Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU-Trojaner nach Systemwiederherstellung entfernt?

GVU-Trojaner nach Systemwiederherstellung entfernt?


Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner nach Systemwiederherstellung entfernt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 22.01.2013, 17:18   #16
mtmtmt
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


Das hat bei mir niemand mit einer CD installiert - ist ein ThinkPad von Lenovo, T-Series 2008, da ist Windows werksseitig drauf

Alt 23.01.2013, 00:26   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


Achso, dann hab ich das falsch verstanden oder falsch gelesen ich ging eben irrtümlich von einem Downgrade von Vista zu XP aus


Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________
Alt 23.01.2013, 10:01   #18
mtmtmt
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


Achso, nee, kein Downgrade
Hier die Logfile, kein Fund:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.23.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
**** :: LENOVO-DDD3664B [administrator]

23.01.2013 09:52:51
mbar-log-2013-01-23 (09-52-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27066
Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Aber Avira...

Code:
ATTFilter
23.01.2013 10:39 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\System Volume 
      Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP542\A0107148.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.138210.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

23.01.2013 09:57 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\System Volume 
      Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP542\A0107148.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.138210.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

23.01.2013 08:59 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\System Volume 
      Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP542\A0107148.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.138210.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Avira hat es in Quarantäne verschoben...
__________________
Alt 23.01.2013, 15:45   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.01.2013, 11:02   #20
mtmtmt
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


Hier die Logs:

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 09:23:03
-----------------------------
09:23:03.421    OS Version: Windows 5.1.2600 Service Pack 3
09:23:03.421    Number of processors: 2 586 0x1706
09:23:03.421    ComputerName: LENOVO-DDD3664B  UserName: ****
09:23:04.484    Initialize success
09:26:26.937    AVAST engine defs: 13012301
09:56:26.968    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:56:26.968    Disk 0 Vendor: HITACHI_ DCDZ Size: 152627MB BusType: 3
09:56:26.968    Disk 1  \Device\Harddisk1\SR0 -> \Device\SdBus-0
09:56:26.968    Disk 1 Vendor: (  Size: 3912MB BusType: 12
09:56:26.984    Disk 0 MBR read successfully
09:56:26.984    Disk 0 MBR scan
09:56:27.031    Disk 0 unknown MBR code
09:56:27.031    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       145928 MB offset 63
09:56:27.062    Disk 0 Partition 2 00     12  Compaq diag MSDOS5.0     6696 MB offset 298861920
09:56:27.062    Disk 0 scanning sectors +312575760
09:56:27.140    Disk 0 scanning C:\WINDOWS\system32\drivers
09:56:39.812    Service scanning
09:56:54.218    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
09:56:59.093    Modules scanning
09:57:06.359    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
09:57:07.375    Disk 0 trace - called modules:
09:57:07.406    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spny.sys >>UNKNOWN [0x8a6a3938]<<
09:57:07.406    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5ee5f8]
09:57:07.406    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000097[0x8a5f79e0]
09:57:07.406    5 ACPI.sys[b9e73620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a09a030]
09:57:07.968    AVAST engine scan C:\WINDOWS
09:57:22.687    AVAST engine scan C:\WINDOWS\system32
09:59:16.078    AVAST engine scan C:\WINDOWS\system32\drivers
09:59:30.390    AVAST engine scan C:\Dokumente und Einstellungen\****
10:00:23.625    File: C:\Dokumente und Einstellungen\****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25\10aed619-651d9026  **INFECTED** Win32:Rootkit-gen [Rtk]
10:11:13.921    AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:12:30.015    Scan finished successfully
10:54:42.343    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\****\Desktop\MBR.dat"
10:54:42.343    The log file has been saved successfully to "C:\Dokumente und Einstellungen\****\Desktop\aswMBR.txt"
TDSS:
Code:
ATTFilter
10:57:02.0453 3924  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:57:02.0640 3924  ============================================================
10:57:02.0640 3924  Current date / time: 2013/01/24 10:57:02.0640
10:57:02.0640 3924  SystemInfo:
10:57:02.0640 3924  
10:57:02.0640 3924  OS Version: 5.1.2600 ServicePack: 3.0
10:57:02.0640 3924  Product type: Workstation
