TR/Spy.Zbot.iehc und JAVA/Dldr.Pesur.AY und JAVA/Lamar.RY gefunden

heathcliff · 16.01.2013, 02:11

Guten Abend liebes Anti-Trojaner-Team,

nach einem Ausflug auf üble Seiten vor einigen Tagen hat mich mein Antivir-Scanner auf einen Fund aufmerksam gemacht. Daraufhin habe ich einen kompletten Scan durchgeführt, mit folgenden höchst unerfreulichen Ergebnissen.

TR/Spy.Zbot.iehc
JAVA/Dldr.Pesur.AY
JAVA/Lamar.RY

Die Übeltäter sind jetzt in der Quarantäne, aber ich mache mir große Sorgen, dass sie bereits Schaden an meinem Computer bzw. in meinen Konten (Facebook, eMail, Online-Banking, eBay) angerichtet haben.

Der Log des AV-Scans:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 16. Januar 2013 00:09

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Plattform : Microsoft Windows XP
Windowsversion : (Service Pack 3) [5.1.2600]
Boot Modus : Normal gebootet

Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 04.12.2012 14:37:47
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.400 67360 Bytes 04.12.2012 11:13:05
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 04.12.2012 14:37:55
AVREG.DLL : 13.6.0.406 248096 Bytes 04.12.2012 17:40:31
avlode.dll : 13.6.1.402 428832 Bytes 04.12.2012 14:36:57
avlode.rdf : 13.0.0.26 7958 Bytes 22.11.2012 10:59:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:43:11
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 15:24:55
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 15:24:55
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 15:24:55
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 15:24:55
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 15:24:55
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 17:22:48
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 16:08:42
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 20:51:51
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 23:32:23
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 13:53:45
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 21:52:14
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 15:12:10
VBASE020.VDF : 7.11.57.76 2048 Bytes 15.01.2013 15:12:10
VBASE021.VDF : 7.11.57.77 2048 Bytes 15.01.2013 15:12:10
VBASE022.VDF : 7.11.57.78 2048 Bytes 15.01.2013 15:12:10
VBASE023.VDF : 7.11.57.79 2048 Bytes 15.01.2013 15:12:10
VBASE024.VDF : 7.11.57.80 2048 Bytes 15.01.2013 15:12:10
VBASE025.VDF : 7.11.57.81 2048 Bytes 15.01.2013 15:12:10
VBASE026.VDF : 7.11.57.82 2048 Bytes 15.01.2013 15:12:10
VBASE027.VDF : 7.11.57.83 2048 Bytes 15.01.2013 15:12:10
VBASE028.VDF : 7.11.57.84 2048 Bytes 15.01.2013 15:12:11
VBASE029.VDF : 7.11.57.85 2048 Bytes 15.01.2013 15:12:11
VBASE030.VDF : 7.11.57.86 2048 Bytes 15.01.2013 15:12:11
VBASE031.VDF : 7.11.57.106 44032 Bytes 15.01.2013 21:11:52
Engineversion : 8.2.10.230
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.80 467322 Bytes 10.01.2013 23:32:28
AESCN.DLL : 8.1.10.0 131445 Bytes 21.12.2012 19:28:08
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 23:32:28
AEPACK.DLL : 8.3.1.2 819574 Bytes 21.12.2012 19:28:07
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:00:38
AEHEUR.DLL : 8.1.4.174 5615991 Bytes 10.01.2013 23:32:28
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.6.14 434548 Bytes 10.01.2013 23:32:25
AEEXP.DLL : 8.3.0.8 188788 Bytes 12.01.2013 12:39:36
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 21.12.2012 19:28:04
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 28.11.2012 14:05:52
AVREP.DLL : 13.4.0.360 177952 Bytes 28.11.2012 14:06:10
AVARKT.DLL : 13.6.0.402 260384 Bytes 04.12.2012 14:36:03
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 04.12.2012 11:04:02
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 28.11.2012 14:07:51
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.4.0.360 68384 Bytes 28.11.2012 14:09:40

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: c:\programme\avira\antivir desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 16. Januar 2013 00:09

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'DkIcon.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'WindowsSearch.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesAirMessage.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'WMPNSCFG.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'MCPLaunch.exe' - '10' Modul(e) wurden durchsucht
Durchsuche Prozess 'OpwareSE4.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'isuspm.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nhc.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdservice.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACWLIcon.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACTray.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'AwaySch.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLACTRLW.EXE' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'scheduler_proxy.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'LPMGR.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'smax4pnp.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpScrex.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKMGR.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'EzEjMnAp.Exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvtpwm_tray.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'cssauth.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiapsrv.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'suservice.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'logmon.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'IUService.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvtsched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'rrservice.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvttcsd.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpKmpSVC.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHDEXLG.EXE' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvt_reg_monitor_svc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'ImpWiFiSvc.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'MDM.EXE' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'FsUsbExService.Exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'DkService.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'IPSSVC.EXE' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'S24EvMon.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '170' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3880' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Preload>
[0] Archivtyp: RSRC
--> C:\Dokumente und Einstellungen\#\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[1] Archivtyp: RSRC
--> C:\Dokumente und Einstellungen\#\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2] Archivtyp: RSRC
--> C:\Dokumente und Einstellungen\#\Eigene Dateien\Downloads\jre-7u5-windows-i586-iftw.exe
[3] Archivtyp: Runtime Packed
--> C:\Dokumente und Einstellungen\#\Eigene Dateien\Downloads\jre-7u7-windows-i586-iftw.exe
[4] Archivtyp: Runtime Packed
--> C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21\1a9b7355-533f5b01
[5] Archivtyp: ZIP
--> n2n2n2n3a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2013-0422.D
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> hw.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RX
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RY
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21\1a9b7355-533f5b01
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RY
C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21\1a9b7355-5d6762a3
[FUND] Ist das Trojanische Pferd TR/Spy.ZBot.iehc
--> C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\647c3cdb-13a50682
[5] Archivtyp: ZIP
--> hw.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-5076
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Likinowl.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test2.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Pesur.AY
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\647c3cdb-13a50682
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Pesur.AY
Beginne mit der Suche in 'D:\' <Nutzdaten>

Beginne mit der Desinfektion:
C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\647c3cdb-13a50682
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Pesur.AY
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52c550a4.qua' verschoben!
C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21\1a9b7355-5d6762a3
[FUND] Ist das Trojanische Pferd TR/Spy.ZBot.iehc
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a507ed0.qua' verschoben!
C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21\1a9b7355-533f5b01
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RY
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '180f2438.qua' verschoben!

Ende des Suchlaufs: Mittwoch, 16. Januar 2013 01:30
Benötigte Zeit: 1:18:43 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

15303 Verzeichnisse wurden überprüft
462431 Dateien wurden geprüft
9 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
462422 Dateien ohne Befall
12109 Archive wurden durchsucht
6 Warnungen
3 Hinweise

Ich hatte bislang in meinem Computerleben zum Glück kaum Probleme mit Viren und Trojanern und wäre Euch jetzt wirklich sehr dankbar für Eure Hilfe!

heathcliff

heathcliff · 16.01.2013, 04:25

Bin jetzt allen Anweisungen gefolgt, hier die Protokolle:

OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.01.2013 02:25:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\#\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,36 Mb Total Physical Memory | 163,80 Mb Available Physical Memory | 16,15% Memory free
2,90 Gb Paging File | 2,00 Gb Available in Paging File | 69,10% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,38 Gb Total Space | 0,55 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive D: | 24,30 Gb Total Space | 8,46 Gb Free Space | 34,83% Space Free | Partition Type: NTFS
Drive R: | 99,72 Mb Total Space | 99,72 Mb Free Space | 100,00% Space Free | Partition Type: FAT
 
Computer Name: # | User Name: #| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.16 02:22:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\#\Desktop\OTL.exe
PRC - [2013.01.11 01:27:16 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.01.04 23:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.12.20 10:44:32 | 000,844,296 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.12.20 10:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.12.20 10:44:26 | 001,476,104 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.12.18 02:10:18 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Programme\Samsung\Kies\KiesAirMessage.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.11.21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.11.11 17:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010.04.22 23:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009.06.12 09:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008.09.24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.09.24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008.04.17 09:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 09:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 09:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007.02.04 11:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006.10.05 19:57:56 | 000,409,600 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006.10.05 19:54:16 | 000,106,496 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006.10.05 19:53:10 | 000,110,592 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006.10.05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006.10.05 19:40:32 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006.10.03 12:28:32 | 002,265,088 | ---- | M] (pBUS-167 Software - Notebook Hardware Control (NHC) - Homepage, Downloads, Help, Docu, FAQ, News - www.NotebookHardwareControl.net) -- C:\Programme\Notebook Hardware Control\nhc.exe
PRC - [2006.08.16 18:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006.08.16 18:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.07.14 18:20:38 | 000,817,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006.05.31 14:51:02 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2006.05.31 14:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2006.05.30 07:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.05.16 11:58:18 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe
PRC - [2006.03.13 16:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.07.05 06:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.12 16:20:39 | 013,033,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\9547b6408b93eb86aed3774457bcd815\Kies.Theme.ni.dll
MOD - [2013.01.12 16:20:37 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\1cfcfa27ba42a9ae3b13d4ecd2ad3659\DummyStorePlugin.ni.dll
MOD - [2013.01.12 16:20:36 | 000,613,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\7f4c0f2ef99f9da90d960ec9c414e424\DevicePodcast.ni.dll
MOD - [2013.01.12 16:20:35 | 000,293,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\50ec054fd0362a41c9b741d522cf6084\DeviceVideo.ni.dll
MOD - [2013.01.12 16:20:34 | 000,347,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\3f6e6f1b67c913f184d7f12514f818da\DevicePhoto.ni.dll
MOD - [2013.01.12 16:20:32 | 000,305,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceMusic\1be986d3f51f86037b1fbd1483af57d9\DeviceMusic.ni.dll
MOD - [2013.01.12 16:20:31 | 000,470,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\VideoManager\97c764ace77d0eb9e522bb33a5c40cff\VideoManager.ni.dll
MOD - [2013.01.12 16:20:30 | 000,774,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PhotoManager\a8c32126c7eaf58c14ab65f35fa23afa\PhotoManager.ni.dll
MOD - [2013.01.12 16:20:28 | 001,123,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Podcaster\e933a218a3d4a99455688395f07ad315\Podcaster.ni.dll
MOD - [2013.01.12 16:20:16 | 000,038,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013.01.12 16:20:14 | 006,330,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceHost\a7dd4ada20d853e444859f91c42570ca\DeviceHost.ni.dll
MOD - [2013.01.12 16:19:59 | 001,937,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Phonebook\9016847cccb98300eec0996553d7e7a5\Phonebook.ni.dll
MOD - [2013.01.12 16:19:52 | 000,721,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\044671a1a2f569326fd049b3fe55a958\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013.01.12 16:19:49 | 000,944,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\MusicManager\b587a92b1e27a872f8b34b0a937bdec8\MusicManager.ni.dll
MOD - [2013.01.12 16:19:47 | 000,402,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BATPlugin\f48f715d6ab97920980e3121d8a60c35\BATPlugin.ni.dll
MOD - [2013.01.12 16:19:43 | 000,515,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\df304879fe55d5ebf9d64a4f94acbcc9\Kies.Common.MediaDB.ni.dll
MOD - [2013.01.12 16:19:43 | 000,029,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\4055ce30dbdb84f2f3560e6cb883134a\Kies.Common.StoreManager.ni.dll
MOD - [2013.01.12 16:19:41 | 000,063,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\4bde149a6e4b5cbe6d6d9fd63bafbf80\Kies.Common.AllShare.ni.dll
MOD - [2013.01.12 16:19:39 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\79e92ed96ec5f1c4f562de9dc5d09fd2\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013.01.12 16:19:37 | 000,189,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c3cda346210d555748e0ee7c8467943a\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013.01.12 16:19:36 | 000,570,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0b49647da758c71de995e34612add065\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013.01.12 16:19:36 | 000,175,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll
MOD - [2013.01.12 16:19:34 | 000,624,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f635d8dc1390ce7ff0db7d25ea1aadee\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013.01.12 16:19:31 | 000,184,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f6ae7000cda7f49e02b8ba05d329f028\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.01.12 16:19:30 | 000,916,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e93cdcb2ef8d4d327785d81269ab8ea0\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013.01.12 16:19:27 | 001,068,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\178648e9fe2145d7e281f2881e956199\Kies.Common.DeviceService.ni.dll
MOD - [2013.01.12 16:19:24 | 000,030,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013.01.12 16:19:23 | 002,209,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\193d9ed7a6d738bebf95e27b1abd4b07\Kies.Common.Multimedia.ni.dll
MOD - [2013.01.12 16:19:19 | 000,206,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\946c2b138e55b9451d27e797ba68bf56\Kies.Common.MainUI.ni.dll
MOD - [2013.01.12 16:19:17 | 000,066,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\6ff313ce5f0b0593b00c46c9ebf6ce52\Kies.Common.DBManager.ni.dll
MOD - [2013.01.12 16:19:16 | 000,108,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\b09b5aa29b27f372debe459161e61e78\Kies.Common.CRMManager.ni.dll
MOD - [2013.01.12 16:19:15 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\a0e28507ffbc026aec26d36856c7013c\Kies.Common.Util.ni.dll
MOD - [2013.01.12 16:19:12 | 001,558,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\dac369ddd19fc96fdc5c6bbea73d66b0\Kies.Locale.ni.dll
MOD - [2013.01.12 16:19:11 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\54a1fa3d80338ea79ee361f0011dfc15\Kies.MVVM.ni.dll
MOD - [2013.01.12 16:19:10 | 001,920,512 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\8b6712fd2748be7d3b07596c4a98dc18\Kies.UI.ni.dll
MOD - [2013.01.12 16:19:06 | 000,160,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7b2ece660d37c281b3efda74cdbb835f\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013.01.12 16:19:05 | 001,223,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Interface\af72bf6da78cc0720ef6fbc52c1e3b24\Kies.Interface.ni.dll
MOD - [2013.01.12 16:19:02 | 002,060,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies\f4f79708c41e726f4cb877be3fa4af3f\Kies.ni.exe
MOD - [2013.01.11 01:27:04 | 003,021,872 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.01.09 23:21:02 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013.01.09 19:23:48 | 000,232,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\779a065e9d217d3a3aeeb354f9fce387\ASF_cSharpAPI.ni.dll
MOD - [2013.01.09 19:23:22 | 000,171,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013.01.09 19:23:22 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013.01.09 19:23:22 | 000,032,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013.01.09 19:23:08 | 000,395,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll
MOD - [2013.01.09 19:23:03 | 000,743,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\78c73ae3f99d95d788e3690a561a7701\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013.01.09 19:23:00 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll
MOD - [2013.01.09 19:22:36 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0cefa2c17df1d033e69ed47b0b660ce5\System.ServiceProcess.ni.dll
MOD - [2013.01.09 19:22:15 | 000,770,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ac57544602c17dd63420db75cceefa1d\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 19:21:59 | 001,812,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\25732130189e8f468a7d98647edffe8e\System.Xaml.ni.dll
MOD - [2013.01.09 19:18:16 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013.01.09 19:18:14 | 003,988,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\nhc\e014b40dba3674ac5893cb98d95bd5a1\nhc.ni.exe
MOD - [2013.01.09 19:14:23 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013.01.09 19:14:13 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.09 19:14:06 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.09 19:14:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013.01.09 19:13:59 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
MOD - [2013.01.09 19:13:55 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.09 19:13:43 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013.01.09 19:00:53 | 018,019,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7de7ccd4d0e5a6fda2187aff3d5c4ee8\PresentationFramework.ni.dll
MOD - [2013.01.09 19:00:22 | 011,522,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\608b2aa3ab5dfc3986285304a95a6dbf\PresentationCore.ni.dll
MOD - [2013.01.09 19:00:14 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\947b4fe468a1a03516ee26d9b3f4240a\System.Configuration.ni.dll
MOD - [2013.01.09 19:00:05 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a23c39d504467a0024e5f20c0f962f3f\System.Xml.ni.dll
MOD - [2013.01.09 19:00:01 | 003,880,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\639dacb8fc8d07719bdb5742940b4c33\WindowsBase.ni.dll
MOD - [2013.01.09 18:59:51 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\e773b94cc3f3fc25509904acb76cfe08\System.Core.ni.dll
MOD - [2013.01.09 18:59:32 | 009,094,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\5f79b00e1aaeafcc07907aa61fd3599e\System.ni.dll
MOD - [2013.01.09 18:59:17 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.09.19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009.05.05 23:31:49 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.05 23:31:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2008.04.17 09:08:56 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.10.05 19:57:56 | 000,409,600 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
MOD - [2006.10.05 19:54:16 | 000,106,496 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
MOD - [2006.10.05 19:53:46 | 000,229,376 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACGina.dll
MOD - [2006.10.05 19:53:38 | 000,032,768 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll
MOD - [2006.10.05 19:53:18 | 000,208,896 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006.10.05 19:53:10 | 000,110,592 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
MOD - [2006.10.05 19:42:28 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006.10.05 19:42:22 | 000,929,792 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACGUIHlpr.dll
MOD - [2006.10.05 19:40:32 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006.10.05 19:40:28 | 000,434,176 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006.10.05 19:39:58 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006.10.05 19:39:54 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006.10.05 19:39:46 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006.10.05 19:39:22 | 000,561,152 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006.10.05 19:38:12 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006.10.05 19:38:10 | 000,147,456 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006.10.05 19:38:06 | 000,491,520 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006.10.05 19:37:58 | 000,163,840 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006.10.05 19:37:40 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.08.02 00:26:20 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006.08.02 00:24:54 | 000,348,160 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
MOD - [2006.07.14 17:35:28 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2006.07.04 17:11:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL
MOD - [2006.05.31 14:52:36 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2006.05.25 17:13:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2006.05.25 17:13:00 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2006.03.15 18:36:52 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll
MOD - [2006.02.23 18:22:00 | 000,057,344 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL
MOD - [2005.11.30 12:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005.10.28 12:29:52 | 000,208,896 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005.07.05 06:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2001.10.28 15:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.01.11 01:27:05 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 23:21:04 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.02.02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010.11.11 17:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.06.12 09:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.03.03 13:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R)
SRV - [2008.09.24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.09.24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008.04.17 09:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.03.04 09:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006.10.05 19:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006.08.16 18:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006.05.31 14:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006.01.05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- D:\Programme\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.01.16 01:42:06 | 000,015,360 | ---- | M] (pBUS-167 Software - Notebook Hardware Control (NHC) - Homepage, Downloads, Help, Docu, FAQ, News - www.NotebookHardwareControl.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2012.11.28 14:17:06 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.11 17:02:26 | 000,026,008 | ---- | M] (Telefónica I+D) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tidnet.sys -- (tidnet)
DRV - [2010.05.28 07:25:04 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.02.22 17:33:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.02.22 17:33:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.02.22 17:33:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.12.28 15:52:40 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.23 19:04:13 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009.02.03 16:56:22 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.04.17 09:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.09.25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder PMP Edition\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.22 10:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.22 10:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.22 10:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.08.16 18:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.08.02 17:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.08.02 17:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006.08.02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006.07.20 18:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006.05.31 14:26:38 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006.05.31 14:22:26 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.05.31 14:18:36 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.05.31 14:17:36 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.05.31 14:15:42 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006.05.25 17:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006.04.25 19:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006.03.09 09:20:10 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.01.13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.01.26 15:28:36 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2002.09.16 17:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001.08.18 04:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPORT1 | Fußball | US-Sport | Handball | Basketball | Tennis | Wintersport | Bundesliga | Transfermarkt | Videos | Tabellen | Diashows | News | SPORT1.de
IE - HKCU\..\SearchScopes,DefaultScope = {9A2BDECB-C7A5-4083-8501-476D2C1C7E96}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{1E6E9DE0-C7E8-4689-A473-3195C23D0DBE}: "URL" = hxxp://rover.ebay.com/rover/1/707-53477-19255-0/1?icep_ff3=9&pub=5574640706&toolid=10001&campid=5336449492&customid=&icep_uq={searchTerms}&icep_sellerId=&icep_ex_kw=&icep_sortBy=12&icep_catId=&icep_minPrice=&icep_maxPrice=&ipn=psmain&icep_vectorid=229487&kwid=902099&mtid=824&kw=lg
IE - HKCU\..\SearchScopes\{60BEBD32-6478-40E6-AC93-9BCB1DE9E4DE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{6814BFCC-27B6-486F-B4CA-8885B9893F33}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IBMA_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
IE - HKCU\..\SearchScopes\{9A2BDECB-C7A5-4083-8501-476D2C1C7E96}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{F99AEA80-FAAC-48CE-AA22-229293E03FB3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.18
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.04.29 19:54:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.11 21:33:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.11 01:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.11 15:47:30 | 000,000,000 | ---D | M]
 
