.14 22:42:20 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.09.14 18:44:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.09.14 16:19:55 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.14 16:19:53 | 000,205,156 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.14 15:46:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.08 16:32:27 | 000,000,000 | ---D | M] -- C:\Users\Kapu\AppData\Roaming\PwrMgr
[2012.11.16 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\.purple
[2011.09.14 22:37:55 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\DAEMON Tools Lite
[2012.11.16 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Dropbox
[2012.05.04 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\DVDVideoSoft
[2012.06.16 00:03:58 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Foxit Software
[2012.03.08 21:41:18 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\gtk-2.0
[2011.09.14 02:08:21 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\PwrMgr
[2011.09.14 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.08 16:30:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.14 16:20:04 | 000,000,000 | ---D | M] -- C:\CIMTEMP
[2012.11.14 16:28:36 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.14 00:59:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.14 01:49:17 | 000,000,000 | ---D | M] -- C:\Intel
[2011.09.20 10:19:23 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.14 15:59:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.22 12:59:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.09.14 00:59:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.14 00:59:05 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.16 14:19:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.08 16:29:08 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.08 13:12:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.11.16 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\.purple
[2012.09.14 22:35:42 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Adobe
[2011.12.02 18:27:31 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Apple Computer
[2011.09.14 16:58:36 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\ATI
[2012.05.16 14:32:18 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Avira
[2011.09.14 22:37:55 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\DAEMON Tools Lite
[2012.11.16 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Dropbox
[2012.05.04 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\DVDVideoSoft
[2012.06.16 00:03:58 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Foxit Software
[2012.03.08 21:41:18 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\gtk-2.0
[2011.09.14 00:59:29 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Identities
[2011.09.14 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\InstallShield
[2011.09.15 17:27:17 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Macromedia
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Media Center Programs
[2012.07.24 12:58:05 | 000,000,000 | --SD | M] -- C:\Users\Musterfrau\AppData\Roaming\Microsoft
[2011.09.14 18:22:26 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Mozilla
[2011.09.14 02:08:21 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\PwrMgr
[2012.11.16 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Skype
[2011.09.14 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\Thunderbird
[2012.11.14 15:21:52 | 000,000,000 | ---D | M] -- C:\Users\Musterfrau\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Musterfrau\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Musterfrau\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Musterfrau\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.09.18 15:45:38 | 000,010,134 | R--- | M] () -- C:\Users\Musterfrau\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 16.11.2012, 16:15

Ist auch unauffällig. Was ist JETZT AKTUELL überhaupt noch an Problemen offen?

Frischling · 16.11.2012, 16:21

Ähm eigentlich keine mehr, hatte halt nur das Problem mit pidief.dis und wusste nicht, was das ist und ob es noch irgendetwas betrifft

aber naja, dann bin ich ja froh, dass alles okay ist

und danke dir vielmals

(achso eine kurze Frage, ich wollte auf avast umsteigen, soll ich es erstmal installieren und dann avira deinstallieren? oder soll ich das schon vorher tun?)

cosinus · 16.11.2012, 16:33

Niemals Avast und AntiVir parallel betreiben! Erst einen deinstallieren, dann kann ein anderer rauf!

16.11.2012, 16:15	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EXP/pidief.dis Ist auch unauffällig. Was ist JETZT AKTUELL überhaupt noch an Problemen offen? __________________ Logfiles bitte immer in CODE-Tags posten

16.11.2012, 16:21	#11
Frischling Gesperrt	EXP/pidief.dis Ähm eigentlich keine mehr, hatte halt nur das Problem mit pidief.dis und wusste nicht, was das ist und ob es noch irgendetwas betrifft aber naja, dann bin ich ja froh, dass alles okay ist und danke dir vielmals (achso eine kurze Frage, ich wollte auf avast umsteigen, soll ich es erstmal installieren und dann avira deinstallieren? oder soll ich das schon vorher tun?)

16.11.2012, 16:33	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EXP/pidief.dis Niemals Avast und AntiVir parallel betreiben! Erst einen deinstallieren, dann kann ein anderer rauf! __________________ Logfiles bitte immer in CODE-Tags posten

EXP/pidief.dis

Plagegeister aller Art und deren Bekämpfung: EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

EXP/pidief.dis

Ähnliche Themen: EXP/pidief.dis