10:57:02.0640 3924  ComputerName: LENOVO-DDD3664B
10:57:02.0640 3924  UserName: ****
10:57:02.0640 3924  Windows directory: C:\WINDOWS
10:57:02.0640 3924  System windows directory: C:\WINDOWS
10:57:02.0640 3924  Processor architecture: Intel x86
10:57:02.0640 3924  Number of processors: 2
10:57:02.0640 3924  Page size: 0x1000
10:57:02.0640 3924  Boot type: Normal boot
10:57:02.0640 3924  ============================================================
10:57:04.0343 3924  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
10:57:04.0343 3924  ============================================================
10:57:04.0343 3924  \Device\Harddisk0\DR0:
10:57:04.0343 3924  MBR partitions:
10:57:04.0343 3924  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11D04521
10:57:04.0343 3924  ============================================================
10:57:04.0375 3924  C: <-> \Device\Harddisk0\DR0\Partition1
10:57:04.0375 3924  ============================================================
10:57:04.0375 3924  Initialize success
10:57:04.0375 3924  ============================================================
10:57:31.0187 5876  ============================================================
10:57:31.0187 5876  Scan started
10:57:31.0187 5876  Mode: Manual; SigCheck; TDLFS; 
10:57:31.0187 5876  ============================================================
10:57:31.0812 5876  ================ Scan system memory ========================
10:57:31.0828 5876  System memory - ok
10:57:31.0828 5876  ================ Scan services =============================
10:57:31.0968 5876  Abiosdsk - ok
10:57:31.0984 5876  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:57:32.0593 5876  abp480n5 - ok
10:57:32.0609 5876  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
10:57:32.0703 5876  ac97intc - ok
10:57:32.0750 5876  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:57:32.0828 5876  ACPI - ok
10:57:32.0828 5876  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:57:32.0890 5876  ACPIEC - ok
10:57:32.0968 5876  [ AC83DA08B02BC2AC4F9920523275BB0F ] AcPrfMgrSvc     C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
10:57:32.0968 5876  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
10:57:32.0968 5876  AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
10:57:32.0984 5876  [ F0DFCAB03CC9C71137D00C17FEB08873 ] AcSvc           C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
10:57:33.0000 5876  AcSvc ( UnsignedFile.Multi.Generic ) - warning
10:57:33.0000 5876  AcSvc - detected UnsignedFile.Multi.Generic (1)
10:57:33.0046 5876  [ D537F3D03C6301FEFA21F3EEE8CC82D8 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:57:33.0093 5876  ADIHdAudAddService - ok
10:57:33.0140 5876  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:57:33.0203 5876  adpu160m - ok
10:57:33.0234 5876  [ 860DF7676869CD8690CB2B23AB6DE66A ] AEAudio         C:\WINDOWS\system32\drivers\AEAudio.sys
10:57:33.0265 5876  AEAudio - ok
10:57:33.0296 5876  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:57:33.0375 5876  aec - ok
10:57:33.0406 5876  [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:57:33.0437 5876  AegisP - ok
10:57:33.0468 5876  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:57:33.0515 5876  AFD - ok
10:57:33.0546 5876  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
10:57:33.0625 5876  agp440 - ok
10:57:33.0640 5876  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:57:33.0718 5876  agpCPQ - ok
10:57:33.0734 5876  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:57:33.0781 5876  Aha154x - ok
10:57:33.0796 5876  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:57:33.0875 5876  aic78u2 - ok
10:57:33.0875 5876  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:57:33.0953 5876  aic78xx - ok
10:57:33.0984 5876  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:57:34.0062 5876  Alerter - ok
10:57:34.0078 5876  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
10:57:34.0109 5876  ALG - ok
10:57:34.0140 5876  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
10:57:34.0203 5876  AliIde - ok
10:57:34.0218 5876  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:57:34.0281 5876  alim1541 - ok
10:57:34.0296 5876  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:57:34.0359 5876  amdagp - ok
10:57:34.0390 5876  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
10:57:34.0421 5876  amsint - ok
10:57:34.0453 5876  [ 11AB185A7AF224800BBFB5B836974A17 ] ANC             C:\WINDOWS\system32\drivers\ANC.SYS
10:57:34.0453 5876  ANC ( UnsignedFile.Multi.Generic ) - warning
10:57:34.0453 5876  ANC - detected UnsignedFile.Multi.Generic (1)
10:57:34.0515 5876  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
10:57:34.0531 5876  AntiVirSchedulerService - ok
10:57:34.0531 5876  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:57:34.0546 5876  AntiVirService - ok
10:57:34.0609 5876  [ B8E865D24F2753A35CC2A9A6A3CE1AD4 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
10:57:34.0625 5876  Apple Mobile Device - ok
10:57:34.0656 5876  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
10:57:34.0687 5876  AppMgmt - ok