[2009.04.20 13:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Mozilla\Extensions
[2012.11.21 03:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Mozilla\Firefox\Profiles\7yipnwle.default\extensions
[2012.11.21 03:24:31 | 000,455,379 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Mozilla\Firefox\Profiles\7yipnwle.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013.01.11 01:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.11 21:33:41 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.01.11 01:27:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 09:08:45 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe ()
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Message Center Plus] C:\Programme\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NotebookHardwareControl] C:\Programme\Notebook Hardware Control\nhc.exe (pBUS-167 Software - Notebook Hardware Control (NHC) - Homepage, Downloads, Help, Docu, FAQ, News - www.NotebookHardwareControl.net)
O4 - HKLM..\Run: [OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TrayMin.lnk = C:\Programme\Philips\SPC 300NC PC Camera\TrayMin.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\#\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\#\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FDM herunterladen - d:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - d:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - d:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - d:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED35FD1E-EE80-43D9-A3BD-2F3C9D249CCC}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll ()
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Programme\Lenovo\AwayTask\AwayNotify.dll) - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\1024_768 Think EMEA Map.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1024_768 Think EMEA Map.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1e2925c3-a8a2-11de-9b80-0018de9da5e8}\Shell\AutoRun\command - "" = E:\__DTMEDIA\DTMedia.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 02:22:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\#\Desktop\OTL.exe
[2013.01.14 23:46:13 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2013.01.14 00:01:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Ullu
[2013.01.14 00:01:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Ibhy
[2013.01.14 00:01:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Huaf
[2013.01.13 19:24:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\Audible
[2013.01.13 19:24:50 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2013.01.13 19:24:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AudibleManager
[2013.01.13 19:24:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Eigene Dateien\Audible
[2013.01.13 19:24:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Audible
[2013.01.13 19:22:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Eigene Dateien\Neuer Ordner (4)
[2013.01.13 19:22:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Eigene Dateien\Neuer Ordner (3)
[2013.01.12 14:31:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\DDMSettings
[2013.01.12 14:06:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump
[2013.01.11 01:25:31 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.05 17:03:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\#\Recent
[2012.12.26 02:39:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\com.amazon.music.uploader
[2012.12.26 02:39:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Eigene Dateien\Amazon Music Importer
[2012.12.26 02:38:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe AIR
[2012.12.21 21:33:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Avira
[2012.12.21 20:26:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.12.21 20:26:07 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.12.21 20:26:07 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.12.21 20:26:07 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.12.21 20:25:51 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 02:26:44 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\#\Desktop\gmer-2.0.18444.exe
[2013.01.16 02:23:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\#\defogger_reenable
[2013.01.16 02:22:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\#\Desktop\OTL.exe
[2013.01.16 02:03:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.16 01:42:06 | 000,015,360 | ---- | M] (pBUS-167 Software - Notebook Hardware Control (NHC) - Homepage, Downloads, Help, Docu, FAQ, News - www.NotebookHardwareControl.net) -- C:\WINDOWS\System32\drivers\nhcDriver.sys
[2013.01.16 01:41:27 | 000,009,962 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2013.01.16 01:41:20 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013.01.16 01:40:20 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.16 01:40:09 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.16 01:38:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.16 01:38:56 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 01:36:35 | 000,106,165 | ---- | M] () -- C:\Dokumente und Einstellungen\#\Desktop\viren2.JPG
[2013.01.16 01:29:54 | 000,094,159 | ---- | M] () -- C:\Dokumente und Einstellungen\#\Desktop\viren.JPG
[2013.01.16 00:39:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.15 16:13:58 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013.01.14 23:46:40 | 000,001,038 | ---- | M] () -- C:\Dokumente und Einstellungen\#\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.01.13 19:24:51 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2013.01.09 22:16:23 | 104,857,600 | ---- | M] () -- C:\Dokumente und Einstellungen\#\Eigene Dateien\SecureDrive.vol
[2013.01.09 19:12:43 | 000,531,958 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 19:12:43 | 000,484,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 19:12:43 | 000,106,734 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 19:12:43 | 000,080,934 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 18:51:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.07 12:46:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.01.06 17:32:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.12.26 02:40:35 | 000,029,728 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.12.20 20:07:01 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.19 20:19:20 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.16 02:26:44 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\#\Desktop\gmer-2.0.18444.exe
[2013.01.16 02:23:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\#\defogger_reenable
[2013.01.16 01:36:34 | 000,106,165 | ---- | C] () -- C:\Dokumente und Einstellungen\#\Desktop\viren2.JPG
[2013.01.16 01:29:54 | 000,094,159 | ---- | C] () -- C:\Dokumente und Einstellungen\#\Desktop\viren.JPG
[2013.01.09 22:16:22 | 000,336,888 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013.01.09 18:51:38 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.12.26 02:39:01 | 000,000,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Amazon Music Importer.lnk
[2012.04.29 15:31:59 | 000,702,560 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2647900423-3315018056-1231632640-1005-0.dat
[2012.04.18 14:50:04 | 000,158,306 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.02.17 00:27:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.15 00:15:24 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.09.15 00:15:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.09.15 00:15:20 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.09.15 00:15:20 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.09.15 00:15:19 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.08.19 12:18:52 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\Animation2.dll
[2011.08.19 12:18:52 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\Bassdec.dll
[2011.08.19 12:18:51 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2011.08.19 12:18:51 | 000,235,904 | ---- | C] () -- C:\WINDOWS\System32\loadimage.dll
[2011.08.19 12:18:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\NewWaveAnzeige.dll
[2011.08.19 12:18:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2011.08.19 12:18:51 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2011.08.19 12:18:50 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FXStudioDLL.dll
[2011.07.30 17:23:46 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011.07.30 17:23:46 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011.07.30 17:23:46 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011.07.30 17:23:46 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011.07.30 17:23:46 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011.07.30 17:23:46 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011.07.30 17:23:46 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011.07.30 17:23:46 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011.07.30 17:23:46 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011.07.30 17:23:46 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011.07.30 17:23:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011.07.30 17:23:46 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011.07.30 17:23:46 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011.07.30 17:23:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011.07.30 17:23:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011.07.30 17:23:46 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011.07.30 17:23:46 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011.07.30 17:23:46 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011.07.30 17:23:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2008.10.26 15:22:02 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\$_hpcst$.hpc
[2006.12.31 18:18:08 | 000,038,065 | ---- | C] () -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2006.12.25 21:42:49 | 000,097,792 | ---- | C] () -- C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.25 21:24:24 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2006.12.25 17:52:45 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.12.25 00:21:39 | 000,000,247 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tvt_userinfo.ini
[2006.12.25 00:17:10 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\#\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.01.27 18:19:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.04.15 19:30:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.08.19 12:16:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DownloadManager
[2009.11.04 15:58:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG
[2009.10.23 19:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2011.07.30 17:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2011.07.16 02:34:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2011.08.10 23:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Röntgentrainer
[2012.12.12 15:32:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2009.04.15 19:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2011.04.04 14:44:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.02.02 16:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions
[2012.02.02 11:37:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.04.04 14:43:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.07.13 13:13:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Amazon
[2010.02.22 20:24:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Broad Intelligence
[2011.09.13 20:24:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Canon
[2012.12.26 02:39:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\com.amazon.music.uploader
[2011.08.01 22:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Das Fussball Studio
[2013.01.12 14:31:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\DDMSettings
[2009.10.23 19:04:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Downloaded Installations
[2013.01.16 01:43:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Dropbox
[2008.01.20 01:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\flash
[2013.01.05 17:06:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Free Download Manager
[2013.01.14 23:29:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Huaf
[2013.01.14 00:01:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Ibhy
[2007.01.17 01:11:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\InterVideo
[2007.01.11 02:44:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Leadertech
[2008.10.26 15:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Lenovo
[2012.07.21 13:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Oracle
[2011.07.04 14:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\PCDr
[2009.05.07 00:46:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\ProtectDisc
[2008.10.26 18:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\ROUTE 66 Sync
[2012.12.12 15:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Samsung
[2009.04.15 19:47:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\ScanSoft
[2009.08.19 19:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Sigel
[2008.01.20 01:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Supreme Auction
[2009.11.02 14:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\TeamViewer
[2012.01.11 17:39:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Telefónica
[2012.10.14 00:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Temp
[2006.11.17 09:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\ThinkVantage
[2009.10.23 14:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\TuneUp Software
[2013.01.14 23:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Ullu
[2011.05.03 22:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Update
[2008.06.27 19:24:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\VoipDiscount
[2012.04.15 14:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Windows Desktop Search
[2012.06.23 23:41:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\Windows Search
[2012.02.02 16:24:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\#\Anwendungsdaten\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Extras:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 16.01.2013 02:25:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\#\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,36 Mb Total Physical Memory | 163,80 Mb Available Physical Memory | 16,15% Memory free
2,90 Gb Paging File | 2,00 Gb Available in Paging File | 69,10% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 27,38 Gb Total Space | 0,55 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive D: | 24,30 Gb Total Space | 8,46 Gb Free Space | 34,83% Space Free | Partition Type: NTFS
Drive R: | 99,72 Mb Total Space | 99,72 Mb Free Space | 100,00% Space Free | Partition Type: FAT
 
Computer Name: #| User Name: # | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) 
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Disabled:Messenger -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Dokumente und Einstellungen\#\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\#\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe" = C:\Programme\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe:*:Enabled:Amazon Music Importer -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2811B04D-5AAB-4117-8FF8-79529D54634F}" = RemoteCapture Task 1.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{4526E521-18BC-4C01-8563-5CCE47AAC01C}" = ThinkVantage Fingerprint Software 5.5
"{47121A68-3C43-4AD1-BECA-07C8531458A4}" = Breitner, Chirurgische Operationslehre
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4b8a264d-f6c7-4602-86c3-7ae489dda08a}" = Nero BackItUp 4 Essentials
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage System für aktiven Festplattenschutz
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{863B903C-4D08-4A9C-9081-EF6A9F7E705E}" = Client für die Windows-Rechteverwaltung mit Service Pack 2
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7894110-9C15-43EF-89E9-060363290188}" = Samsung PC Studio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C05E2D43-A05F-4835-A15C-CD0AD1576506}" = PhotoStitch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = RAW Image Task
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E12A328A-7F9C-48FB-9E98-F51549FEC2B6}" = Philips SPC 300NC PC Camera
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Rückwärtskompatibilität des Clients für die Windows-Rechteverwaltung SP2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Camera Window
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = ThinkVantage Away Manager
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.amazon.music.uploader" = Amazon Music Importer
"DivX Setup" = DivX-Setup
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v4.20
"Free Download Manager_is1" = Free Download Manager 3.0
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2811B04D-5AAB-4117-8FF8-79529D54634F}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C05E2D43-A05F-4835-A15C-CD0AD1576506}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Canon Camera Window for ZoomBrowser EX
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.5 (Full)
"MediaCoder PMP Edition" = MediaCoder PMP Edition
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-04
"o2DE" = Mobile Connection Manager
"OUTLOOKR" = Microsoft Office Outlook 2007
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad-Präsentationsdirektor
"ProInst" = Intel(R) PROSet/Wireless Software
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"Remove Multimedia Center" = Remove Multimedia Center
"Supreme Auction_is1" = Supreme Auction
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZTE USB Driver" = ZTE USB Driver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2013 20:40:09 | Computer Name = # | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.01.2013 20:40:09 | Computer Name = # | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15672
 
Error - 12.01.2013 20:40:09 | Computer Name = # | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15672
 
Error - 13.01.2013 11:57:30 | Computer Name = # | Source = PC-Doctor | ID = 1
Description = (7712) Asapi: (16:57:30:2500)(7712) libCommon.System.Windows - Error
 -- 635 readFromPipeTimed(3612) timed out after 120000 totalBytes: 0 
 
Error - 13.01.2013 11:57:30 | Computer Name = # | Source = PC-Doctor | ID = 1
Description = (7712) Asapi: (16:57:30:4680)(7712) libCommon.System.Windows - Error
 -- 726 execAndGetPipeData(./pcdrsysinfosoftware.p5x) readFromPipeTimed failed, 
killing: 13536 
 
Error - 13.01.2013 11:57:31 | Computer Name = # | Source = PC-Doctor | ID = 1
Description = (7712) Asapi: (16:57:31:3280)(7712) Matrix.ModuleImp - Error -- 54
 Unable to get information from module due to failed exec. 
 
Error - 13.01.2013 11:57:31 | Computer Name = # | Source = PC-Doctor | ID = 1
Description = (7712) Asapi: (16:57:31:3280)(7712) enumerator - Error -- 116 pcdrsysinfosoftware:
 Module timed out after 133860 milliseconds and was terminated 
 
Error - 13.01.2013 17:50:49 | Computer Name = # | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.01.2013 17:50:49 | Computer Name = # | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11525281
 
Error - 13.01.2013 17:50:49 | Computer Name = # | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11525281
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 12.11.2010 02:41:51 | Computer Name = # | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
 file size of the file on the server
 
Error - 12.11.2010 02:41:51 | Computer Name = # | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo\MessageCenterPlus\ServerRepository\temp\ssg.do
 does not have a Lenovo Digital Signature. The file will be deleted
 
Error - 12.11.2010 22:16:41 | Computer Name = # | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
 file size of the file on the server
 
Error - 12.11.2010 22:16:41 | Computer Name = # | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo\MessageCenterPlus\ServerRepository\temp\ssg.do
 does not have a Lenovo Digital Signature. The file will be deleted
 
[ OSession Events ]
Error - 19.07.2008 13:26:58 | Computer Name = # | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.01.2009 18:00:52 | Computer Name = # | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.01.2009 11:12:19 | Computer Name = # | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.03.2010 13:37:55 | Computer Name = # | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 717
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.07.2010 10:52:23 | Computer Name = # | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 8381 seconds with 4260 seconds of active time.  This session ended with a
 crash.
 
Error - 24.08.2010 17:50:43 | Computer Name = # | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 639
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.11.2010 07:13:10 | Computer Name = # | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 99
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.09.2011 16:59:02 | Computer Name = # | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 89
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.02.2012 16:02:44 | Computer Name = # | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 89
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.01.2013 09:26:29 | Computer Name = # | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 12.01.2013 20:40:57 | Computer Name = # | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst stisvc.
 