10:57:34.0703 5876  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:57:34.0765 5876  Arp1394 - ok
10:57:34.0781 5876  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
10:57:34.0859 5876  asc - ok
10:57:34.0875 5876  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:57:34.0906 5876  asc3350p - ok
10:57:34.0937 5876  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:57:35.0015 5876  asc3550 - ok
10:57:35.0109 5876  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:57:35.0140 5876  aspnet_state - ok
10:57:35.0171 5876  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:57:35.0250 5876  AsyncMac - ok
10:57:35.0265 5876  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:57:35.0328 5876  atapi - ok
10:57:35.0343 5876  Atdisk - ok
10:57:35.0343 5876  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:57:35.0421 5876  Atmarpc - ok
10:57:35.0453 5876  [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm        C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
10:57:35.0484 5876  atmeltpm - ok
10:57:35.0515 5876  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:57:35.0593 5876  AudioSrv - ok
10:57:35.0609 5876  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:57:35.0671 5876  audstub - ok
10:57:35.0734 5876  [ B5D974C1FD078A68C7536C561B031D39 ] Automatisches LiveUpdate - Scheduler C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
10:57:35.0750 5876  Automatisches LiveUpdate - Scheduler - ok
10:57:35.0765 5876  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:57:35.0796 5876  avgntflt - ok
10:57:35.0828 5876  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:57:35.0843 5876  avipbb - ok
10:57:35.0859 5876  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:57:35.0875 5876  avkmgr - ok
10:57:35.0875 5876  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:57:35.0953 5876  Beep - ok
10:57:36.0000 5876  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:57:36.0062 5876  BITS - ok
10:57:36.0078 5876  [ 9EFE4236F8670846B6E7C5B0EFF6E715 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
10:57:36.0093 5876  Bonjour Service - ok
10:57:36.0125 5876  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
10:57:36.0171 5876  Browser - ok
10:57:36.0234 5876  [ 9DA09B5800B9DE8336948664E3B9CC94 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
10:57:36.0296 5876  BTKRNL - ok
10:57:36.0375 5876  [ D14C346D293E6F83CBB55AC641FF941E ] btwdins         C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
10:57:36.0406 5876  btwdins ( UnsignedFile.Multi.Generic ) - warning
10:57:36.0406 5876  btwdins - detected UnsignedFile.Multi.Generic (1)
10:57:36.0421 5876  [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
10:57:36.0437 5876  BTWUSB - ok
10:57:36.0453 5876  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:57:36.0531 5876  cbidf - ok
10:57:36.0531 5876  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:57:36.0593 5876  cbidf2k - ok
10:57:36.0640 5876  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:57:36.0718 5876  CCDECODE - ok
10:57:36.0750 5876  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:57:36.0812 5876  cd20xrnt - ok
10:57:36.0812 5876  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:57:36.0875 5876  Cdaudio - ok
10:57:36.0921 5876  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:57:36.0984 5876  Cdfs - ok
10:57:37.0000 5876  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:57:37.0062 5876  Cdrom - ok
10:57:37.0078 5876  Changer - ok
10:57:37.0109 5876  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:57:37.0187 5876  CiSvc - ok
10:57:37.0234 5876  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:57:37.0343 5876  ClipSrv - ok
10:57:37.0375 5876  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:57:37.0453 5876  clr_optimization_v2.0.50727_32 - ok
10:57:37.0453 5876  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:57:37.0531 5876  CmBatt - ok
10:57:37.0531 5876  [ C687F81290303D90099B027A6474F99F ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:57:37.0609 5876  CmdIde - ok
10:57:37.0625 5876  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:57:37.0687 5876  Compbatt - ok
10:57:37.0687 5876  COMSysApp - ok
10:57:37.0734 5876  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:57:38.0406 5876  Cpqarray - ok
10:57:38.0437 5876  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:57:38.0500 5876  CryptSvc - ok
10:57:38.0500 5876  CrystalSysInfo - ok
10:57:38.0546 5876  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\WINDOWS\system32\DRIVERS\CVirtA.sys
10:57:38.0578 5876  CVirtA - ok
10:57:38.0640 5876  [ 08D8FA119F2AD6AC0377FB667523482E ] CVPND           c:\Programme\LRZ VPN Client\cvpnd.exe
10:57:38.0781 5876  CVPND - ok
10:57:38.0812 5876  [ 1C2999966F0F36AA44EAECBEE70CF770 ] CVPNDRVA        C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
10:57:38.0828 5876  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
10:57:38.0828 5876  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
10:57:38.0875 5876  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:57:38.0937 5876  dac2w2k - ok
10:57:38.0953 5876  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:57:39.0046 5876  dac960nt - ok
10:57:39.0078 5876  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:57:39.0156 5876  DcomLaunch - ok
10:57:39.0187 5876  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:57:39.0265 5876  Dhcp - ok
10:57:39.0281 5876  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:57:39.0343 5876  Disk - ok
10:57:39.0406 5876  [ 0711D2E0F17B31E537B2770A618DA41F ] Diskeeper       C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
10:57:39.0421 5876  Diskeeper ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0421 5876  Diskeeper - detected UnsignedFile.Multi.Generic (1)
10:57:39.0468 5876  [ 35CBC02546335EA41A5D516DA6626C8A ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:57:39.0484 5876  DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0484 5876  DLABOIOM - detected UnsignedFile.Multi.Generic (1)
10:57:39.0484 5876  [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:57:39.0484 5876  DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0484 5876  DLACDBHM - detected UnsignedFile.Multi.Generic (1)
10:57:39.0546 5876  [ 2104649B0B79B9F30122C545CBA0C655 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
10:57:39.0546 5876  DLADResN ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0546 5876  DLADResN - detected UnsignedFile.Multi.Generic (1)
10:57:39.0562 5876  [ E4859CA5BD8412A9A60D62067A653522 ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:57:39.0562 5876  DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0562 5876  DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
10:57:39.0578 5876  [ 20C24A3D1CF0825487C93F806625805E ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:57:39.0578 5876  DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0578 5876  DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
10:57:39.0593 5876  [ 8A530DA5DC81954BCF1966813F699B49 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:57:39.0593 5876  DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0593 5876  DLAPoolM - detected UnsignedFile.Multi.Generic (1)
10:57:39.0593 5876  [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:57:39.0609 5876  DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0609 5876  DLARTL_N - detected UnsignedFile.Multi.Generic (1)
10:57:39.0625 5876  [ 7EDA68AF6A91BF64AF6F301E39928EBF ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:57:39.0640 5876  DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0640 5876  DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
10:57:39.0656 5876  [ A18423BBC6D92B01FDF3C51E7510EE70 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:57:39.0656 5876  DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
10:57:39.0656 5876  DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
10:57:39.0671 5876  dmadmin - ok
10:57:39.0703 5876  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:57:39.0796 5876  dmboot - ok
10:57:39.0828 5876  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:57:39.0890 5876  dmio - ok
10:57:39.0906 5876  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:57:39.0968 5876  dmload - ok
10:57:40.0000 5876  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:57:40.0062 5876  dmserver - ok
10:57:40.0093 5876  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:57:40.0171 5876  DMusic - ok
10:57:40.0218 5876  [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE             C:\WINDOWS\system32\DRIVERS\dne2000.sys
10:57:40.0218 5876  DNE - ok
10:57:40.0250 5876  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:57:40.0328 5876  Dnscache - ok
10:57:40.0359 5876  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:57:40.0437 5876  Dot3svc - ok
10:57:40.0453 5876  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:57:40.0531 5876  dpti2o - ok
10:57:40.0546 5876  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:57:40.0609 5876  drmkaud - ok
10:57:40.0625 5876  [ 48C7008D23DCFCE0D0232F49307EFCED ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:57:40.0640 5876  DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
10:57:40.0640 5876  DRVMCDB - detected UnsignedFile.Multi.Generic (1)
10:57:40.0656 5876  [ 05467E44A42C777DD1534BB4539B16D1 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:57:40.0656 5876  DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
10:57:40.0656 5876  DRVNDDM - detected UnsignedFile.Multi.Generic (1)
10:57:40.0687 5876  [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:57:40.0750 5876  E100B - ok
10:57:40.0796 5876  [ E1E31CB759CED9BAE730B86171B9C9FD ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
10:57:40.0796 5876  e1express - ok
10:57:40.0812 5876  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:57:40.0906 5876  EapHost - ok
10:57:40.0937 5876  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:57:41.0015 5876  ERSvc - ok
10:57:41.0046 5876  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
10:57:41.0078 5876  Eventlog - ok
10:57:41.0109 5876  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
10:57:41.0187 5876  EventSystem - ok