Error - 13.01.2013 14:37:37 | Computer Name = # | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 14.01.2013 18:38:05 | Computer Name = # | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 18:41:45 | Computer Name = # | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
Error - 14.01.2013 18:42:11 | Computer Name = # | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 15.01.2013 13:20:14 | Computer Name = # | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 15.01.2013 20:39:22 | Computer Name = # | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
Error - 15.01.2013 20:42:25 | Computer Name = # | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
 "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers 
nicht gestartet wurde:   %%1058
 
Error - 15.01.2013 20:43:03 | Computer Name = # | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
[ TuneUp Events ]
Error - 10.02.2012 16:02:26 | Computer Name = # | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >

--- --- ---

heathcliff · 16.01.2013, 04:29

Code:

ATTFilter

GMER:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-16 03:56:51
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS54106 rev.MB3I 55,89GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\#\LOKALE~1\Temp\pwliqaoc.sys


---- System - GMER 2.0 ----

SSDT    A4F71DD4                                                                                                                                                                                            ZwClose
SSDT    A4F71D8E                                                                                                                                                                                            ZwCreateKey
SSDT    A4F71DDE                                                                                                                                                                                            ZwCreateSection
SSDT    A4F71D84                                                                                                                                                                                            ZwCreateThread
SSDT    A4F71D93                                                                                                                                                                                            ZwDeleteKey
SSDT    A4F71D9D                                                                                                                                                                                            ZwDeleteValueKey
SSDT    A4F71DCF                                                                                                                                                                                            ZwDuplicateObject
SSDT    A4F71DA2                                                                                                                                                                                            ZwLoadKey
SSDT    A4F71D70                                                                                                                                                                                            ZwOpenProcess
SSDT    A4F71D75                                                                                                                                                                                            ZwOpenThread
SSDT    A4F71DF7                                                                                                                                                                                            ZwQueryValueKey
SSDT    A4F71DAC                                                                                                                                                                                            ZwReplaceKey
SSDT    A4F71DE8                                                                                                                                                                                            ZwRequestWaitReplyPort
SSDT    A4F71DA7                                                                                                                                                                                            ZwRestoreKey
SSDT    A4F71DE3                                                                                                                                                                                            ZwSetContextThread
SSDT    A4F71DED                                                                                                                                                                                            ZwSetSecurityObject
SSDT    A4F71D98                                                                                                                                                                                            ZwSetValueKey
SSDT    A4F71DF2                                                                                                                                                                                            ZwSystemDebugControl
SSDT    A4F71D7F                                                                                                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

.text   ntkrnlpa.exe!ZwCallbackReturn + 2EFC                                                                                                                                                                805047F4 4 Bytes  CALL 98F53F16 
.reloc  C:\WINDOWS\system32\drivers\acedrv11.sys                                                                                                                                                            section is executable [0x9D6B8300, 0x25D4C, 0xE0000060]

---- User code sections - GMER 2.0 ----

.text   C:\WINDOWS\system32\SearchIndexer.exe[2156] kernel32.dll!WriteFile                                                                                                                                  7C8112FF 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text   C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4808] ntdll.dll!DbgBreakPoint                                                                                                        7C91120E 1 Byte  [C3]
.text   C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4808] ntdll.dll!DbgUiRemoteBreakin                                                                                                   7C9620EC 5 Bytes  JMP 7C9325C8 C:\WINDOWS\system32\ntdll.dll (DLL für NT-Layer/Microsoft Corporation)

---- Files - GMER 2.0 ----

File    C:\RRbackups\.directory                                                                                                                                                                             50 bytes
File    C:\RRbackups\C                                                                                                                                                                                      0 bytes
File    C:\RRbackups\C\.directory                                                                                                                                                                           50 bytes
File    C:\RRbackups\common                                                                                                                                                                                 0 bytes
File    C:\RRbackups\common\.directory                                                                                                                                                                      91 bytes
File    C:\RRbackups\common\backups.dat                                                                                                                                                                     8192 bytes
File    C:\RRbackups\common\hints.dat                                                                                                                                                                       8192 bytes
File    C:\RRbackups\common\mnd.dat                                                                                                                                                                         8192 bytes
File    C:\RRbackups\common\regcerts.dat                                                                                                                                                                    8192 bytes
File    C:\RRbackups\common\rr.log                                                                                                                                                                          49803 bytes
File    C:\RRbackups\common\SAM                                                                                                                                                                             28672 bytes
File    C:\RRbackups\common\seccache.dat                                                                                                                                                                    8192 bytes
File    C:\RRbackups\common\secpolicy.dat                                                                                                                                                                   57344 bytes
File    C:\RRbackups\common\settings.dat                                                                                                                                                                    28672 bytes
File    C:\RRbackups\common\system.dat                                                                                                                                                                      12288 bytes
File    C:\RRbackups\common\tvtns.bin                                                                                                                                                                       23 bytes
File    C:\RRbackups\common\usersids.dat                                                                                                                                                                    16640 bytes
File    C:\RRbackups\D                                                                                                                                                                                      0 bytes
File    C:\RRbackups\D\.directory                                                                                                                                                                           49 bytes
File    C:\RRbackups\Documents and Settings                                                                                                                                                                 0 bytes
File    C:\RRbackups\Documents and Settings\.directory                                                                                                                                                      50 bytes
File    C:\RRbackups\Documents and Settings\Administrator                                                                                                                                                   0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten                                                                                                                                   0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo                                                                                                                            0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\.directory                                                                                                                 50 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft                                                                                                                         0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\.directory                                                                                                              50 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto                                                                                                                  0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                              0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect                                                                                                                 0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\CREDHIST                                                                                                        24 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2495526538-1960798010-2588485502-500                                                                   0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2495526538-1960798010-2588485502-500\6b1a166a-cad2-43ee-81e1-a86f772e2c01                              388 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2495526538-1960798010-2588485502-500\Preferred                                                         24 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-84991362-1806797406-1541798435-500                                                                     0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-84991362-1806797406-1541798435-500\1786d07c-29e7-49ab-ba98-a325c10be8f3                                388 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-84991362-1806797406-1541798435-500\Preferred                                                           24 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                      0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                   0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                      0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                              0 bytes
File    C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                              0 bytes
File    C:\RRbackups\Documents and Settings\All Users                                                                                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\All Users\.directory                                                                                                                                            49 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten                                                                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\.directory                                                                                                                            49 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo                                                                                                                                0 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\.directory                                                                                                                     50 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution                                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\encobject.dat                                                                                         1608 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\hwkeys.dat                                                                                            4248 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\symkeys.dat                                                                                           656 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft                                                                                                                             0 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\.directory                                                                                                                  50 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto                                                                                                                      0 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\.directory                                                                                                           50 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                                  0 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys                                                                                                      0 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_83851021-9ed0-4285-8423-004339c967ce                                925 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18                                                                                                         0 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_83851021-9ed0-4285-8423-004339c967ce                                   57 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\533145ef011ddf5ca3983e2545a902b4_83851021-9ed0-4285-8423-004339c967ce                                   2099 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_83851021-9ed0-4285-8423-004339c967ce                                   53 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_83851021-9ed0-4285-8423-004339c967ce                                   47 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\83aa4cc77f591dfc2374580bbd95f6ba_83851021-9ed0-4285-8423-004339c967ce                                   45 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_83851021-9ed0-4285-8423-004339c967ce                                   54 bytes
File    C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_83851021-9ed0-4285-8423-004339c967ce                                   917 bytes
File    C:\RRbackups\Documents and Settings\Default User                                                                                                                                                    0 bytes
File    C:\RRbackups\Documents and Settings\Default User\.directory                                                                                                                                         50 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten                                                                                                                                    0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\.directory                                                                                                                         49 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Lenovo                                                                                                                             0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Lenovo\.directory                                                                                                                  49 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft                                                                                                                          0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\.directory                                                                                                               49 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Crypto                                                                                                                   0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Crypto\.directory                                                                                                        49 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                               0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect                                                                                                                  0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\CREDHIST                                                                                                         24 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2495526538-1960798010-2588485502-500                                                                    0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2495526538-1960798010-2588485502-500\6b1a166a-cad2-43ee-81e1-a86f772e2c01                               388 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2495526538-1960798010-2588485502-500\Preferred                                                          24 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-84991362-1806797406-1541798435-500                                                                      0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-84991362-1806797406-1541798435-500\1786d07c-29e7-49ab-ba98-a325c10be8f3                                 388 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-84991362-1806797406-1541798435-500\Preferred                                                            24 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                    0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                               0 bytes
File    C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                               0 bytes
File    C:\RRbackups\Documents and Settings\#                                                                                                                                                            0 bytes
File    C:\RRbackups\Documents and Settings\#\.directory                                                                                                                                                 50 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten                                                                                                                                            0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\.directory                                                                                                                                 50 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo                                                                                                                                     0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\.directory                                                                                                                          50 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\Client Security Solution                                                                                                            0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\Client Security Solution\config.ini                                                                                                 61 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\Client Security Solution\cspContainer.dat                                                                                           332 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\Client Security Solution\cssversion.dat                                                                                             1908 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\Client Security Solution\encobject.dat                                                                                              19296 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\Client Security Solution\hibernation.dat                                                                                            4 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\Client Security Solution\hwkeys.dat                                                                                                 10620 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\Client Security Solution\pwdrecovery.dat                                                                                            1104 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Lenovo\Client Security Solution\symkeys.dat                                                                                                2296 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft                                                                                                                                  0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\.directory                                                                                                                       49 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto                                                                                                                           0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\.directory                                                                                                                49 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005                                                                        0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\533145ef011ddf5ca3983e2545a902b4_83851021-9ed0-4285-8423-004339c967ce  2099 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\549a9e15135fb4efa3fb9b2c86c5f31d_83851021-9ed0-4285-8423-004339c967ce  1309 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\5550e7cb640347345a345c63aa7a6848_83851021-9ed0-4285-8423-004339c967ce  59 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\6a1f7813c367393e02da03807d8dc3ff_83851021-9ed0-4285-8423-004339c967ce  45 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\6b29ae44e85efac3c72ff4d1865d73f1_83851021-9ed0-4285-8423-004339c967ce  53 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\83aa4cc77f591dfc2374580bbd95f6ba_83851021-9ed0-4285-8423-004339c967ce  45 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\8f71098770f72c7a67cd8f1151619865_83851021-9ed0-4285-8423-004339c967ce  54 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\dac56a91d0232dd42d2178b7ebc3b6e8_83851021-9ed0-4285-8423-004339c967ce  903 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\dbe5a52f49f0c5500c270a9769f89b92_83851021-9ed0-4285-8423-004339c967ce  45 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2647900423-3315018056-1231632640-1005\f1cb0b3c1e2afcce9ab03a54aeef12f9_83851021-9ed0-4285-8423-004339c967ce  63 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect                                                                                                                          0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\CREDHIST                                                                                                                 160 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2495526538-1960798010-2588485502-500                                                                            0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2495526538-1960798010-2588485502-500\6b1a166a-cad2-43ee-81e1-a86f772e2c01                                       388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2495526538-1960798010-2588485502-500\Preferred                                                                  24 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005                                                                           0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\354ebafb-7afa-486b-b1d8-8a7c943b002f                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\92a3734c-168e-486d-95b8-e8465f2dc515                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\0256cc01-d9d7-4dc2-b21d-9d070c9dba94                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\0a3cb7b2-2110-45d4-893a-8627f651cc30                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\0ff22a46-16df-449e-9f08-27ed1199d733                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\19401b22-d286-46d4-af66-7c1e8703680a                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\243ed2f5-f21b-4535-83e4-7bce63f5420e                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\26b9397b-8fc3-46e9-83a3-b93c695e0fff                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\352b531d-c077-4eb7-bdb3-de91bc849f16                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\3fba500c-83b3-40ec-a4df-0d555721f912                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\4c303158-8645-419b-b957-be49afe5777d                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\4e1244ec-62b9-4c90-80c3-98e5a6b85a97                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\5ac2c55e-03be-4673-b08b-2e5ae3359471                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\5c97f01e-20e9-497e-8444-8933642020ad                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\7cf59361-0b58-4906-b322-34892cdec7e5                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\8c00da39-f1b5-487d-9331-2cd110b24493                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\9ef91f17-6c35-414d-892a-817d66000471                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\a06be7e5-a1ec-407b-8c76-0bd05ca6ebcd                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\ad55534c-6eb4-4abc-a76e-b9a3c45a1541                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\afdf39fa-6adf-42c8-8424-76de70579a8f                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\c0b05e2c-6803-4112-93e3-fc665b3dd99b                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\c474f354-d00a-4d81-9616-71415072da8a                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\cc3652a4-0ae8-4398-b9c8-cf8b327936c5                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\cc71c81c-58c9-4d44-89de-b2e2ebd47f21                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\d4d7d7f6-9863-44d6-aab6-0855b2787f88                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\e53a3cab-2114-49a3-965f-16a9e0c86de1                                      388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2647900423-3315018056-1231632640-1005\Preferred                                                                 24 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-84991362-1806797406-1541798435-500                                                                              0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-84991362-1806797406-1541798435-500\1786d07c-29e7-49ab-ba98-a325c10be8f3                                         388 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\Protect\S-1-5-21-84991362-1806797406-1541798435-500\Preferred                                                                    24 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                               0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                            0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                               0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\#\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\LocalService                                                                                                                                                    0 bytes
File    C:\RRbackups\Documents and Settings\LocalService\.directory                                                                                                                                         49 bytes
File    C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten                                                                                                                                    0 bytes
File    C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\.directory                                                                                                                         49 bytes
File    C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft                                                                                                                          0 bytes
File    C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\.directory                                                                                                               49 bytes
File    C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                    0 bytes
File    C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                       0 bytes
File    C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                               0 bytes
File    C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                               0 bytes
File    C:\RRbackups\Documents and Settings\NetworkService                                                                                                                                                  0 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\.directory                                                                                                                                       50 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten                                                                                                                                  0 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\.directory                                                                                                                       50 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft                                                                                                                        0 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\.directory                                                                                                             50 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                     0 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                  0 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                     0 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                             0 bytes
File    C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                             0 bytes
File    C:\RRbackups\SIS                                                                                                                                                                                    0 bytes
File    C:\RRbackups\SIS\.directory                                                                                                                                                                         50 bytes
File    C:\RRbackups\SIS\C                                                                                                                                                                                  0 bytes
File    C:\RRbackups\SIS\C\.directory                                                                                                                                                                       50 bytes

---- EOF - GMER 2.0 ----


Nochmals vielen Dank.
In 2h aufstehen... Scheiß Virus!

Nochmals vielen Dank.
In 2h aufstehen... Scheiß Virus!

cosinus · 18.01.2013, 09:47

Zitat:

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

heathcliff · 18.01.2013, 12:47

Servus cosinus,

bin ich froh, eine Antwort von Dir zu sehen!
Das ist wirklich reiner Zufall. War damals als System auf dem IBM/ Lenovo Fertig-Laptop.
Ist ein rein privat genutztes Gerät.

cosinus · 18.01.2013, 13:11

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

heathcliff · 18.01.2013, 13:50

Ich kann leider nicht immer zügig antworten, bin bis heute Abend noch in der Arbeit.
Nach dem Antivir-Scan bin ich ausschließlich Euren Anweisungen gefolgt und habe die hier geposteten Logs ermittelt.

cosinus · 18.01.2013, 14:55

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

heathcliff · 18.01.2013, 15:07

Ich melde mich, sobald ich wieder an meinem PC sitze. Das wird leider nicht vor 21h heute Abend sein.

Erster Durchlauf:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.18.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
# :: # [administrator]

19.01.2013 00:32:39
mbar-log-2013-01-19 (00-32-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27817
Time elapsed: 29 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Am Ende verlangte das Programm nach dem Cleanup keinen Neustart. Ich hab ihn dann selbst durchgeführt. Gerade läuft der zewite Scan. Ergebnis folgt gleich.

Zweiter Scan:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.18.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
# :: #[administrator]

19.01.2013 01:13:33
mbar-log-2013-01-19 (01-13-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27734
Time elapsed: 24 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Leider erklang später wieder das Avira Warnsignal, allerdings ohne Angabe eines Fundes.

cosinus · 20.01.2013, 18:48

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

heathcliff · 20.01.2013, 21:53

Guten Abend cosinus,

nochmals Danke für Deine Hilfe.
Hier die Ergebnisse der beiden Scans:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-20 19:19:53
-----------------------------
19:19:53.671    OS Version: Windows 5.1.2600 Service Pack 3
19:19:53.671    Number of processors: 2 586 0xF06
19:19:53.671    ComputerName: #  UserName: #
19:19:54.328    Initialize success
19:26:18.593    AVAST engine defs: 13012000
19:35:09.359    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:35:09.359    Disk 0 Vendor: HTS54106 MB3I Size: 57231MB BusType: 3
19:35:09.390    Disk 0 MBR read successfully
19:35:09.390    Disk 0 MBR scan
19:35:09.515    Disk 0 unknown MBR code
19:35:09.515    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        28039 MB offset 63
19:35:09.546    Disk 0 Partition 2 00     12  Compaq diag MSWIN4.1     4304 MB offset 108395280
19:35:09.562    Disk 0 Partition - 00     0F Extended LBA             24887 MB offset 57425760
19:35:09.578    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        24887 MB offset 57425823
19:35:09.578    Disk 0 scanning sectors +117210240
19:35:09.812    Disk 0 scanning C:\WINDOWS\system32\drivers
19:35:41.281    Service scanning
19:36:25.593    Modules scanning
19:36:40.078    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
19:36:41.984    Disk 0 trace - called modules:
19:36:42.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys 
19:36:42.015    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ddeab8]
19:36:42.015    3 CLASSPNP.SYS[f757dfd7] -> nt!IofCallDriver -> \Device\000000a7[0x86d5a798]
19:36:42.015    5 ACPI.sys[f7413620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86d30030]
19:36:42.437    AVAST engine scan C:\WINDOWS
19:36:46.375    AVAST engine scan C:\WINDOWS\system32
19:45:16.031    AVAST engine scan C:\WINDOWS\system32\drivers
19:45:39.375    AVAST engine scan C:\Dokumente und Einstellungen\#
19:51:28.015    AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:57:25.750    Scan finished successfully
19:58:14.656    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\#\Desktop\MBR.dat"
19:58:14.656    The log file has been saved successfully to "C:\Dokumente und Einstellungen\#\Desktop\aswMBR.txt"

Teil 1:

Code:

ATTFilter

19:58:37.0656 8016  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:58:37.0671 8016  ============================================================
19:58:37.0671 8016  Current date / time: 2013/01/20 19:58:37.0671
19:58:37.0671 8016  SystemInfo:
19:58:37.0671 8016  
19:58:37.0671 8016  OS Version: 5.1.2600 ServicePack: 3.0
19:58:37.0671 8016  Product type: Workstation
19:58:37.0671 8016  ComputerName: #
19:58:37.0671 8016  UserName: #
19:58:37.0671 8016  Windows directory: C:\WINDOWS
19:58:37.0671 8016  System windows directory: C:\WINDOWS
19:58:37.0671 8016  Processor architecture: Intel x86
19:58:37.0671 8016  Number of processors: 2
19:58:37.0671 8016  Page size: 0x1000
19:58:37.0671 8016  Boot type: Normal boot
19:58:37.0671 8016  ============================================================
19:58:38.0125 8016  Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:58:38.0125 8016  ============================================================
19:58:38.0125 8016  \Device\Harddisk0\DR0:
19:58:38.0140 8016  MBR partitions:
19:58:38.0140 8016  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36C3F21
19:58:38.0171 8016  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36C3F9F, BlocksNum 0x309BB71
19:58:38.0171 8016  ============================================================
19:58:38.0218 8016  C: <-> \Device\Harddisk0\DR0\Partition1
19:58:38.0234 8016  D: <-> \Device\Harddisk0\DR0\Partition2
19:58:38.0234 8016  ============================================================
19:58:38.0234 8016  Initialize success
19:58:38.0234 8016  ============================================================
19:58:42.0000 4732  ============================================================
19:58:42.0000 4732  Scan started
19:58:42.0000 4732  Mode: Manual; 
19:58:42.0000 4732  ============================================================
19:58:42.0703 4732  ================ Scan system memory ========================
19:58:42.0718 4732  System memory - ok
19:58:42.0718 4732  ================ Scan services =============================
19:58:42.0984 4732  Abiosdsk - ok
19:58:43.0015 4732  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:58:43.0015 4732  abp480n5 - ok
19:58:43.0062 4732  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
19:58:43.0062 4732  ac97intc - ok
19:58:43.0109 4732  [ A6FE70357A68AD1E279CD1012419CCE6 ] acedrv11        C:\WINDOWS\system32\drivers\acedrv11.sys
19:58:43.0125 4732  acedrv11 - ok
19:58:43.0187 4732  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:58:43.0187 4732  ACPI - ok
19:58:43.0203 4732  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:58:43.0203 4732  ACPIEC - ok
19:58:43.0328 4732  [ EEB7649C2C32EFD155B7A239A2F82868 ] AcPrfMgrSvc     C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
19:58:43.0343 4732  AcPrfMgrSvc - ok
19:58:43.0359 4732  [ 0A3556CAF497833FD0D3214FC125D7B7 ] AcSvc           C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
19:58:43.0375 4732  AcSvc - ok
19:58:43.0406 4732  [ 66614B9FDC7E74AB736A84D89F7B06B6 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:58:43.0421 4732  ADIHdAudAddService - ok
19:58:43.0500 4732  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:58:43.0500 4732  AdobeFlashPlayerUpdateSvc - ok
19:58:43.0562 4732  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:58:43.0562 4732  adpu160m - ok
19:58:43.0609 4732  [ 03BE587E90C8B37C7FF1FE2E9C1D1C90 ] AEAudioService  C:\WINDOWS\system32\drivers\AEAudio.sys
19:58:43.0609 4732  AEAudioService - ok
19:58:43.0640 4732  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:58:43.0640 4732  aec - ok
19:58:43.0718 4732  [ 15E655BAA989444F56787EF558823643 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:58:43.0718 4732  AegisP - ok
19:58:43.0796 4732  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:58:43.0796 4732  AFD - ok
19:58:43.0859 4732  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
19:58:43.0859 4732  agp440 - ok
19:58:43.0875 4732  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:58:43.0875 4732  agpCPQ - ok
19:58:43.0921 4732  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:58:43.0921 4732  Aha154x - ok
19:58:43.0953 4732  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:58:43.0953 4732  aic78u2 - ok
19:58:44.0015 4732  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:58:44.0031 4732  aic78xx - ok
19:58:44.0078 4732  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:58:44.0078 4732  Alerter - ok
19:58:44.0125 4732  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
19:58:44.0125 4732  ALG - ok
19:58:44.0140 4732  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
19:58:44.0140 4732  AliIde - ok
19:58:44.0171 4732  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:58:44.0171 4732  alim1541 - ok
19:58:44.0187 4732  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:58:44.0187 4732  amdagp - ok
19:58:44.0234 4732  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
19:58:44.0234 4732  amsint - ok
19:58:44.0265 4732  [ 11AB185A7AF224800BBFB5B836974A17 ] ANC             C:\WINDOWS\system32\drivers\ANC.SYS
19:58:44.0265 4732  ANC - ok
19:58:44.0359 4732  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
19:58:44.0359 4732  AntiVirSchedulerService - ok
19:58:44.0406 4732  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:58:44.0421 4732  AntiVirService - ok
19:58:44.0515 4732  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:58:44.0515 4732  Apple Mobile Device - ok
19:58:44.0562 4732  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:58:44.0562 4732  AppMgmt - ok
19:58:44.0593 4732  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:58:44.0593 4732  Arp1394 - ok
19:58:44.0625 4732  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
19:58:44.0625 4732  asc - ok
19:58:44.0640 4732  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:58:44.0640 4732  asc3350p - ok
19:58:44.0656 4732  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:58:44.0656 4732  asc3550 - ok
19:58:44.0765 4732  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:58:44.0781 4732  aspnet_state - ok
19:58:44.0843 4732  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:58:44.0843 4732  AsyncMac - ok
19:58:44.0859 4732  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:58:44.0875 4732  atapi - ok
19:58:44.0875 4732  Atdisk - ok
19:58:44.0890 4732  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:58:44.0890 4732  Atmarpc - ok
19:58:44.0937 4732  [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm        C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
19:58:44.0937 4732  atmeltpm - ok
19:58:44.0984 4732  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:58:44.0984 4732  AudioSrv - ok
19:58:45.0015 4732  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:58:45.0031 4732  audstub - ok
19:58:45.0062 4732  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:58:45.0062 4732  avgntflt - ok
19:58:45.0109 4732  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:58:45.0125 4732  avipbb - ok
19:58:45.0140 4732  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:58:45.0140 4732  avkmgr - ok
19:58:45.0187 4732  [ BB1A2A73F993B623F99E03ED2F9E014C ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:58:45.0187 4732  b57w2k - ok
19:58:45.0203 4732  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:58:45.0203 4732  Beep - ok
19:58:45.0250 4732  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:58:45.0265 4732  BITS - ok
19:58:45.0328 4732  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
19:58:45.0328 4732  Bonjour Service - ok
19:58:45.0375 4732  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
19:58:45.0375 4732  Browser - ok
19:58:45.0421 4732  [ 6B7D6CA0DB38B36C1D95447757741D1A ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
19:58:45.0437 4732  btaudio - ok
19:58:45.0468 4732  [ 48E37289BAE3D006D5583A661168CA00 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
19:58:45.0468 4732  BTDriver - ok
19:58:45.0515 4732  [ DBD408226B00C20158864F30A5A84451 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
19:58:45.0546 4732  BTKRNL - ok
19:58:45.0593 4732  [ CB2A3BAE9AAD6B42F7B6473363BBC168 ] btwdins         C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
19:58:45.0593 4732  btwdins - ok
19:58:45.0625 4732  [ 8103112C1016DDC68DC292A083B02487 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
19:58:45.0625 4732  BTWDNDIS - ok
19:58:45.0640 4732  [ 7CD8E4303FDA5B11DA325340778D99D9 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
19:58:45.0656 4732  BTWUSB - ok
19:58:45.0671 4732  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:58:45.0671 4732  cbidf - ok
19:58:45.0671 4732  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:58:45.0671 4732  cbidf2k - ok
19:58:45.0718 4732  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:58:45.0718 4732  CCDECODE - ok
19:58:45.0750 4732  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:58:45.0750 4732  cd20xrnt - ok
19:58:45.0781 4732  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:58:45.0781 4732  Cdaudio - ok
19:58:45.0828 4732  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:58:45.0843 4732  Cdfs - ok
19:58:45.0859 4732  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:58:45.0859 4732  Cdrom - ok
19:58:45.0875 4732  Changer - ok
19:58:45.0906 4732  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:58:45.0906 4732  CiSvc - ok
19:58:45.0921 4732  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:58:45.0921 4732  ClipSrv - ok
19:58:45.0968 4732  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:58:46.0046 4732  clr_optimization_v2.0.50727_32 - ok
19:58:46.0109 4732  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:58:46.0109 4732  clr_optimization_v4.0.30319_32 - ok
19:58:46.0125 4732  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:58:46.0125 4732  CmBatt - ok
19:58:46.0140 4732  [ C687F81290303D90099B027A6474F99F ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:58:46.0140 4732  CmdIde - ok
19:58:46.0140 4732  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:58:46.0140 4732  Compbatt - ok
19:58:46.0156 4732  COMSysApp - ok
19:58:46.0171 4732  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:58:46.0171 4732  Cpqarray - ok
19:58:46.0187 4732  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:58:46.0187 4732  CryptSvc - ok
19:58:46.0250 4732  [ F054744F67576A01139885173392502B ] CrystalSysInfo  C:\Programme\MediaCoder PMP Edition\SysInfo.sys
19:58:46.0250 4732  CrystalSysInfo - ok
19:58:46.0296 4732  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\WINDOWS\system32\DRIVERS\CVirtA.sys
19:58:46.0296 4732  CVirtA - ok
19:58:46.0421 4732  [ 52CE186247CA74EE01F0742AA6609A30 ] CVPND           C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
19:58:46.0468 4732  CVPND - ok
19:58:46.0515 4732  [ 57310C245810B26E378DE9E6B22DB598 ] CVPNDRVA        C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
19:58:46.0515 4732  CVPNDRVA - ok
19:58:46.0562 4732  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:58:46.0562 4732  dac2w2k - ok
19:58:46.0578 4732  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:58:46.0578 4732  dac960nt - ok
19:58:46.0640 4732  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:58:46.0640 4732  DcomLaunch - ok
19:58:46.0687 4732  [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv        C:\WINDOWS\system32\drivers\dgderdrv.sys
19:58:46.0687 4732  dgderdrv - ok
19:58:46.0718 4732  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:58:46.0734 4732  Dhcp - ok
19:58:46.0750 4732  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:58:46.0750 4732  Disk - ok
19:58:46.0875 4732  [ 0711D2E0F17B31E537B2770A618DA41F ] Diskeeper       C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
19:58:46.0890 4732  Diskeeper - ok
19:58:46.0968 4732  [ 35CBC02546335EA41A5D516DA6626C8A ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:58:46.0968 4732  DLABOIOM - ok
19:58:46.0968 4732  [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:58:46.0968 4732  DLACDBHM - ok
19:58:46.0984 4732  [ 2104649B0B79B9F30122C545CBA0C655 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
19:58:46.0984 4732  DLADResN - ok
19:58:47.0000 4732  [ E4859CA5BD8412A9A60D62067A653522 ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:58:47.0015 4732  DLAIFS_M - ok
19:58:47.0031 4732  [ 20C24A3D1CF0825487C93F806625805E ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:58:47.0031 4732  DLAOPIOM - ok
19:58:47.0046 4732  [ 8A530DA5DC81954BCF1966813F699B49 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:58:47.0046 4732  DLAPoolM - ok
19:58:47.0062 4732  [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
19:58:47.0062 4732  DLARTL_N - ok
19:58:47.0062 4732  [ 7EDA68AF6A91BF64AF6F301E39928EBF ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:58:47.0062 4732  DLAUDFAM - ok
19:58:47.0078 4732  [ A18423BBC6D92B01FDF3C51E7510EE70 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:58:47.0078 4732  DLAUDF_M - ok
19:58:47.0093 4732  dmadmin - ok
19:58:47.0140 4732  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:58:47.0156 4732  dmboot - ok
19:58:47.0187 4732  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:58:47.0187 4732  dmio - ok
19:58:47.0218 4732  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:58:47.0250 4732  dmload - ok
19:58:47.0265 4732  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:58:47.0265 4732  dmserver - ok
19:58:47.0296 4732  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:58:47.0312 4732  DMusic - ok
19:58:47.0343 4732  [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE             C:\WINDOWS\system32\DRIVERS\dne2000.sys
19:58:47.0343 4732  DNE - ok
19:58:47.0390 4732  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:58:47.0390 4732  Dnscache - ok
19:58:47.0437 4732  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:58:47.0437 4732  Dot3svc - ok
19:58:47.0468 4732  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:58:47.0468 4732  dpti2o - ok
19:58:47.0484 4732  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:58:47.0484 4732  drmkaud - ok
19:58:47.0484 4732  [ 48C7008D23DCFCE0D0232F49307EFCED ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:58:47.0484 4732  DRVMCDB - ok
19:58:47.0515 4732  [ 05467E44A42C777DD1534BB4539B16D1 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:58:47.0515 4732  DRVNDDM - ok
19:58:47.0531 4732  [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:58:47.0531 4732  E100B - ok
19:58:47.0562 4732  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:58:47.0562 4732  EapHost - ok
19:58:47.0578 4732  [ 2D0FC676D159525F6CD74C3302C7A61C ] EGATHDRV        C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
19:58:47.0578 4732  EGATHDRV - ok
19:58:47.0609 4732  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:58:47.0609 4732  ERSvc - ok
19:58:47.0656 4732  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
19:58:47.0656 4732  Eventlog - ok
19:58:47.0703 4732  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
19:58:47.0718 4732  EventSystem - ok
19:58:47.0781 4732  [ 6A197698A141FFE7651B962AE3172008 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
19:58:47.0796 4732  EvtEng - ok
19:58:47.0859 4732  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:58:47.0859 4732  Fastfat - ok
19:58:47.0890 4732  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:58:47.0906 4732  FastUserSwitchingCompatibility - ok
19:58:47.0921 4732  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:58:47.0921 4732  Fdc - ok
19:58:47.0937 4732  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:58:47.0937 4732  Fips - ok
19:58:47.0953 4732  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:58:47.0953 4732  Flpydisk - ok
19:58:48.0000 4732  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:58:48.0000 4732  FltMgr - ok
19:58:48.0109 4732  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:58:48.0125 4732  FontCache3.0.0.0 - ok
19:58:48.0156 4732  [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk     C:\WINDOWS\system32\FsUsbExDisk.SYS
19:58:48.0156 4732  FsUsbExDisk - ok
19:58:48.0187 4732  [ 15AB846886C225FFF0376F3CEF21188F ] FsUsbExService  C:\WINDOWS\system32\FsUsbExService.Exe
19:58:48.0187 4732  FsUsbExService - ok
19:58:48.0234 4732  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:58:48.0234 4732  Fs_Rec - ok
19:58:48.0265 4732  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:58:48.0265 4732  Ftdisk - ok
19:58:48.0312 4732  [ 33D00F8CB70AC5F7A8101F79D5273615 ] G400            C:\WINDOWS\system32\DRIVERS\G400m.sys
19:58:48.0312 4732  G400 - ok
19:58:48.0359 4732  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:58:48.0359 4732  GEARAspiWDM - ok
19:58:48.0406 4732  [ 35A1F815962F3552066C6BE4C969D297 ] getPlus(R) Helper C:\Programme\NOS\bin\getPlus_HelperSvc.exe
19:58:48.0406 4732  getPlus(R) Helper - ok
19:58:48.0437 4732  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:58:48.0437 4732  Gpc - ok
19:58:48.0546 4732  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
19:58:48.0546 4732  gupdate - ok
19:58:48.0562 4732  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
19:58:48.0562 4732  gupdatem - ok
19:58:48.0625 4732  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
19:58:48.0625 4732  gusvc - ok
19:58:48.0671 4732  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:58:48.0671 4732  HDAudBus - ok
19:58:48.0796 4732  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:58:48.0796 4732  helpsvc - ok
19:58:48.0796 4732  HidServ - ok
19:58:48.0812 4732  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:58:48.0828 4732  HidUsb - ok
19:58:48.0890 4732  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:58:48.0890 4732  hkmsvc - ok
19:58:48.0953 4732  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
19:58:48.0953 4732  hpn - ok
19:58:49.0015 4732  [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:58:49.0031 4732  HPZid412 - ok
19:58:49.0093 4732  [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:58:49.0093 4732  HPZipr12 - ok
19:58:49.0125 4732  [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:58:49.0125 4732  HPZius12 - ok
19:58:49.0203 4732  [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:58:49.0203 4732  HSFHWAZL - ok
19:58:49.0359 4732  [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:58:49.0390 4732  HSF_DPV - ok
19:58:49.0437 4732  [ 3AF45F5B4157C88FFAE24D89BA408302 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
19:58:49.0437 4732  HSXHWAZL - ok
19:58:49.0484 4732  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:58:49.0500 4732  HTTP - ok
19:58:49.0546 4732  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:58:49.0546 4732  HTTPFilter - ok
19:58:49.0562 4732  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
19:58:49.0562 4732  i2omgmt - ok
19:58:49.0593 4732  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:58:49.0593 4732  i2omp - ok
19:58:49.0640 4732  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:58:49.0640 4732  i8042prt - ok
19:58:49.0953 4732  [ 06B71441957B48A4866DE2FE27CB79C8 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:58:50.0078 4732  ialm - ok
19:58:50.0156 4732  [ 865FEC2D85069FD180EA75049829A7A2 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
19:58:50.0156 4732  iaStor - ok
19:58:50.0203 4732  [ BF648877413F6160E480814A24942B65 ] IBMPMDRV        C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
19:58:50.0203 4732  IBMPMDRV - ok
19:58:50.0203 4732  [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC        C:\WINDOWS\system32\ibmpmsvc.exe
19:58:50.0218 4732  IBMPMSVC - ok
19:58:50.0218 4732  [ BFC9F3ADAAD74E13F9CE16C8BD336F95 ] IBMTPCHK        C:\WINDOWS\system32\Drivers\IBMBLDID.sys
19:58:50.0234 4732  IBMTPCHK - ok
19:58:50.0312 4732  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:58:50.0312 4732  IDriverT - ok
19:58:50.0421 4732  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:58:50.0437 4732  idsvc - ok
19:58:50.0453 4732  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:58:50.0453 4732  Imapi - ok
19:58:50.0562 4732  [ 1ACAD13923E467E473C3EC503223F983 ] Imapi Helper    D:\Programme\Alex Feinman\ISO Recorder\ImapiHelper.exe
19:58:50.0578 4732  Imapi Helper - ok
19:58:50.0625 4732  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:58:50.0640 4732  ImapiService - ok
19:58:50.0671 4732  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:58:50.0671 4732  ini910u - ok
19:58:50.0703 4732  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
19:58:50.0703 4732  IntelIde - ok
19:58:50.0734 4732  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:58:50.0734 4732  intelppm - ok
19:58:50.0750 4732  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:58:50.0765 4732  Ip6Fw - ok
19:58:50.0765 4732  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:58:50.0765 4732  IpFilterDriver - ok
19:58:50.0796 4732  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:58:50.0796 4732  IpInIp - ok
19:58:50.0843 4732  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:58:50.0843 4732  IpNat - ok
19:58:50.0953 4732  [ 49918803B661367023BF325CF602AFDC ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
19:58:50.0968 4732  iPod Service - ok
19:58:51.0000 4732  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:58:51.0000 4732  IPSec - ok
19:58:51.0031 4732  [ 4D1D3B3644737746FB98C4D272FB4A86 ] IPSSVC          C:\WINDOWS\system32\IPSSVC.EXE
19:58:51.0046 4732  IPSSVC - ok
19:58:51.0046 4732  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:58:51.0046 4732  IRENUM - ok
19:58:51.0078 4732  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:58:51.0078 4732  isapnp - ok
19:58:51.0093 4732  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:58:51.0093 4732  Kbdclass - ok
19:58:51.0109 4732  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:58:51.0109 4732  kmixer - ok
19:58:51.0156 4732  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:58:51.0156 4732  KSecDD - ok
19:58:51.0203 4732  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:58:51.0218 4732  lanmanserver - ok
19:58:51.0250 4732  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:58:51.0250 4732  lanmanworkstation - ok
19:58:51.0265 4732  lbrtfdc - ok
19:58:51.0296 4732  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:58:51.0312 4732  LmHosts - ok
19:58:51.0343 4732  [ D5673785903639D186DC345FF86F423F ] massfilter      C:\WINDOWS\system32\drivers\massfilter.sys
19:58:51.0343 4732  massfilter - ok
19:58:51.0375 4732  [ 38BFA8FA6D838CBAB58A1C2B49EBF96B ] massfilter_hs   C:\WINDOWS\system32\drivers\massfilter_hs.sys
19:58:51.0375 4732  massfilter_hs - ok
19:58:51.0437 4732  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
19:58:51.0453 4732  MDM - ok
19:58:51.0484 4732  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:58:51.0484 4732  mdmxsdk - ok
19:58:51.0515 4732  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:58:51.0515 4732  Messenger - ok
19:58:51.0546 4732  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:58:51.0546 4732  mnmdd - ok
19:58:51.0593 4732  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:58:51.0593 4732  mnmsrvc - ok
19:58:51.0625 4732  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:58:51.0640 4732  Modem - ok
19:58:51.0671 4732  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:58:51.0671 4732  Mouclass - ok
19:58:51.0718 4732  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:58:51.0718 4732  mouhid - ok
19:58:51.0750 4732  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:58:51.0750 4732  MountMgr - ok
19:58:51.0828 4732  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:58:51.0828 4732  MozillaMaintenance - ok
19:58:51.0859 4732  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:58:51.0859 4732  mraid35x - ok
19:58:51.0906 4732  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:58:51.0906 4732  MRxDAV - ok
19:58:51.0953 4732  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:58:51.0968 4732  MRxSmb - ok
19:58:51.0984 4732  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:58:51.0984 4732  MSDTC - ok
19:58:52.0000 4732  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:58:52.0015 4732  Msfs - ok
19:58:52.0015 4732  MSIServer - ok
19:58:52.0046 4732  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:58:52.0046 4732  MSKSSRV - ok
19:58:52.0062 4732  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:58:52.0062 4732  MSPCLOCK - ok
19:58:52.0078 4732  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:58:52.0078 4732  MSPQM - ok
19:58:52.0109 4732  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:58:52.0109 4732  mssmbios - ok
19:58:52.0140 4732  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:58:52.0140 4732  MSTEE - ok
19:58:52.0171 4732  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:58:52.0187 4732  Mup - ok
19:58:52.0203 4732  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:58:52.0203 4732  NABTSFEC - ok
19:58:52.0250 4732  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:58:52.0265 4732  napagent - ok
19:58:52.0296 4732  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:58:52.0296 4732  NDIS - ok
19:58:52.0328 4732  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:58:52.0328 4732  NdisIP - ok
19:58:52.0359 4732  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:58:52.0359 4732  NdisTapi - ok
19:58:52.0375 4732  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:58:52.0375 4732  Ndisuio - ok
19:58:52.0390 4732  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:58:52.0390 4732  NdisWan - ok
19:58:52.0421 4732  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:58:52.0421 4732  NDProxy - ok
19:58:52.0546 4732  [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
19:58:52.0578 4732  Nero BackItUp Scheduler 4.0 - ok
19:58:52.0625 4732  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:58:52.0625 4732  NetBIOS - ok
19:58:52.0656 4732  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:58:52.0656 4732  NetBT - ok
19:58:52.0687 4732  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:58:52.0703 4732  NetDDE - ok
19:58:52.0703 4732  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:58:52.0703 4732  NetDDEdsdm - ok
19:58:52.0734 4732  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:58:52.0734 4732  Netlogon - ok
19:58:52.0765 4732  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
19:58:52.0781 4732  Netman - ok
19:58:52.0828 4732  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:58:52.0843 4732  NetTcpPortSharing - ok