10:57:41.0312 5876  [ 695E398E5858C10813E54FAFC933514F ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
10:57:41.0484 5876  EvtEng ( UnsignedFile.Multi.Generic ) - warning
10:57:41.0484 5876  EvtEng - detected UnsignedFile.Multi.Generic (1)
10:57:41.0546 5876  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:57:41.0625 5876  Fastfat - ok
10:57:41.0640 5876  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:57:41.0703 5876  FastUserSwitchingCompatibility - ok
10:57:41.0718 5876  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:57:41.0796 5876  Fdc - ok
10:57:41.0812 5876  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:57:41.0890 5876  Fips - ok
10:57:41.0890 5876  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:57:41.0968 5876  Flpydisk - ok
10:57:41.0984 5876  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:57:42.0062 5876  FltMgr - ok
10:57:42.0125 5876  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:57:42.0125 5876  FontCache3.0.0.0 - ok
10:57:42.0156 5876  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:57:42.0234 5876  Fs_Rec - ok
10:57:42.0250 5876  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:57:42.0312 5876  Ftdisk - ok
10:57:42.0343 5876  [ 33D00F8CB70AC5F7A8101F79D5273615 ] G400            C:\WINDOWS\system32\DRIVERS\G400m.sys
10:57:42.0406 5876  G400 - ok
10:57:42.0453 5876  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:57:42.0515 5876  Gpc - ok
10:57:42.0578 5876  [ 626A24ED1228580B9518C01930936DF9 ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
10:57:42.0593 5876  gupdate - ok
10:57:42.0593 5876  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
10:57:42.0609 5876  gupdatem - ok
10:57:42.0640 5876  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
10:57:42.0656 5876  gusvc - ok
10:57:42.0671 5876  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:57:42.0750 5876  HDAudBus - ok
10:57:42.0828 5876  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:57:42.0906 5876  helpsvc - ok
10:57:42.0953 5876  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:57:43.0031 5876  HidServ - ok
10:57:43.0062 5876  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:57:43.0140 5876  HidUsb - ok
10:57:43.0171 5876  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:57:43.0234 5876  hkmsvc - ok
10:57:43.0265 5876  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
10:57:43.0328 5876  hpn - ok
10:57:43.0375 5876  [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:57:43.0421 5876  HSFHWAZL - ok
10:57:43.0453 5876  [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:57:43.0546 5876  HSF_DPV - ok
10:57:43.0609 5876  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:57:43.0671 5876  HTTP - ok
10:57:43.0718 5876  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:57:43.0796 5876  HTTPFilter - ok
10:57:43.0828 5876  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
10:57:43.0906 5876  i2omgmt - ok
10:57:43.0921 5876  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:57:44.0000 5876  i2omp - ok
10:57:44.0015 5876  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:57:44.0078 5876  i8042prt - ok
10:57:44.0109 5876  [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:57:44.0125 5876  iaStor - ok
10:57:44.0156 5876  [ BF648877413F6160E480814A24942B65 ] IBMPMDRV        C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
10:57:44.0156 5876  IBMPMDRV - ok
10:57:44.0171 5876  [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC        C:\WINDOWS\system32\ibmpmsvc.exe
10:57:44.0187 5876  IBMPMSVC - ok
10:57:44.0187 5876  [ 083D095FED4B01FFF9D501B98D50DB68 ] IBMTPCHK        C:\WINDOWS\system32\Drivers\IBMBLDID.sys
10:57:44.0187 5876  IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
10:57:44.0187 5876  IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
10:57:44.0265 5876  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:57:44.0265 5876  IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:57:44.0265 5876  IDriverT - detected UnsignedFile.Multi.Generic (1)
10:57:44.0328 5876  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:57:44.0375 5876  idsvc - ok
10:57:44.0375 5876  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:57:44.0453 5876  Imapi - ok
10:57:44.0484 5876  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:57:44.0562 5876  ImapiService - ok
10:57:44.0609 5876  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:57:44.0671 5876  ini910u - ok
10:57:44.0718 5876  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:57:44.0796 5876  IntelIde - ok
10:57:44.0812 5876  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:57:44.0875 5876  intelppm - ok
10:57:44.0890 5876  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:57:44.0968 5876  Ip6Fw - ok
10:57:44.0968 5876  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:57:45.0046 5876  IpFilterDriver - ok
10:57:45.0062 5876  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:57:45.0125 5876  IpInIp - ok
10:57:45.0140 5876  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:57:45.0203 5876  IpNat - ok
10:57:45.0218 5876  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:57:45.0296 5876  IPSec - ok
10:57:45.0328 5876  [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC          C:\WINDOWS\system32\IPSSVC.EXE
10:57:45.0343 5876  IPSSVC - ok
10:57:45.0359 5876  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:57:45.0406 5876  IRENUM - ok
10:57:45.0421 5876  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:57:45.0484 5876  isapnp - ok
10:57:45.0531 5876  [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi         C:\WINDOWS\system32\drivers\iviaspi.sys
10:57:45.0531 5876  Iviaspi ( UnsignedFile.Multi.Generic ) - warning
10:57:45.0531 5876  Iviaspi - detected UnsignedFile.Multi.Generic (1)
10:57:45.0578 5876  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
10:57:45.0578 5876  IviRegMgr - ok
10:57:45.0609 5876  [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
10:57:45.0640 5876  JavaQuickStarterService - ok
10:57:45.0671 5876  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:57:45.0796 5876  Kbdclass - ok
10:57:45.0843 5876  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:57:45.0937 5876  kbdhid - ok
10:57:45.0984 5876  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:57:46.0062 5876  kmixer - ok
10:57:46.0093 5876  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:57:46.0187 5876  KSecDD - ok
10:57:46.0218 5876  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:57:46.0265 5876  lanmanserver - ok
10:57:46.0296 5876  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:57:46.0343 5876  lanmanworkstation - ok
10:57:46.0343 5876  lbrtfdc - ok
10:57:46.0453 5876  [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:57:46.0578 5876  LiveUpdate - ok
10:57:46.0671 5876  LiveUpdate Notice Ex - ok
10:57:46.0718 5876  [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
10:57:46.0750 5876  LiveUpdate Notice Service - ok
10:57:46.0781 5876  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:57:46.0859 5876  LmHosts - ok
10:57:46.0890 5876  [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
10:57:46.0890 5876  LVPr2Mon - ok
10:57:46.0937 5876  [ 2333057542C91AE8228BDCCC2E5F2632 ] LVPrcSrv        C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
10:57:46.0953 5876  LVPrcSrv - ok
10:57:46.0984 5876  [ A1857FBB9B4930EEB2FD92386C45C529 ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
10:57:47.0000 5876  LVRS - ok
10:57:47.0109 5876  [ 3703406AF0726BADD24C5E552493E5B1 ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
10:57:47.0281 5876  LVUVC - ok
10:57:47.0359 5876  [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
10:57:47.0375 5876  mbamchameleon - ok
10:57:47.0390 5876  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:57:47.0406 5876  mdmxsdk - ok
10:57:47.0437 5876  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:57:47.0500 5876  Messenger - ok
10:57:47.0531 5876  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:57:47.0609 5876  mnmdd - ok
10:57:47.0640 5876  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:57:47.0703 5876  mnmsrvc - ok
10:57:47.0750 5876  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:57:47.0828 5876  Modem - ok
10:57:47.0843 5876  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:57:47.0921 5876  Mouclass - ok
10:57:47.0953 5876  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:57:48.0015 5876  mouhid - ok
10:57:48.0031 5876  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:57:48.0109 5876  MountMgr - ok
10:57:48.0156 5876  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:57:48.0218 5876  MozillaMaintenance - ok
10:57:48.0234 5876  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:57:48.0312 5876  mraid35x - ok
10:57:48.0328 5876  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:57:48.0437 5876  MRxDAV - ok
10:57:48.0468 5876  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:57:48.0515 5876  MRxSmb - ok
10:57:48.0562 5876  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:57:48.0640 5876  MSDTC - ok
10:57:48.0640 5876  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:57:48.0718 5876  Msfs - ok
10:57:48.0718 5876  MSIServer - ok
10:57:48.0750 5876  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:57:48.0812 5876  MSKSSRV - ok
10:57:48.0843 5876  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:57:48.0906 5876  MSPCLOCK - ok
10:57:48.0921 5876  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:57:49.0000 5876  MSPQM - ok
10:57:49.0015 5876  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:57:49.0078 5876  mssmbios - ok
10:57:49.0093 5876  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:57:49.0187 5876  MSTEE - ok
10:57:49.0203 5876  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:57:49.0234 5876  Mup - ok
10:57:49.0281 5876  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:57:49.0343 5876  NABTSFEC - ok
10:57:49.0375 5876  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:57:49.0437 5876  napagent - ok
10:57:49.0468 5876  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:57:49.0546 5876  NDIS - ok
10:57:49.0562 5876  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:57:49.0625 5876  NdisIP - ok