19:58:52.0937 4732  [ E2F396F71A793A04839DBB6AF304A026 ] NETw3x32        C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
19:58:52.0984 4732  NETw3x32 - ok
19:58:53.0015 4732  [ E5364C06AAFA180CE35018D40FCACAD5 ] nhcDriverDevice C:\WINDOWS\system32\drivers\nhcDriver.sys
19:58:53.0031 4732  nhcDriverDevice - ok
19:58:53.0046 4732  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:58:53.0046 4732  NIC1394 - ok
19:58:53.0078 4732  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:58:53.0093 4732  Nla - ok
19:58:53.0109 4732  [ 25D6B2EB0A1FC4AB413AFE7EC4793EC1 ] nosGetPlusHelper C:\Programme\NOS\bin\getPlus_Helper_3004.dll
19:58:53.0125 4732  nosGetPlusHelper - ok
19:58:53.0156 4732  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:58:53.0156 4732  Npfs - ok
19:58:53.0203 4732  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:58:53.0218 4732  Ntfs - ok
19:58:53.0218 4732  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:58:53.0218 4732  NtLmSsp - ok
19:58:53.0281 4732  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:58:53.0296 4732  NtmsSvc - ok
19:58:53.0328 4732  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:58:53.0328 4732  Null - ok
19:58:53.0421 4732  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:58:53.0468 4732  nv - ok
19:58:53.0500 4732  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:58:53.0500 4732  NwlnkFlt - ok
19:58:53.0515 4732  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:58:53.0515 4732  NwlnkFwd - ok
19:58:53.0593 4732  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
19:58:53.0609 4732  odserv - ok
19:58:53.0640 4732  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:58:53.0640 4732  ohci1394 - ok
19:58:53.0703 4732  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
19:58:53.0703 4732  ose - ok
19:58:53.0718 4732  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:58:53.0734 4732  Parport - ok
19:58:53.0750 4732  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:58:53.0750 4732  PartMgr - ok
19:58:53.0781 4732  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:58:53.0781 4732  ParVdm - ok
19:58:53.0781 4732  PcdrNdisuio - ok
19:58:53.0828 4732  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:58:53.0828 4732  PCI - ok
19:58:53.0843 4732  PCIDump - ok
19:58:53.0859 4732  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:58:53.0859 4732  PCIIde - ok
19:58:53.0937 4732  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:58:53.0937 4732  Pcmcia - ok
19:58:53.0937 4732  PDCOMP - ok
19:58:53.0953 4732  PDFRAME - ok
19:58:53.0953 4732  PDRELI - ok
19:58:53.0968 4732  PDRFRAME - ok
19:58:53.0984 4732  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
19:58:53.0984 4732  perc2 - ok
19:58:54.0015 4732  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:58:54.0015 4732  perc2hib - ok
19:58:54.0062 4732  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
19:58:54.0078 4732  PLFlash DeviceIoControl Service - ok
19:58:54.0093 4732  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
19:58:54.0093 4732  PlugPlay - ok
19:58:54.0109 4732  [ DEDEF40E1D05842639491365CB2C069E ] pmem            C:\WINDOWS\System32\drivers\pmemnt.sys
19:58:54.0109 4732  pmem - ok
19:58:54.0203 4732  [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
19:58:54.0203 4732  Pml Driver HPZ12 - ok
19:58:54.0218 4732  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:58:54.0234 4732  PolicyAgent - ok
19:58:54.0250 4732  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:58:54.0250 4732  PptpMiniport - ok
19:58:54.0281 4732  [ 7E8BE4D11F5AC1E5CAE42719A7230508 ] PQNTDrv         C:\WINDOWS\system32\drivers\PQNTDrv.sys
19:58:54.0281 4732  PQNTDrv - ok
19:58:54.0359 4732  [ EBE579425CCB8377BFC7C0B50C05EB56 ] PrivateDisk     C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
19:58:54.0375 4732  PrivateDisk - ok
19:58:54.0406 4732  [ 6F9E6E874FD74EE6DD0BBECDE9D3F795 ] PROCDD          C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
19:58:54.0406 4732  PROCDD - ok
19:58:54.0421 4732  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
19:58:54.0421 4732  Processor - ok
19:58:54.0437 4732  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:58:54.0437 4732  ProtectedStorage - ok
19:58:54.0453 4732  [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd           C:\WINDOWS\system32\DRIVERS\psadd.sys
19:58:54.0453 4732  psadd - ok
19:58:54.0453 4732  PsaSrv - ok
19:58:54.0484 4732  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:58:54.0484 4732  PSched - ok
19:58:54.0531 4732  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:58:54.0531 4732  Ptilink - ok
19:58:54.0562 4732  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:58:54.0562 4732  PxHelp20 - ok
19:58:54.0578 4732  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:58:54.0578 4732  ql1080 - ok
19:58:54.0609 4732  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:58:54.0609 4732  Ql10wnt - ok
19:58:54.0625 4732  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:58:54.0625 4732  ql12160 - ok
19:58:54.0640 4732  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:58:54.0640 4732  ql1240 - ok
19:58:54.0671 4732  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:58:54.0687 4732  ql1280 - ok
19:58:54.0687 4732  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:58:54.0687 4732  RasAcd - ok
19:58:54.0718 4732  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:58:54.0765 4732  RasAuto - ok
19:58:54.0812 4732  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:58:54.0812 4732  Rasl2tp - ok
19:58:54.0875 4732  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:58:54.0890 4732  RasMan - ok
19:58:54.0953 4732  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:58:54.0984 4732  RasPppoe - ok
19:58:54.0984 4732  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:58:54.0984 4732  Raspti - ok
19:58:55.0015 4732  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:58:55.0031 4732  Rdbss - ok
19:58:55.0062 4732  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:58:55.0062 4732  RDPCDD - ok
19:58:55.0109 4732  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:58:55.0109 4732  rdpdr - ok
19:58:55.0171 4732  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:58:55.0171 4732  RDPWD - ok
19:58:55.0218 4732  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:58:55.0218 4732  RDSessMgr - ok
19:58:55.0234 4732  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:58:55.0234 4732  redbook - ok
19:58:55.0281 4732  [ D8F61AAAE73A1FBDE6F538BECC891F2F ] RegSrvc         C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
19:58:55.0296 4732  RegSrvc - ok
19:58:55.0328 4732  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:58:55.0328 4732  RemoteAccess - ok
19:58:55.0359 4732  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:58:55.0359 4732  RemoteRegistry - ok
19:58:55.0390 4732  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:58:55.0390 4732  RpcLocator - ok
19:58:55.0421 4732  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:58:55.0421 4732  RpcSs - ok
19:58:55.0468 4732  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:58:55.0468 4732  RSVP - ok
19:58:55.0515 4732  [ 25F697E3AFA7B337BBCADDBCE38E6934 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
19:58:55.0546 4732  S24EventMonitor - ok
19:58:55.0562 4732  [ 2862ADB14481AC28F98105FF33A99EB0 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:58:55.0562 4732  s24trans - ok
19:58:55.0593 4732  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:58:55.0593 4732  SamSs - ok
19:58:55.0640 4732  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:58:55.0640 4732  SCardSvr - ok
19:58:55.0703 4732  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:58:55.0703 4732  Schedule - ok
19:58:55.0750 4732  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:58:55.0750 4732  Secdrv - ok
19:58:55.0796 4732  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:58:55.0796 4732  seclogon - ok
19:58:55.0828 4732  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
19:58:55.0828 4732  SENS - ok
19:58:55.0906 4732  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:58:55.0906 4732  serenum - ok
19:58:55.0937 4732  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:58:55.0937 4732  Serial - ok
19:58:55.0984 4732  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:58:55.0984 4732  Sfloppy - ok
19:58:56.0078 4732  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:58:56.0093 4732  SharedAccess - ok
19:58:56.0125 4732  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:58:56.0125 4732  ShellHWDetection - ok
19:58:56.0156 4732  [ 1A9B76C8E0D77BCACA24FDF36781B59D ] ShockMgr        C:\WINDOWS\system32\drivers\ShockMgr.sys
19:58:56.0156 4732  ShockMgr - ok
19:58:56.0171 4732  [ CB0C065AF3AC9AC307408EA021CDD20E ] Shockprf        C:\WINDOWS\system32\drivers\Shockprf.sys
19:58:56.0171 4732  Shockprf - ok
19:58:56.0187 4732  Simbad - ok
19:58:56.0203 4732  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:58:56.0203 4732  sisagp - ok
19:58:56.0281 4732  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
19:58:56.0296 4732  SkypeUpdate - ok
19:58:56.0328 4732  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:58:56.0328 4732  SLIP - ok
19:58:56.0343 4732  [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint         C:\WINDOWS\system32\drivers\Smapint.sys
19:58:56.0343 4732  Smapint - ok
19:58:56.0375 4732  [ 3BA9D0C8A0FBD9FB4029B6CD87C8CE0B ] smi2            C:\Programme\SMI2\smi2.sys
19:58:56.0375 4732  smi2 - ok
19:58:56.0406 4732  [ 01A4388E45BA272082BFC35B0C8DBF8A ] smihlp          C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys
19:58:56.0406 4732  smihlp - ok
19:58:56.0484 4732  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:58:56.0515 4732  SONYPVU1 - ok
19:58:56.0578 4732  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:58:56.0593 4732  Sparrow - ok
19:58:56.0656 4732  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:58:56.0687 4732  splitter - ok
19:58:56.0750 4732  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:58:56.0765 4732  Spooler - ok
19:58:56.0828 4732  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:58:56.0859 4732  sr - ok
19:58:56.0937 4732  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:58:56.0984 4732  srservice - ok
19:58:57.0078 4732  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:58:57.0109 4732  Srv - ok
19:58:57.0140 4732  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:58:57.0156 4732  SSDPSRV - ok
19:58:57.0187 4732  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:58:57.0203 4732  ssmdrv - ok
19:58:57.0312 4732  [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
19:58:57.0343 4732  StillCam - ok
19:58:57.0515 4732  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:58:58.0781 4732  stisvc - ok
19:58:58.0843 4732  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:58:58.0875 4732  streamip - ok
19:58:59.0203 4732  [ F1262146970C5B73159E3727ACDE8278 ] SUService       c:\programme\lenovo\system update\suservice.exe
19:58:59.0203 4732  SUService - ok
19:58:59.0234 4732  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:58:59.0234 4732  swenum - ok
19:58:59.0281 4732  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:58:59.0281 4732  swmidi - ok
19:58:59.0296 4732  SwPrv - ok
19:58:59.0421 4732  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
19:58:59.0468 4732  symc810 - ok
19:58:59.0546 4732  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:58:59.0578 4732  symc8xx - ok
19:58:59.0593 4732  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:58:59.0609 4732  sym_hi - ok
19:58:59.0640 4732  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:58:59.0656 4732  sym_u3 - ok
19:58:59.0750 4732  [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:58:59.0781 4732  SynTP - ok
19:58:59.0843 4732  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:58:59.0859 4732  sysaudio - ok
19:58:59.0984 4732  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:59:00.0062 4732  SysmonLog - ok
19:59:00.0140 4732  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:59:00.0187 4732  TapiSrv - ok
19:59:00.0281 4732  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:59:00.0343 4732  Tcpip - ok
19:59:00.0406 4732  [ FC6FE02F400308606A911640E72326B5 ] TcUsb           C:\WINDOWS\system32\Drivers\tcusb.sys
19:59:00.0421 4732  TcUsb - ok
19:59:00.0500 4732  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:59:00.0515 4732  TDPIPE - ok
19:59:00.0546 4732  [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI         C:\WINDOWS\system32\drivers\TDSMAPI.SYS
19:59:00.0562 4732  TDSMAPI - ok
19:59:00.0656 4732  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:59:00.0671 4732  TDTCP - ok
19:59:00.0703 4732  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:59:00.0734 4732  TermDD - ok
19:59:00.0843 4732  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:59:00.0968 4732  TermService - ok
19:59:01.0156 4732  [ 8F14DE79EBE73D6D717B8455E64DDA86 ] TGCM_ImportWiFiSvc C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
19:59:01.0203 4732  TGCM_ImportWiFiSvc - ok
19:59:01.0250 4732  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:59:01.0250 4732  Themes - ok
19:59:01.0359 4732  [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
19:59:01.0390 4732  ThinkVantage Registry Monitor Service - ok
19:59:01.0437 4732  [ E27982D1C30AE1DD7EB8EB5CAF8D20C6 ] tidnet          C:\WINDOWS\system32\DRIVERS\tidnet.sys
19:59:01.0437 4732  tidnet - ok
19:59:01.0484 4732  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:59:01.0484 4732  TlntSvr - ok
19:59:01.0515 4732  [ D213A9247DC347F305A2D4CC9B951487 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
19:59:01.0515 4732  TosIde - ok
19:59:01.0562 4732  [ A3552782E8D402F3AA513765D93C852D ] TPHDEXLGSVC     C:\WINDOWS\system32\TPHDEXLG.EXE
19:59:01.0562 4732  TPHDEXLGSVC - ok
19:59:01.0578 4732  [ 29F3601D4233A53F819010FEE8C04A60 ] TPHKDRV         C:\WINDOWS\system32\drivers\TPHKDRV.sys
19:59:01.0578 4732  TPHKDRV - ok
19:59:01.0593 4732  [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC        C:\WINDOWS\system32\TpKmpSVC.exe
19:59:01.0609 4732  TpKmpSVC - ok
19:59:01.0640 4732  [ 44672DE6CEA9569C21C4B7A8D2560750 ] TPPWRIF         C:\WINDOWS\system32\drivers\Tppwrif.sys
19:59:01.0640 4732  TPPWRIF - ok
19:59:01.0687 4732  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:59:01.0687 4732  TrkWks - ok
19:59:01.0703 4732  [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP         C:\WINDOWS\system32\drivers\TSMAPIP.SYS
19:59:01.0703 4732  TSMAPIP - ok
19:59:01.0796 4732  [ CF3BC148A6979BCF5AF8591E687C1390 ] TSSCoreService  C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
19:59:01.0812 4732  TSSCoreService - ok
19:59:02.0031 4732  [ EC38192F2F5361B48BC387C2DB337264 ] TVT Backup Service C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
19:59:02.0078 4732  TVT Backup Service - ok
19:59:02.0171 4732  [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler   C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
19:59:02.0203 4732  TVT Scheduler - ok
19:59:02.0218 4732  [ DD957007DF98AECFFAAA2656D4B981E4 ] tvtfilter       C:\WINDOWS\system32\drivers\tvtfilter.sys
19:59:02.0218 4732  tvtfilter - ok
19:59:02.0234 4732  [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk        C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
19:59:02.0234 4732  tvtnetwk - ok
19:59:02.0281 4732  [ 0727CCE3FF1A4446F4A1D507361567AB ] TVTPktFilter    C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
19:59:02.0281 4732  TVTPktFilter - ok
19:59:02.0328 4732  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:59:02.0328 4732  Udfs - ok
19:59:02.0390 4732  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
19:59:02.0390 4732  ultra - ok
19:59:02.0468 4732  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:59:02.0468 4732  Update - ok
19:59:02.0546 4732  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:59:02.0546 4732  upnphost - ok
19:59:02.0593 4732  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
19:59:02.0593 4732  UPS - ok
19:59:02.0671 4732  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
19:59:02.0687 4732  USBAAPL - ok
19:59:02.0734 4732  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:59:02.0734 4732  usbccgp - ok
19:59:02.0765 4732  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:59:02.0765 4732  usbehci - ok
19:59:02.0781 4732  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:59:02.0781 4732  usbhub - ok
19:59:02.0812 4732  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:59:02.0812 4732  usbprint - ok
19:59:02.0828 4732  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:59:02.0828 4732  usbscan - ok
19:59:02.0875 4732  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:59:02.0875 4732  USBSTOR - ok
19:59:02.0921 4732  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:59:02.0921 4732  usbuhci - ok
19:59:02.0953 4732  [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:59:02.0953 4732  usb_rndisx - ok
19:59:02.0968 4732  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:59:02.0968 4732  VgaSave - ok
19:59:03.0015 4732  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:59:03.0015 4732  viaagp - ok
19:59:03.0046 4732  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
19:59:03.0046 4732  ViaIde - ok
19:59:03.0062 4732  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:59:03.0062 4732  VolSnap - ok
19:59:03.0125 4732  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:59:03.0125 4732  VSS - ok
19:59:03.0156 4732  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
19:59:03.0156 4732  W32Time - ok
19:59:03.0171 4732  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:59:03.0171 4732  Wanarp - ok
19:59:03.0218 4732  [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:59:03.0218 4732  wceusbsh - ok
19:59:03.0375 4732  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
19:59:03.0390 4732  Wdf01000 - ok
19:59:03.0390 4732  WDICA - ok
19:59:03.0421 4732  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:59:03.0421 4732  wdmaud - ok
19:59:03.0453 4732  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:59:03.0453 4732  WebClient - ok
19:59:03.0578 4732  [ 307D248F97835B6879BDD361086924FE ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:59:03.0593 4732  winachsf - ok
19:59:03.0687 4732  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:59:03.0687 4732  winmgmt - ok
19:59:03.0781 4732  [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
19:59:03.0812 4732  WinRM - ok
19:59:03.0890 4732  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:59:03.0890 4732  WmdmPmSN - ok
19:59:03.0953 4732  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:59:03.0968 4732  Wmi - ok
19:59:03.0984 4732  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:59:04.0000 4732  WmiApSrv - ok
19:59:04.0093 4732  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
19:59:04.0125 4732  WMPNetworkSvc - ok
19:59:04.0156 4732  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:59:04.0156 4732  WpdUsb - ok
19:59:04.0343 4732  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:59:04.0359 4732  WPFFontCache_v0400 - ok
19:59:04.0406 4732  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:59:04.0406 4732  WS2IFSL - ok
19:59:04.0437 4732  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:59:04.0453 4732  wscsvc - ok
19:59:04.0453 4732  WSearch - ok
19:59:04.0484 4732  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:59:04.0484 4732  WSTCODEC - ok
19:59:04.0500 4732  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:59:04.0515 4732  wuauserv - ok
19:59:04.0546 4732  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:59:04.0546 4732  WudfPf - ok
19:59:04.0562 4732  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:59:04.0578 4732  WudfRd - ok
19:59:04.0593 4732  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:59:04.0593 4732  WudfSvc - ok
19:59:04.0671 4732  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:59:04.0687 4732  WZCSVC - ok
19:59:04.0718 4732  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:59:04.0718 4732  xmlprov - ok
19:59:04.0750 4732  [ D2D4D14C65053BDBC0CF83C7407EAD8A ] ZSMC301b        C:\WINDOWS\system32\Drivers\usbVM31b.sys
19:59:04.0750 4732  ZSMC301b - ok
19:59:04.0781 4732  [ 4DFA2777DC76E011320522D94C0D0EC3 ] ZTEusbmdm6k     C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
19:59:04.0781 4732  ZTEusbmdm6k - ok
19:59:04.0812 4732  [ 4DFA2777DC76E011320522D94C0D0EC3 ] ZTEusbnmea      C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
19:59:04.0828 4732  ZTEusbnmea - ok
19:59:04.0875 4732  [ 4DFA2777DC76E011320522D94C0D0EC3 ] ZTEusbser6k     C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
19:59:04.0890 4732  ZTEusbser6k - ok
19:59:04.0906 4732  ================ Scan global ===============================
19:59:04.0953 4732  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:59:05.0031 4732  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:59:05.0046 4732  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:59:05.0109 4732  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:59:05.0109 4732  [Global] - ok
19:59:05.0109 4732  ================ Scan MBR ==================================
19:59:05.0125 4732  [ 926B0FAF60CA969911C71DFD61906C0D ] \Device\Harddisk0\DR0
19:59:05.0375 4732  \Device\Harddisk0\DR0 - ok
19:59:05.0375 4732  ================ Scan VBR ==================================
19:59:05.0375 4732  [ 8994BF400235F8CD32E7932E446B6915 ] \Device\Harddisk0\DR0\Partition1
19:59:05.0375 4732  \Device\Harddisk0\DR0\Partition1 - ok
19:59:05.0390 4732  [ BC56DC2ABE7BB5886C98D1C27E525954 ] \Device\Harddisk0\DR0\Partition2
19:59:05.0390 4732  \Device\Harddisk0\DR0\Partition2 - ok
19:59:05.0390 4732  ============================================================
19:59:05.0390 4732  Scan finished
19:59:05.0390 4732  ============================================================
19:59:05.0406 5016  Detected object count: 0
19:59:05.0406 5016  Actual detected object count: 0
19:59:27.0671 4664  ============================================================
19:59:27.0671 4664  Scan started
19:59:27.0671 4664  Mode: Manual; SigCheck; TDLFS; 
19:59:27.0671 4664  ============================================================
19:59:28.0187 4664  ================ Scan system memory ========================
19:59:28.0187 4664  System memory - ok
19:59:28.0187 4664  ================ Scan services =============================
19:59:28.0359 4664  Abiosdsk - ok
19:59:28.0375 4664  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:59:29.0593 4664  abp480n5 - ok
19:59:29.0656 4664  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
19:59:29.0781 4664  ac97intc - ok
19:59:29.0828 4664  [ A6FE70357A68AD1E279CD1012419CCE6 ] acedrv11        C:\WINDOWS\system32\drivers\acedrv11.sys
19:59:29.0859 4664  acedrv11 - ok
19:59:29.0906 4664  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:59:30.0031 4664  ACPI - ok
19:59:30.0031 4664  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:59:30.0156 4664  ACPIEC - ok
19:59:30.0296 4664  [ EEB7649C2C32EFD155B7A239A2F82868 ] AcPrfMgrSvc     C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
19:59:30.0296 4664  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
19:59:30.0296 4664  AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
19:59:30.0328 4664  [ 0A3556CAF497833FD0D3214FC125D7B7 ] AcSvc           C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
19:59:30.0343 4664  AcSvc ( UnsignedFile.Multi.Generic ) - warning
19:59:30.0343 4664  AcSvc - detected UnsignedFile.Multi.Generic (1)
19:59:30.0390 4664  [ 66614B9FDC7E74AB736A84D89F7B06B6 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:59:30.0468 4664  ADIHdAudAddService - ok
19:59:30.0531 4664  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:59:30.0546 4664  AdobeFlashPlayerUpdateSvc - ok
19:59:30.0578 4664  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:59:30.0703 4664  adpu160m - ok
19:59:30.0718 4664  [ 03BE587E90C8B37C7FF1FE2E9C1D1C90 ] AEAudioService  C:\WINDOWS\system32\drivers\AEAudio.sys
19:59:30.0734 4664  AEAudioService - ok
19:59:30.0750 4664  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:59:30.0875 4664  aec - ok
19:59:30.0921 4664  [ 15E655BAA989444F56787EF558823643 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:59:30.0937 4664  AegisP ( UnsignedFile.Multi.Generic ) - warning
19:59:30.0937 4664  AegisP - detected UnsignedFile.Multi.Generic (1)
19:59:30.0984 4664  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:59:31.0078 4664  AFD - ok
19:59:31.0109 4664  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
19:59:31.0234 4664  agp440 - ok
19:59:31.0250 4664  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:59:31.0375 4664  agpCPQ - ok
19:59:31.0437 4664  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:59:31.0500 4664  Aha154x - ok
19:59:31.0515 4664  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:59:31.0625 4664  aic78u2 - ok
19:59:31.0640 4664  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:59:31.0781 4664  aic78xx - ok
19:59:31.0828 4664  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:59:31.0921 4664  Alerter - ok
19:59:31.0953 4664  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
19:59:32.0046 4664  ALG - ok
19:59:32.0093 4664  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
19:59:32.0218 4664  AliIde - ok
19:59:32.0234 4664  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:59:32.0343 4664  alim1541 - ok
19:59:32.0359 4664  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:59:32.0468 4664  amdagp - ok
19:59:32.0484 4664  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
19:59:32.0546 4664  amsint - ok
19:59:32.0578 4664  [ 11AB185A7AF224800BBFB5B836974A17 ] ANC             C:\WINDOWS\system32\drivers\ANC.SYS
19:59:32.0593 4664  ANC ( UnsignedFile.Multi.Generic ) - warning
19:59:32.0593 4664  ANC - detected UnsignedFile.Multi.Generic (1)
19:59:32.0687 4664  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
19:59:32.0703 4664  AntiVirSchedulerService - ok
19:59:32.0750 4664  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:59:32.0750 4664  AntiVirService - ok
19:59:32.0843 4664  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:59:32.0859 4664  Apple Mobile Device - ok
19:59:32.0890 4664  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:59:33.0015 4664  AppMgmt - ok
19:59:33.0046 4664  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:59:33.0171 4664  Arp1394 - ok

heathcliff · 20.01.2013, 21:58

Teil 2 (TDSS):

Code:

ATTFilter

19:59:33.0203 4664  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
19:59:33.0328 4664  asc - ok
19:59:33.0359 4664  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:59:33.0437 4664  asc3350p - ok
19:59:33.0453 4664  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:59:33.0593 4664  asc3550 - ok
19:59:33.0703 4664  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:59:33.0718 4664  aspnet_state - ok
19:59:33.0734 4664  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:59:33.0828 4664  AsyncMac - ok
19:59:33.0843 4664  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:59:33.0953 4664  atapi - ok
19:59:33.0953 4664  Atdisk - ok
19:59:33.0968 4664  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:59:34.0093 4664  Atmarpc - ok
19:59:34.0125 4664  [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm        C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
19:59:34.0171 4664  atmeltpm - ok
19:59:34.0203 4664  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:59:34.0328 4664  AudioSrv - ok
19:59:34.0343 4664  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:59:34.0453 4664  audstub - ok
19:59:34.0500 4664  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:59:34.0531 4664  avgntflt - ok
19:59:34.0578 4664  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:59:34.0593 4664  avipbb - ok
19:59:34.0609 4664  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:59:34.0625 4664  avkmgr - ok
19:59:34.0640 4664  [ BB1A2A73F993B623F99E03ED2F9E014C ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:59:34.0687 4664  b57w2k - ok
19:59:34.0703 4664  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:59:34.0828 4664  Beep - ok
19:59:34.0890 4664  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:59:35.0000 4664  BITS - ok
19:59:35.0062 4664  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
19:59:35.0078 4664  Bonjour Service - ok
19:59:35.0125 4664  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
19:59:35.0171 4664  Browser - ok
19:59:35.0234 4664  [ 6B7D6CA0DB38B36C1D95447757741D1A ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
19:59:35.0265 4664  btaudio ( UnsignedFile.Multi.Generic ) - warning
19:59:35.0265 4664  btaudio - detected UnsignedFile.Multi.Generic (1)
19:59:35.0296 4664  [ 48E37289BAE3D006D5583A661168CA00 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
19:59:35.0312 4664  BTDriver ( UnsignedFile.Multi.Generic ) - warning
19:59:35.0312 4664  BTDriver - detected UnsignedFile.Multi.Generic (1)
19:59:35.0359 4664  [ DBD408226B00C20158864F30A5A84451 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
19:59:35.0468 4664  BTKRNL ( UnsignedFile.Multi.Generic ) - warning
19:59:35.0468 4664  BTKRNL - detected UnsignedFile.Multi.Generic (1)
19:59:35.0515 4664  [ CB2A3BAE9AAD6B42F7B6473363BBC168 ] btwdins         C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
19:59:35.0531 4664  btwdins ( UnsignedFile.Multi.Generic ) - warning
19:59:35.0531 4664  btwdins - detected UnsignedFile.Multi.Generic (1)
19:59:35.0578 4664  [ 8103112C1016DDC68DC292A083B02487 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
19:59:35.0578 4664  BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
19:59:35.0578 4664  BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
19:59:35.0593 4664  [ 7CD8E4303FDA5B11DA325340778D99D9 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
19:59:35.0609 4664  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
19:59:35.0609 4664  BTWUSB - detected UnsignedFile.Multi.Generic (1)
19:59:35.0640 4664  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:59:35.0968 4664  cbidf - ok
19:59:35.0984 4664  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:59:36.0109 4664  cbidf2k - ok
19:59:36.0156 4664  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:59:36.0312 4664  CCDECODE - ok
19:59:36.0343 4664  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:59:36.0406 4664  cd20xrnt - ok
19:59:36.0437 4664  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:59:36.0578 4664  Cdaudio - ok
19:59:36.0593 4664  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:59:36.0703 4664  Cdfs - ok
19:59:36.0718 4664  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:59:36.0828 4664  Cdrom - ok
19:59:36.0843 4664  Changer - ok
19:59:36.0859 4664  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:59:36.0984 4664  CiSvc - ok
19:59:37.0000 4664  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:59:37.0109 4664  ClipSrv - ok
19:59:37.0156 4664  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:59:37.0171 4664  clr_optimization_v2.0.50727_32 - ok
19:59:37.0234 4664  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:59:37.0250 4664  clr_optimization_v4.0.30319_32 - ok
19:59:37.0265 4664  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:59:37.0375 4664  CmBatt - ok
19:59:37.0375 4664  [ C687F81290303D90099B027A6474F99F ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:59:37.0546 4664  CmdIde - ok
19:59:37.0578 4664  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:59:37.0703 4664  Compbatt - ok
19:59:37.0703 4664  COMSysApp - ok
19:59:37.0734 4664  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:59:37.0906 4664  Cpqarray - ok
19:59:37.0937 4664  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:59:38.0046 4664  CryptSvc - ok
19:59:38.0109 4664  [ F054744F67576A01139885173392502B ] CrystalSysInfo  C:\Programme\MediaCoder PMP Edition\SysInfo.sys
19:59:38.0125 4664  CrystalSysInfo - ok
19:59:38.0156 4664  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\WINDOWS\system32\DRIVERS\CVirtA.sys
19:59:38.0203 4664  CVirtA - ok
19:59:38.0312 4664  [ 52CE186247CA74EE01F0742AA6609A30 ] CVPND           C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
19:59:38.0375 4664  CVPND - ok
19:59:38.0468 4664  [ 57310C245810B26E378DE9E6B22DB598 ] CVPNDRVA        C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
19:59:38.0500 4664  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
19:59:38.0500 4664  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
19:59:38.0593 4664  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:59:38.0765 4664  dac2w2k - ok
19:59:38.0781 4664  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:59:38.0906 4664  dac960nt - ok
19:59:38.0953 4664  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:59:39.0046 4664  DcomLaunch - ok
19:59:39.0078 4664  [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv        C:\WINDOWS\system32\drivers\dgderdrv.sys
19:59:39.0093 4664  dgderdrv - ok
19:59:39.0125 4664  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:59:39.0250 4664  Dhcp - ok
19:59:39.0265 4664  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:59:39.0359 4664  Disk - ok
19:59:39.0453 4664  [ 0711D2E0F17B31E537B2770A618DA41F ] Diskeeper       C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
19:59:39.0515 4664  Diskeeper ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0515 4664  Diskeeper - detected UnsignedFile.Multi.Generic (1)
19:59:39.0625 4664  [ 35CBC02546335EA41A5D516DA6626C8A ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:59:39.0625 4664  DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0625 4664  DLABOIOM - detected UnsignedFile.Multi.Generic (1)
19:59:39.0640 4664  [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:59:39.0656 4664  DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0656 4664  DLACDBHM - detected UnsignedFile.Multi.Generic (1)
19:59:39.0671 4664  [ 2104649B0B79B9F30122C545CBA0C655 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
19:59:39.0687 4664  DLADResN ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0687 4664  DLADResN - detected UnsignedFile.Multi.Generic (1)
19:59:39.0703 4664  [ E4859CA5BD8412A9A60D62067A653522 ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:59:39.0718 4664  DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0718 4664  DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
19:59:39.0750 4664  [ 20C24A3D1CF0825487C93F806625805E ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:59:39.0765 4664  DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0765 4664  DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
19:59:39.0781 4664  [ 8A530DA5DC81954BCF1966813F699B49 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:59:39.0781 4664  DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0781 4664  DLAPoolM - detected UnsignedFile.Multi.Generic (1)
19:59:39.0796 4664  [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
19:59:39.0796 4664  DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0796 4664  DLARTL_N - detected UnsignedFile.Multi.Generic (1)
19:59:39.0812 4664  [ 7EDA68AF6A91BF64AF6F301E39928EBF ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:59:39.0843 4664  DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0843 4664  DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
19:59:39.0843 4664  [ A18423BBC6D92B01FDF3C51E7510EE70 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:59:39.0843 4664  DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
19:59:39.0843 4664  DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
19:59:39.0859 4664  dmadmin - ok
19:59:39.0906 4664  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:59:40.0140 4664  dmboot - ok
19:59:40.0171 4664  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:59:40.0281 4664  dmio - ok
19:59:40.0312 4664  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:59:40.0437 4664  dmload - ok
19:59:40.0515 4664  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:59:40.0640 4664  dmserver - ok
19:59:40.0671 4664  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:59:40.0796 4664  DMusic - ok
19:59:40.0843 4664  [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE             C:\WINDOWS\system32\DRIVERS\dne2000.sys
19:59:40.0859 4664  DNE - ok
19:59:40.0890 4664  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:59:41.0000 4664  Dnscache - ok
19:59:41.0031 4664  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:59:41.0203 4664  Dot3svc - ok
19:59:41.0234 4664  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:59:41.0390 4664  dpti2o - ok
19:59:41.0437 4664  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:59:41.0625 4664  drmkaud - ok
19:59:41.0640 4664  [ 48C7008D23DCFCE0D0232F49307EFCED ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:59:41.0656 4664  DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
19:59:41.0656 4664  DRVMCDB - detected UnsignedFile.Multi.Generic (1)
19:59:41.0687 4664  [ 05467E44A42C777DD1534BB4539B16D1 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:59:41.0687 4664  DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
19:59:41.0687 4664  DRVNDDM - detected UnsignedFile.Multi.Generic (1)
19:59:41.0734 4664  [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:59:41.0890 4664  E100B - ok
19:59:41.0906 4664  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:59:42.0062 4664  EapHost - ok
19:59:42.0093 4664  [ 2D0FC676D159525F6CD74C3302C7A61C ] EGATHDRV        C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
19:59:42.0093 4664  EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
19:59:42.0093 4664  EGATHDRV - detected UnsignedFile.Multi.Generic (1)
19:59:42.0140 4664  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:59:42.0281 4664  ERSvc - ok
19:59:42.0343 4664  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
19:59:42.0390 4664  Eventlog - ok
19:59:42.0468 4664  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
19:59:42.0515 4664  EventSystem - ok
19:59:42.0687 4664  [ 6A197698A141FFE7651B962AE3172008 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
19:59:42.0765 4664  EvtEng ( UnsignedFile.Multi.Generic ) - warning
19:59:42.0765 4664  EvtEng - detected UnsignedFile.Multi.Generic (1)
19:59:42.0796 4664  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:59:42.0984 4664  Fastfat - ok
19:59:43.0031 4664  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:59:43.0109 4664  FastUserSwitchingCompatibility - ok
19:59:43.0125 4664  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:59:43.0234 4664  Fdc - ok
19:59:43.0250 4664  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:59:43.0343 4664  Fips - ok
19:59:43.0359 4664  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:59:43.0468 4664  Flpydisk - ok
19:59:43.0500 4664  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:59:43.0625 4664  FltMgr - ok
19:59:43.0890 4664  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:59:43.0937 4664  FontCache3.0.0.0 - ok
19:59:44.0015 4664  [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk     C:\WINDOWS\system32\FsUsbExDisk.SYS
19:59:44.0250 4664  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
19:59:44.0250 4664  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
19:59:44.0359 4664  [ 15AB846886C225FFF0376F3CEF21188F ] FsUsbExService  C:\WINDOWS\system32\FsUsbExService.Exe
19:59:44.0406 4664  FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
19:59:44.0406 4664  FsUsbExService - detected UnsignedFile.Multi.Generic (1)
19:59:44.0500 4664  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:59:44.0625 4664  Fs_Rec - ok
19:59:44.0656 4664  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:59:44.0796 4664  Ftdisk - ok
19:59:44.0843 4664  [ 33D00F8CB70AC5F7A8101F79D5273615 ] G400            C:\WINDOWS\system32\DRIVERS\G400m.sys
19:59:45.0000 4664  G400 - ok
19:59:45.0031 4664  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:59:45.0093 4664  GEARAspiWDM - ok
19:59:45.0218 4664  [ 35A1F815962F3552066C6BE4C969D297 ] getPlus(R) Helper C:\Programme\NOS\bin\getPlus_HelperSvc.exe
19:59:45.0234 4664  getPlus(R) Helper - ok
19:59:45.0312 4664  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:59:45.0484 4664  Gpc - ok
19:59:45.0703 4664  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
19:59:45.0734 4664  gupdate - ok
19:59:45.0734 4664  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
19:59:45.0765 4664  gupdatem - ok
19:59:45.0921 4664  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
19:59:45.0937 4664  gusvc - ok
19:59:45.0984 4664  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:59:46.0187 4664  HDAudBus - ok
19:59:46.0281 4664  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:59:46.0406 4664  helpsvc - ok
19:59:46.0406 4664  HidServ - ok
19:59:46.0453 4664  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:59:46.0578 4664  HidUsb - ok
19:59:46.0609 4664  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:59:46.0703 4664  hkmsvc - ok
19:59:46.0750 4664  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
19:59:46.0859 4664  hpn - ok
19:59:46.0906 4664  [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:59:46.0921 4664  HPZid412 ( UnsignedFile.Multi.Generic ) - warning
19:59:46.0921 4664  HPZid412 - detected UnsignedFile.Multi.Generic (1)
19:59:46.0968 4664  [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:59:46.0968 4664  HPZipr12 ( UnsignedFile.Multi.Generic ) - warning
19:59:46.0968 4664  HPZipr12 - detected UnsignedFile.Multi.Generic (1)
19:59:46.0984 4664  [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:59:47.0000 4664  HPZius12 ( UnsignedFile.Multi.Generic ) - warning
19:59:47.0000 4664  HPZius12 - detected UnsignedFile.Multi.Generic (1)
19:59:47.0078 4664  [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:59:47.0109 4664  HSFHWAZL - ok
19:59:47.0171 4664  [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:59:47.0234 4664  HSF_DPV - ok
19:59:47.0281 4664  [ 3AF45F5B4157C88FFAE24D89BA408302 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
19:59:47.0390 4664  HSXHWAZL - ok
19:59:47.0453 4664  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:59:47.0546 4664  HTTP - ok
19:59:47.0609 4664  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:59:47.0796 4664  HTTPFilter - ok
19:59:47.0812 4664  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
19:59:47.0921 4664  i2omgmt - ok
19:59:47.0953 4664  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:59:48.0109 4664  i2omp - ok
19:59:48.0203 4664  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:59:48.0359 4664  i8042prt - ok
19:59:48.0812 4664  [ 06B71441957B48A4866DE2FE27CB79C8 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:59:51.0812 4664  ialm - ok
19:59:52.0125 4664  [ 865FEC2D85069FD180EA75049829A7A2 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
19:59:52.0390 4664  iaStor - ok
19:59:52.0453 4664  [ BF648877413F6160E480814A24942B65 ] IBMPMDRV        C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
19:59:52.0484 4664  IBMPMDRV - ok
19:59:52.0500 4664  [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC        C:\WINDOWS\system32\ibmpmsvc.exe
19:59:52.0531 4664  IBMPMSVC - ok
19:59:52.0562 4664  [ BFC9F3ADAAD74E13F9CE16C8BD336F95 ] IBMTPCHK        C:\WINDOWS\system32\Drivers\IBMBLDID.sys
19:59:52.0593 4664  IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
19:59:52.0593 4664  IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
19:59:52.0703 4664  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:59:52.0718 4664  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:59:52.0718 4664  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:59:52.0812 4664  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:59:52.0875 4664  idsvc - ok
19:59:52.0906 4664  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:59:53.0078 4664  Imapi - ok
19:59:53.0171 4664  [ 1ACAD13923E467E473C3EC503223F983 ] Imapi Helper    D:\Programme\Alex Feinman\ISO Recorder\ImapiHelper.exe
19:59:53.0187 4664  Imapi Helper ( UnsignedFile.Multi.Generic ) - warning
19:59:53.0187 4664  Imapi Helper - detected UnsignedFile.Multi.Generic (1)
19:59:53.0218 4664  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:59:53.0343 4664  ImapiService - ok
19:59:53.0390 4664  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:59:53.0500 4664  ini910u - ok
19:59:53.0531 4664  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
19:59:53.0640 4664  IntelIde - ok
19:59:53.0687 4664  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:59:53.0796 4664  intelppm - ok
19:59:53.0812 4664  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:59:53.0921 4664  Ip6Fw - ok
19:59:53.0937 4664  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:59:54.0046 4664  IpFilterDriver - ok
19:59:54.0062 4664  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:59:54.0156 4664  IpInIp - ok
19:59:54.0187 4664  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:59:54.0296 4664  IpNat - ok
19:59:54.0359 4664  [ 49918803B661367023BF325CF602AFDC ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
19:59:54.0531 4664  iPod Service - ok
19:59:54.0546 4664  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:59:54.0671 4664  IPSec - ok
19:59:54.0734 4664  [ 4D1D3B3644737746FB98C4D272FB4A86 ] IPSSVC          C:\WINDOWS\system32\IPSSVC.EXE
19:59:54.0765 4664  IPSSVC ( UnsignedFile.Multi.Generic ) - warning
19:59:54.0765 4664  IPSSVC - detected UnsignedFile.Multi.Generic (1)
19:59:54.0796 4664  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:59:54.0984 4664  IRENUM - ok
19:59:55.0062 4664  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:59:55.0171 4664  isapnp - ok
19:59:55.0187 4664  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:59:55.0296 4664  Kbdclass - ok
19:59:55.0328 4664  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:59:55.0453 4664  kmixer - ok
19:59:55.0500 4664  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:59:55.0593 4664  KSecDD - ok
19:59:55.0625 4664  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:59:55.0656 4664  lanmanserver - ok
19:59:55.0703 4664  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:59:55.0750 4664  lanmanworkstation - ok
19:59:55.0750 4664  lbrtfdc - ok
19:59:55.0781 4664  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:59:55.0906 4664  LmHosts - ok
19:59:55.0937 4664  [ D5673785903639D186DC345FF86F423F ] massfilter      C:\WINDOWS\system32\drivers\massfilter.sys
19:59:55.0984 4664  massfilter - ok
19:59:56.0000 4664  [ 38BFA8FA6D838CBAB58A1C2B49EBF96B ] massfilter_hs   C:\WINDOWS\system32\drivers\massfilter_hs.sys
19:59:56.0109 4664  massfilter_hs - ok
19:59:56.0203 4664  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
19:59:56.0250 4664  MDM - ok
19:59:56.0328 4664  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:59:56.0390 4664  mdmxsdk - ok
19:59:56.0468 4664  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:59:56.0625 4664  Messenger - ok
19:59:56.0656 4664  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:59:56.0765 4664  mnmdd - ok
19:59:56.0812 4664  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:59:56.0921 4664  mnmsrvc - ok
19:59:56.0937 4664  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:59:57.0062 4664  Modem - ok
19:59:57.0093 4664  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:59:57.0203 4664  Mouclass - ok
19:59:57.0234 4664  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:59:57.0359 4664  mouhid - ok
19:59:57.0390 4664  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:59:57.0500 4664  MountMgr - ok
19:59:57.0578 4664  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:59:57.0609 4664  MozillaMaintenance - ok
19:59:57.0625 4664  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:59:57.0734 4664  mraid35x - ok
19:59:57.0765 4664  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:59:57.0890 4664  MRxDAV - ok
19:59:57.0937 4664  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:59:58.0093 4664  MRxSmb - ok
19:59:58.0156 4664  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:59:58.0281 4664  MSDTC - ok
19:59:58.0312 4664  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:59:58.0421 4664  Msfs - ok
19:59:58.0421 4664  MSIServer - ok
19:59:58.0437 4664  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:59:58.0562 4664  MSKSSRV - ok
19:59:58.0578 4664  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:59:58.0671 4664  MSPCLOCK - ok
19:59:58.0687 4664  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:59:58.0812 4664  MSPQM - ok
19:59:58.0843 4664  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:59:58.0953 4664  mssmbios - ok
19:59:59.0015 4664  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:59:59.0140 4664  MSTEE - ok
19:59:59.0171 4664  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:59:59.0218 4664  Mup - ok
19:59:59.0234 4664  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:59:59.0343 4664  NABTSFEC - ok
19:59:59.0390 4664  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:59:59.0515 4664  napagent - ok
19:59:59.0531 4664  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:59:59.0656 4664  NDIS - ok
19:59:59.0671 4664  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:59:59.0781 4664  NdisIP - ok
19:59:59.0828 4664  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:59:59.0875 4664  NdisTapi - ok
19:59:59.0875 4664  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:59:59.0984 4664  Ndisuio - ok
20:00:00.0015 4664  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:00:00.0125 4664  NdisWan - ok
20:00:00.0156 4664  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:00:00.0171 4664  NDProxy - ok
20:00:00.0281 4664  [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
20:00:00.0328 4664  Nero BackItUp Scheduler 4.0 - ok
20:00:00.0390 4664  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:00:00.0531 4664  NetBIOS - ok
20:00:00.0562 4664  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:00:00.0703 4664  NetBT - ok
20:00:00.0734 4664  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:00:00.0843 4664  NetDDE - ok
20:00:00.0859 4664  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:00:00.0953 4664  NetDDEdsdm - ok
20:00:01.0000 4664  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:00:01.0125 4664  Netlogon - ok
20:00:01.0140 4664  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
20:00:01.0281 4664  Netman - ok
20:00:01.0328 4664  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:00:01.0343 4664  NetTcpPortSharing - ok
20:00:01.0453 4664  [ E2F396F71A793A04839DBB6AF304A026 ] NETw3x32        C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
20:00:01.0625 4664  NETw3x32 - ok
20:00:01.0671 4664  [ E5364C06AAFA180CE35018D40FCACAD5 ] nhcDriverDevice C:\WINDOWS\system32\drivers\nhcDriver.sys
20:00:01.0703 4664  nhcDriverDevice ( UnsignedFile.Multi.Generic ) - warning
20:00:01.0703 4664  nhcDriverDevice - detected UnsignedFile.Multi.Generic (1)
20:00:01.0750 4664  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:00:01.0875 4664  NIC1394 - ok
20:00:01.0921 4664  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:00:01.0968 4664  Nla - ok
20:00:02.0015 4664  [ 25D6B2EB0A1FC4AB413AFE7EC4793EC1 ] nosGetPlusHelper C:\Programme\NOS\bin\getPlus_Helper_3004.dll
20:00:02.0031 4664  nosGetPlusHelper - ok
20:00:02.0093 4664  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:00:02.0187 4664  Npfs - ok
20:00:02.0281 4664  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:00:02.0406 4664  Ntfs - ok
20:00:02.0406 4664  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:00:02.0515 4664  NtLmSsp - ok
20:00:02.0562 4664  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:00:02.0671 4664  NtmsSvc - ok
20:00:02.0703 4664  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:00:02.0828 4664  Null - ok
20:00:02.0921 4664  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:00:03.0218 4664  nv - ok
20:00:03.0250 4664  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:00:03.0406 4664  NwlnkFlt - ok
20:00:03.0421 4664  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:00:03.0609 4664  NwlnkFwd - ok
20:00:03.0687 4664  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
20:00:03.0718 4664  odserv - ok
20:00:03.0781 4664  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:00:03.0890 4664  ohci1394 - ok
20:00:03.0937 4664  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:00:03.0953 4664  ose - ok
20:00:03.0984 4664  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:00:04.0125 4664  Parport - ok
20:00:04.0125 4664  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:00:04.0265 4664  PartMgr - ok
20:00:04.0296 4664  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:00:04.0453 4664  ParVdm - ok
20:00:04.0468 4664  PcdrNdisuio - ok
20:00:04.0484 4664  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:00:04.0593 4664  PCI - ok
20:00:04.0609 4664  PCIDump - ok
20:00:04.0625 4664  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:00:04.0750 4664  PCIIde - ok
20:00:04.0765 4664  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:00:04.0890 4664  Pcmcia - ok
20:00:04.0890 4664  PDCOMP - ok
20:00:04.0890 4664  PDFRAME - ok
20:00:04.0906 4664  PDRELI - ok
20:00:04.0906 4664  PDRFRAME - ok
20:00:04.0921 4664  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
20:00:05.0046 4664  perc2 - ok
20:00:05.0062 4664  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:00:05.0187 4664  perc2hib - ok
20:00:05.0265 4664  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
20:00:05.0281 4664  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:00:05.0281 4664  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:00:05.0296 4664  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
20:00:05.0328 4664  PlugPlay - ok
20:00:05.0359 4664  [ DEDEF40E1D05842639491365CB2C069E ] pmem            C:\WINDOWS\System32\drivers\pmemnt.sys
20:00:05.0359 4664  pmem ( UnsignedFile.Multi.Generic ) - warning
20:00:05.0359 4664  pmem - detected UnsignedFile.Multi.Generic (1)
20:00:05.0390 4664  [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
20:00:05.0406 4664  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:00:05.0406 4664  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:00:05.0437 4664  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:00:05.0531 4664  PolicyAgent - ok
20:00:05.0562 4664  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:00:05.0656 4664  PptpMiniport - ok
20:00:05.0703 4664  [ 7E8BE4D11F5AC1E5CAE42719A7230508 ] PQNTDrv         C:\WINDOWS\system32\drivers\PQNTDrv.sys
20:00:05.0718 4664  PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
20:00:05.0718 4664  PQNTDrv - detected UnsignedFile.Multi.Generic (1)
20:00:05.0796 4664  [ EBE579425CCB8377BFC7C0B50C05EB56 ] PrivateDisk     C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