10:57:49.0656 5876  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:57:49.0718 5876  NdisTapi - ok
10:57:49.0765 5876  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:57:49.0828 5876  Ndisuio - ok
10:57:49.0859 5876  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:57:49.0937 5876  NdisWan - ok
10:57:49.0953 5876  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:57:49.0968 5876  NDProxy - ok
10:57:49.0984 5876  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:57:50.0062 5876  NetBIOS - ok
10:57:50.0078 5876  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:57:50.0156 5876  NetBT - ok
10:57:50.0187 5876  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:57:50.0265 5876  NetDDE - ok
10:57:50.0281 5876  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:57:50.0343 5876  NetDDEdsdm - ok
10:57:50.0359 5876  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:57:50.0421 5876  Netlogon - ok
10:57:50.0484 5876  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
10:57:50.0578 5876  Netman - ok
10:57:50.0640 5876  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:57:50.0671 5876  NetTcpPortSharing - ok
10:57:51.0093 5876  [ 18B2D3E11ED7A3C898ADE6A6692B6929 ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
10:57:51.0359 5876  NETw4x32 - ok
10:57:51.0375 5876  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:57:51.0468 5876  NIC1394 - ok
10:57:51.0546 5876  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:57:51.0609 5876  Nla - ok
10:57:51.0671 5876  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:57:51.0765 5876  Npfs - ok
10:57:51.0796 5876  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:57:51.0906 5876  Ntfs - ok
10:57:51.0921 5876  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:57:51.0984 5876  NtLmSsp - ok
10:57:52.0062 5876  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:57:52.0140 5876  NtmsSvc - ok
10:57:52.0171 5876  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:57:52.0234 5876  Null - ok
10:57:52.0593 5876  [ BE701381B9C277A2BB84B0AA1E9B6789 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:57:53.0015 5876  nv - ok
10:57:53.0062 5876  [ D7E81AD6AC3DA127005C30A8D73B35FA ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
10:57:53.0125 5876  NVSvc - ok
10:57:53.0156 5876  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:57:53.0234 5876  NwlnkFlt - ok
10:57:53.0250 5876  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:57:53.0328 5876  NwlnkFwd - ok
10:57:53.0406 5876  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
10:57:53.0421 5876  odserv - ok
10:57:53.0437 5876  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:57:53.0515 5876  ohci1394 - ok
10:57:53.0562 5876  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:57:53.0562 5876  ose - ok
10:57:53.0609 5876  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:57:53.0671 5876  Parport - ok
10:57:53.0687 5876  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:57:53.0750 5876  PartMgr - ok
10:57:53.0781 5876  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:57:53.0843 5876  ParVdm - ok
10:57:53.0859 5876  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:57:53.0937 5876  PCI - ok
10:57:53.0937 5876  PCIDump - ok
10:57:53.0937 5876  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:57:54.0015 5876  PCIIde - ok
10:57:54.0015 5876  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:57:54.0093 5876  Pcmcia - ok
10:57:54.0093 5876  PDCOMP - ok
10:57:54.0109 5876  PDFRAME - ok
10:57:54.0109 5876  PDRELI - ok
10:57:54.0109 5876  PDRFRAME - ok
10:57:54.0125 5876  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
10:57:54.0187 5876  perc2 - ok
10:57:54.0203 5876  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:57:54.0265 5876  perc2hib - ok
10:57:54.0281 5876  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
10:57:54.0296 5876  PlugPlay - ok
10:57:54.0328 5876  [ DEDEF40E1D05842639491365CB2C069E ] pmem            C:\WINDOWS\System32\drivers\pmemnt.sys
10:57:54.0328 5876  pmem ( UnsignedFile.Multi.Generic ) - warning
10:57:54.0328 5876  pmem - detected UnsignedFile.Multi.Generic (1)
10:57:54.0343 5876  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:57:54.0406 5876  PolicyAgent - ok
10:57:54.0421 5876  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:57:54.0500 5876  PptpMiniport - ok
10:57:54.0515 5876  [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD          C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
10:57:54.0515 5876  PROCDD - ok
10:57:54.0531 5876  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
10:57:54.0593 5876  Processor - ok
10:57:54.0593 5876  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:57:54.0656 5876  ProtectedStorage - ok
10:57:54.0671 5876  [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd           C:\WINDOWS\system32\DRIVERS\psadd.sys
10:57:54.0703 5876  psadd - ok
10:57:54.0703 5876  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:57:54.0781 5876  PSched - ok
10:57:54.0812 5876  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:57:54.0875 5876  Ptilink - ok