20:00:05.0812 4664  PrivateDisk ( UnsignedFile.Multi.Generic ) - warning
20:00:05.0812 4664  PrivateDisk - detected UnsignedFile.Multi.Generic (1)
20:00:05.0843 4664  [ 6F9E6E874FD74EE6DD0BBECDE9D3F795 ] PROCDD          C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
20:00:05.0859 4664  PROCDD ( UnsignedFile.Multi.Generic ) - warning
20:00:05.0859 4664  PROCDD - detected UnsignedFile.Multi.Generic (1)
20:00:05.0875 4664  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
20:00:06.0000 4664  Processor - ok
20:00:06.0000 4664  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:00:06.0093 4664  ProtectedStorage - ok
20:00:06.0125 4664  [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd           C:\WINDOWS\system32\DRIVERS\psadd.sys
20:00:06.0140 4664  psadd - ok
20:00:06.0140 4664  PsaSrv - ok
20:00:06.0156 4664  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:00:06.0265 4664  PSched - ok
20:00:06.0921 4664  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:00:17.0906 4664  Ptilink - ok
20:00:17.0968 4664  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:00:17.0984 4664  PxHelp20 - ok
20:00:18.0000 4664  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:00:18.0125 4664  ql1080 - ok
20:00:18.0156 4664  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:00:18.0296 4664  Ql10wnt - ok
20:00:18.0328 4664  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:00:18.0453 4664  ql12160 - ok
20:00:18.0484 4664  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:00:18.0625 4664  ql1240 - ok
20:00:18.0640 4664  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:00:18.0750 4664  ql1280 - ok
20:00:18.0765 4664  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:00:18.0890 4664  RasAcd - ok
20:00:18.0937 4664  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:00:19.0046 4664  RasAuto - ok
20:00:19.0062 4664  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:00:19.0187 4664  Rasl2tp - ok
20:00:19.0234 4664  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:00:19.0359 4664  RasMan - ok
20:00:19.0375 4664  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:00:19.0515 4664  RasPppoe - ok
20:00:19.0546 4664  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:00:19.0671 4664  Raspti - ok
20:00:19.0703 4664  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:00:19.0812 4664  Rdbss - ok
20:00:19.0843 4664  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:00:19.0984 4664  RDPCDD - ok
20:00:20.0000 4664  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:00:20.0125 4664  rdpdr - ok
20:00:20.0171 4664  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:00:20.0281 4664  RDPWD - ok
20:00:20.0328 4664  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:00:20.0453 4664  RDSessMgr - ok
20:00:20.0484 4664  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:00:20.0593 4664  redbook - ok
20:00:20.0640 4664  [ D8F61AAAE73A1FBDE6F538BECC891F2F ] RegSrvc         C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
20:00:20.0656 4664  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:00:20.0656 4664  RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:00:20.0687 4664  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:00:20.0796 4664  RemoteAccess - ok
20:00:20.0843 4664  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:00:20.0937 4664  RemoteRegistry - ok
20:00:20.0953 4664  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:00:21.0062 4664  RpcLocator - ok
20:00:21.0093 4664  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:00:21.0156 4664  RpcSs - ok
20:00:21.0218 4664  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:00:21.0328 4664  RSVP - ok
20:00:21.0375 4664  [ 25F697E3AFA7B337BBCADDBCE38E6934 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
20:00:21.0500 4664  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
20:00:21.0500 4664  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
20:00:21.0546 4664  [ 2862ADB14481AC28F98105FF33A99EB0 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:00:21.0546 4664  s24trans ( UnsignedFile.Multi.Generic ) - warning
20:00:21.0546 4664  s24trans - detected UnsignedFile.Multi.Generic (1)
20:00:21.0562 4664  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:00:21.0671 4664  SamSs - ok
20:00:21.0718 4664  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:00:21.0828 4664  SCardSvr - ok
20:00:21.0875 4664  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:00:21.0984 4664  Schedule - ok
20:00:22.0015 4664  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:00:22.0140 4664  Secdrv - ok
20:00:22.0156 4664  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:00:22.0281 4664  seclogon - ok
20:00:22.0312 4664  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
20:00:22.0421 4664  SENS - ok
20:00:22.0453 4664  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:00:22.0562 4664  serenum - ok
20:00:22.0578 4664  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:00:22.0703 4664  Serial - ok
20:00:22.0750 4664  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:00:22.0859 4664  Sfloppy - ok
20:00:22.0906 4664  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:00:23.0046 4664  SharedAccess - ok
20:00:23.0062 4664  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:00:23.0078 4664  ShellHWDetection - ok
20:00:23.0109 4664  [ 1A9B76C8E0D77BCACA24FDF36781B59D ] ShockMgr        C:\WINDOWS\system32\drivers\ShockMgr.sys
20:00:23.0140 4664  ShockMgr ( UnsignedFile.Multi.Generic ) - warning
20:00:23.0140 4664  ShockMgr - detected UnsignedFile.Multi.Generic (1)
20:00:23.0187 4664  [ CB0C065AF3AC9AC307408EA021CDD20E ] Shockprf        C:\WINDOWS\system32\drivers\Shockprf.sys
20:00:23.0187 4664  Shockprf ( UnsignedFile.Multi.Generic ) - warning
20:00:23.0187 4664  Shockprf - detected UnsignedFile.Multi.Generic (1)
20:00:23.0203 4664  Simbad - ok
20:00:23.0265 4664  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:00:23.0375 4664  sisagp - ok
20:00:23.0453 4664  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
20:00:23.0468 4664  SkypeUpdate - ok
20:00:23.0531 4664  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:00:23.0640 4664  SLIP - ok
20:00:23.0656 4664  [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint         C:\WINDOWS\system32\drivers\Smapint.sys
20:00:23.0671 4664  Smapint ( UnsignedFile.Multi.Generic ) - warning
20:00:23.0671 4664  Smapint - detected UnsignedFile.Multi.Generic (1)
20:00:23.0718 4664  [ 3BA9D0C8A0FBD9FB4029B6CD87C8CE0B ] smi2            C:\Programme\SMI2\smi2.sys
20:00:23.0718 4664  smi2 ( UnsignedFile.Multi.Generic ) - warning
20:00:23.0718 4664  smi2 - detected UnsignedFile.Multi.Generic (1)
20:00:23.0765 4664  [ 01A4388E45BA272082BFC35B0C8DBF8A ] smihlp          C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys
20:00:23.0781 4664  smihlp ( UnsignedFile.Multi.Generic ) - warning
20:00:23.0781 4664  smihlp - detected UnsignedFile.Multi.Generic (1)
20:00:23.0812 4664  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:00:23.0937 4664  SONYPVU1 - ok
20:00:23.0968 4664  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:00:24.0046 4664  Sparrow - ok
20:00:24.0078 4664  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:00:24.0218 4664  splitter - ok
20:00:24.0250 4664  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:00:24.0312 4664  Spooler - ok
20:00:24.0328 4664  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:00:24.0421 4664  sr - ok
20:00:24.0468 4664  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:00:24.0593 4664  srservice - ok
20:00:24.0640 4664  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:00:24.0687 4664  Srv - ok
20:00:24.0718 4664  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:00:24.0828 4664  SSDPSRV - ok
20:00:24.0859 4664  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:00:24.0875 4664  ssmdrv - ok
20:00:24.0906 4664  [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
20:00:25.0031 4664  StillCam - ok
20:00:25.0093 4664  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:00:25.0250 4664  stisvc - ok
20:00:25.0281 4664  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:00:25.0406 4664  streamip - ok
20:00:25.0484 4664  [ F1262146970C5B73159E3727ACDE8278 ] SUService       c:\programme\lenovo\system update\suservice.exe
20:00:25.0500 4664  SUService ( UnsignedFile.Multi.Generic ) - warning
20:00:25.0500 4664  SUService - detected UnsignedFile.Multi.Generic (1)
20:00:25.0515 4664  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:00:25.0609 4664  swenum - ok
20:00:25.0640 4664  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:00:25.0734 4664  swmidi - ok
20:00:25.0750 4664  SwPrv - ok
20:00:25.0765 4664  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
20:00:25.0875 4664  symc810 - ok
20:00:25.0890 4664  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:00:26.0015 4664  symc8xx - ok
20:00:26.0031 4664  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:00:26.0140 4664  sym_hi - ok
20:00:26.0187 4664  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:00:26.0296 4664  sym_u3 - ok
20:00:26.0328 4664  [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:00:26.0343 4664  SynTP - ok
20:00:26.0359 4664  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:00:26.0468 4664  sysaudio - ok
20:00:26.0500 4664  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:00:26.0609 4664  SysmonLog - ok
20:00:26.0640 4664  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:00:26.0781 4664  TapiSrv - ok
20:00:26.0859 4664  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:00:26.0890 4664  Tcpip - ok
20:00:26.0937 4664  [ FC6FE02F400308606A911640E72326B5 ] TcUsb           C:\WINDOWS\system32\Drivers\tcusb.sys
20:00:27.0015 4664  TcUsb - ok
20:00:27.0109 4664  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:00:27.0218 4664  TDPIPE - ok
20:00:27.0250 4664  [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI         C:\WINDOWS\system32\drivers\TDSMAPI.SYS
20:00:27.0250 4664  TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
20:00:27.0250 4664  TDSMAPI - detected UnsignedFile.Multi.Generic (1)
20:00:27.0281 4664  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:00:27.0421 4664  TDTCP - ok
20:00:27.0453 4664  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:00:27.0625 4664  TermDD - ok
20:00:27.0671 4664  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:00:27.0781 4664  TermService - ok
20:00:27.0859 4664  [ 8F14DE79EBE73D6D717B8455E64DDA86 ] TGCM_ImportWiFiSvc C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
20:00:27.0875 4664  TGCM_ImportWiFiSvc - ok
20:00:27.0890 4664  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:00:27.0906 4664  Themes - ok
20:00:27.0968 4664  [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
20:00:28.0000 4664  ThinkVantage Registry Monitor Service - ok
20:00:28.0078 4664  [ E27982D1C30AE1DD7EB8EB5CAF8D20C6 ] tidnet          C:\WINDOWS\system32\DRIVERS\tidnet.sys
20:00:28.0093 4664  tidnet - ok
20:00:28.0187 4664  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:00:28.0421 4664  TlntSvr - ok
20:00:28.0453 4664  [ D213A9247DC347F305A2D4CC9B951487 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
20:00:28.0546 4664  TosIde - ok
20:00:28.0578 4664  [ A3552782E8D402F3AA513765D93C852D ] TPHDEXLGSVC     C:\WINDOWS\system32\TPHDEXLG.EXE
20:00:28.0593 4664  TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - warning
20:00:28.0593 4664  TPHDEXLGSVC - detected UnsignedFile.Multi.Generic (1)
20:00:28.0640 4664  [ 29F3601D4233A53F819010FEE8C04A60 ] TPHKDRV         C:\WINDOWS\system32\drivers\TPHKDRV.sys
20:00:28.0656 4664  TPHKDRV ( UnsignedFile.Multi.Generic ) - warning
20:00:28.0656 4664  TPHKDRV - detected UnsignedFile.Multi.Generic (1)
20:00:28.0671 4664  [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC        C:\WINDOWS\system32\TpKmpSVC.exe
20:00:28.0687 4664  TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
20:00:28.0687 4664  TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
20:00:28.0718 4664  [ 44672DE6CEA9569C21C4B7A8D2560750 ] TPPWRIF         C:\WINDOWS\system32\drivers\Tppwrif.sys
20:00:28.0734 4664  TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
20:00:28.0734 4664  TPPWRIF - detected UnsignedFile.Multi.Generic (1)
20:00:28.0765 4664  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:00:28.0875 4664  TrkWks - ok
20:00:28.0906 4664  [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP         C:\WINDOWS\system32\drivers\TSMAPIP.SYS
20:00:28.0906 4664  TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
20:00:28.0906 4664  TSMAPIP - detected UnsignedFile.Multi.Generic (1)
20:00:29.0000 4664  [ CF3BC148A6979BCF5AF8591E687C1390 ] TSSCoreService  C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
20:00:29.0031 4664  TSSCoreService - ok
20:00:29.0281 4664  [ EC38192F2F5361B48BC387C2DB337264 ] TVT Backup Service C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
20:00:29.0359 4664  TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
20:00:29.0359 4664  TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
20:00:29.0546 4664  [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler   C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
20:00:29.0640 4664  TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
20:00:29.0640 4664  TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
20:00:29.0718 4664  [ DD957007DF98AECFFAAA2656D4B981E4 ] tvtfilter       C:\WINDOWS\system32\drivers\tvtfilter.sys
20:00:29.0750 4664  tvtfilter ( UnsignedFile.Multi.Generic ) - warning
20:00:29.0750 4664  tvtfilter - detected UnsignedFile.Multi.Generic (1)
20:00:29.0906 4664  [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk        C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
20:00:29.0921 4664  tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
20:00:29.0921 4664  tvtnetwk - detected UnsignedFile.Multi.Generic (1)
20:00:30.0000 4664  [ 0727CCE3FF1A4446F4A1D507361567AB ] TVTPktFilter    C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
20:00:30.0156 4664  TVTPktFilter - ok
20:00:30.0203 4664  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:00:30.0406 4664  Udfs - ok
20:00:30.0468 4664  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
20:00:30.0531 4664  ultra - ok
20:00:30.0593 4664  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:00:30.0765 4664  Update - ok
20:00:30.0796 4664  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:00:30.0921 4664  upnphost - ok
20:00:30.0937 4664  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
20:00:31.0062 4664  UPS - ok
20:00:31.0109 4664  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
20:00:31.0140 4664  USBAAPL - ok
20:00:31.0203 4664  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:00:31.0328 4664  usbccgp - ok
20:00:31.0343 4664  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:00:31.0453 4664  usbehci - ok
20:00:31.0500 4664  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:00:31.0625 4664  usbhub - ok
20:00:31.0640 4664  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:00:31.0781 4664  usbprint - ok
20:00:31.0812 4664  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:00:31.0906 4664  usbscan - ok
20:00:31.0921 4664  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:00:32.0015 4664  USBSTOR - ok
20:00:32.0031 4664  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:00:32.0125 4664  usbuhci - ok
20:00:32.0156 4664  [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:00:32.0265 4664  usb_rndisx - ok
20:00:32.0281 4664  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:00:32.0390 4664  VgaSave - ok
20:00:32.0437 4664  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:00:32.0546 4664  viaagp - ok
20:00:32.0562 4664  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
20:00:32.0671 4664  ViaIde - ok
20:00:32.0703 4664  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:00:32.0812 4664  VolSnap - ok
20:00:32.0859 4664  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:00:32.0968 4664  VSS - ok
20:00:32.0984 4664  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:00:33.0109 4664  W32Time - ok
20:00:33.0156 4664  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:00:33.0265 4664  Wanarp - ok
20:00:33.0312 4664  [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:00:33.0359 4664  wceusbsh - ok
20:00:33.0406 4664  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
20:00:33.0421 4664  Wdf01000 - ok
20:00:33.0437 4664  WDICA - ok
20:00:33.0468 4664  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:00:33.0609 4664  wdmaud - ok
20:00:33.0640 4664  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:00:33.0796 4664  WebClient - ok
20:00:33.0859 4664  [ 307D248F97835B6879BDD361086924FE ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:00:33.0921 4664  winachsf - ok
20:00:34.0125 4664  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:00:34.0312 4664  winmgmt - ok
20:00:34.0390 4664  [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
20:00:34.0515 4664  WinRM - ok
20:00:34.0578 4664  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:00:34.0765 4664  WmdmPmSN - ok
20:00:34.0812 4664  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:00:34.0890 4664  Wmi - ok
20:00:34.0968 4664  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:00:35.0171 4664  WmiApSrv - ok
20:00:35.0296 4664  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
20:00:35.0390 4664  WMPNetworkSvc - ok
20:00:35.0468 4664  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:00:35.0500 4664  WpdUsb - ok
20:00:35.0796 4664  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:00:35.0843 4664  WPFFontCache_v0400 - ok
20:00:35.0906 4664  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:00:36.0109 4664  WS2IFSL - ok
20:00:36.0187 4664  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:00:36.0312 4664  wscsvc - ok
20:00:36.0328 4664  WSearch - ok
20:00:36.0343 4664  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:00:36.0468 4664  WSTCODEC - ok
20:00:36.0484 4664  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:00:36.0578 4664  wuauserv - ok
20:00:36.0625 4664  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:00:36.0656 4664  WudfPf - ok
20:00:36.0687 4664  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:00:36.0718 4664  WudfRd - ok
20:00:36.0734 4664  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:00:36.0765 4664  WudfSvc - ok
20:00:36.0812 4664  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:00:36.0921 4664  WZCSVC - ok
20:00:36.0968 4664  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:00:37.0093 4664  xmlprov - ok
20:00:37.0125 4664  [ D2D4D14C65053BDBC0CF83C7407EAD8A ] ZSMC301b        C:\WINDOWS\system32\Drivers\usbVM31b.sys
20:00:37.0218 4664  ZSMC301b - ok
20:00:37.0265 4664  [ 4DFA2777DC76E011320522D94C0D0EC3 ] ZTEusbmdm6k     C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
20:00:37.0359 4664  ZTEusbmdm6k - ok
20:00:37.0390 4664  [ 4DFA2777DC76E011320522D94C0D0EC3 ] ZTEusbnmea      C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
20:00:37.0406 4664  ZTEusbnmea - ok
20:00:37.0453 4664  [ 4DFA2777DC76E011320522D94C0D0EC3 ] ZTEusbser6k     C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
20:00:37.0468 4664  ZTEusbser6k - ok
20:00:37.0500 4664  ================ Scan global ===============================
20:00:37.0531 4664  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:00:37.0562 4664  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:00:37.0578 4664  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:00:37.0609 4664  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:00:37.0609 4664  [Global] - ok
20:00:37.0609 4664  ================ Scan MBR ==================================
20:00:37.0625 4664  [ 926B0FAF60CA969911C71DFD61906C0D ] \Device\Harddisk0\DR0
20:00:38.0000 4664  \Device\Harddisk0\DR0 - ok
20:00:38.0000 4664  ================ Scan VBR ==================================
20:00:38.0000 4664  [ 8994BF400235F8CD32E7932E446B6915 ] \Device\Harddisk0\DR0\Partition1
20:00:38.0000 4664  \Device\Harddisk0\DR0\Partition1 - ok
20:00:38.0015 4664  [ BC56DC2ABE7BB5886C98D1C27E525954 ] \Device\Harddisk0\DR0\Partition2
20:00:38.0015 4664  \Device\Harddisk0\DR0\Partition2 - ok
20:00:38.0015 4664  ============================================================
20:00:38.0015 4664  Scan finished
20:00:38.0015 4664  ============================================================
20:00:38.0125 8248  Detected object count: 60
20:00:38.0125 8248  Actual detected object count: 60
20:38:14.0625 8248  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0625 8248  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0625 8248  AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0625 8248  AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0625 8248  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0625 8248  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0625 8248  ANC ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0625 8248  ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0625 8248  btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0625 8248  btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0625 8248  BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0625 8248  BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0640 8248  BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0640 8248  BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0640 8248  btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0640 8248  btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0640 8248  BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0640 8248  BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0640 8248  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0640 8248  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0640 8248  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0640 8248  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0640 8248  Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0640 8248  Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0640 8248  DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0640 8248  DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0656 8248  DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0656 8248  DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0656 8248  DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0656 8248  DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0656 8248  DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0656 8248  DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0656 8248  DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0656 8248  DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0656 8248  DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0656 8248  DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0671 8248  DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0671 8248  DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0671 8248  DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0671 8248  DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0671 8248  DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0671 8248  DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0671 8248  DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0671 8248  DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0671 8248  DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0671 8248  DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0687 8248  EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0687 8248  EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0687 8248  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0687 8248  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0687 8248  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0687 8248  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0687 8248  FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0687 8248  FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0687 8248  HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0687 8248  HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0687 8248  HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0687 8248  HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0687 8248  HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0687 8248  HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0703 8248  IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0703 8248  IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0703 8248  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0703 8248  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0703 8248  Imapi Helper ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0703 8248  Imapi Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0703 8248  IPSSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0703 8248  IPSSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0703 8248  nhcDriverDevice ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0703 8248  nhcDriverDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0703 8248  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0703 8248  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0718 8248  pmem ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0718 8248  pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0718 8248  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0718 8248  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0718 8248  PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0718 8248  PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0718 8248  PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0718 8248  PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0718 8248  PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0718 8248  PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0718 8248  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0718 8248  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0718 8248  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0718 8248  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0718 8248  s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0718 8248  s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0734 8248  ShockMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0734 8248  ShockMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0734 8248  Shockprf ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0734 8248  Shockprf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0734 8248  Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0734 8248  Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0734 8248  smi2 ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0734 8248  smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0734 8248  smihlp ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0734 8248  smihlp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0734 8248  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0734 8248  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0734 8248  TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0734 8248  TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0734 8248  TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0734 8248  TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0734 8248  TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0734 8248  TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0750 8248  TpKmpSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0750 8248  TpKmpSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0750 8248  TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0750 8248  TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0750 8248  TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0750 8248  TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0750 8248  TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0750 8248  TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0750 8248  TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0750 8248  TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0750 8248  tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0750 8248  tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:38:14.0750 8248  tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
20:38:14.0750 8248  tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 21.01.2013, 08:46

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

heathcliff · 21.01.2013, 20:26

Habe ComboFix gestartet. Bis etwa zu Stufe 60 lief alles normal, dann wurde alles abgebrochen und Windows aus Sicherheitsgründen neu gestartet.

Nach dem Neustart wurde folgendes Fehlerprotokoll angezeigt:
Problemsignatur:
BCCode : 19 BCP1 : 00000020 BCP2 : 84D20000 BCP3 : 84D20418
BCP4 : 1A830000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Problemberichtinhalt:
C:\DOKUME~1\#\LOKALE~1\Temp\WERd95e.dir00\Mini012113-01.dmp
C:\DOKUME~1\#\LOKALE~1\Temp\WERd95e.dir00\sysdata.xml

Ich führe jetzt nach dem Neustart das Programm ein zweites Mal durch.

Leider führte der zweite Anlauf zum gleichern Ergebnis:Abbruch.

cosinus · 22.01.2013, 09:58

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

22.01.2013, 09:58	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Spy.Zbot.iehc und JAVA/Dldr.Pesur.AY und JAVA/Lamar.RY gefunden Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

TR/Spy.Zbot.iehc und JAVA/Dldr.Pesur.AY und JAVA/Lamar.RY gefunden

Plagegeister aller Art und deren Bekämpfung: TR/Spy.Zbot.iehc und JAVA/Dldr.Pesur.AY und JAVA/Lamar.RY gefunden