10:57:54.0890 5876  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:57:54.0906 5876  PxHelp20 - ok
10:57:54.0921 5876  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:57:55.0000 5876  ql1080 - ok
10:57:55.0015 5876  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:57:55.0078 5876  Ql10wnt - ok
10:57:55.0093 5876  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:57:55.0156 5876  ql12160 - ok
10:57:55.0171 5876  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:57:55.0234 5876  ql1240 - ok
10:57:55.0250 5876  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:57:55.0312 5876  ql1280 - ok
10:57:55.0312 5876  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:57:55.0421 5876  RasAcd - ok
10:57:55.0453 5876  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:57:55.0546 5876  RasAuto - ok
10:57:55.0562 5876  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:57:55.0625 5876  Rasl2tp - ok
10:57:55.0671 5876  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:57:55.0734 5876  RasMan - ok
10:57:55.0750 5876  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:57:55.0812 5876  RasPppoe - ok
10:57:55.0828 5876  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:57:55.0921 5876  Raspti - ok
10:57:55.0937 5876  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:57:56.0015 5876  Rdbss - ok
10:57:56.0031 5876  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:57:56.0109 5876  RDPCDD - ok
10:57:56.0125 5876  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:57:56.0203 5876  rdpdr - ok
10:57:56.0234 5876  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:57:56.0328 5876  RDPWD - ok
10:57:56.0343 5876  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:57:56.0421 5876  RDSessMgr - ok
10:57:56.0437 5876  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:57:56.0500 5876  redbook - ok
10:57:56.0546 5876  [ B3611F5CC7052FE52998984A4361880F ] RegSrvc         C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
10:57:56.0546 5876  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
10:57:56.0546 5876  RegSrvc - detected UnsignedFile.Multi.Generic (1)
10:57:56.0578 5876  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:57:56.0640 5876  RemoteAccess - ok
10:57:56.0671 5876  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:57:56.0734 5876  RemoteRegistry - ok
10:57:56.0781 5876  [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt         C:\WINDOWS\system32\DRIVERS\revoflt.sys
10:57:56.0796 5876  Revoflt - ok
10:57:56.0828 5876  [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:57:56.0859 5876  rimmptsk - ok
10:57:56.0875 5876  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:57:56.0937 5876  rimsptsk - ok
10:57:56.0937 5876  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
10:57:56.0953 5876  rismxdp - ok
10:57:56.0968 5876  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:57:57.0031 5876  RpcLocator - ok
10:57:57.0062 5876  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:57:57.0093 5876  RpcSs - ok
10:57:57.0125 5876  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:57:57.0218 5876  RSVP - ok
10:57:57.0265 5876  [ 2FD3B284ADE57CFAA70A6A9753E50572 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
10:57:57.0312 5876  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
10:57:57.0312 5876  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
10:57:57.0328 5876  [ 2220783B32A9F91DF87F3E8315F091E7 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:57:57.0343 5876  s24trans ( UnsignedFile.Multi.Generic ) - warning
10:57:57.0343 5876  s24trans - detected UnsignedFile.Multi.Generic (1)
10:57:57.0343 5876  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:57:57.0406 5876  SamSs - ok
10:57:57.0421 5876  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:57:57.0484 5876  SCardSvr - ok
10:57:57.0562 5876  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:57:57.0671 5876  Schedule - ok
10:57:57.0718 5876  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:57:57.0828 5876  sdbus - ok
10:57:57.0843 5876  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:57:57.0875 5876  Secdrv - ok
10:57:57.0890 5876  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:57:57.0968 5876  seclogon - ok
10:57:57.0984 5876  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
10:57:58.0046 5876  SENS - ok
10:57:58.0062 5876  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:57:58.0156 5876  serenum - ok
10:57:58.0171 5876  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:57:58.0234 5876  Serial - ok
10:57:58.0250 5876  [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
10:57:58.0312 5876  sffdisk - ok
10:57:58.0328 5876  [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
10:57:58.0390 5876  sffp_sd - ok
10:57:58.0406 5876  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:57:58.0468 5876  Sfloppy - ok
10:57:58.0500 5876  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:57:58.0578 5876  SharedAccess - ok
10:57:58.0609 5876  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:57:58.0609 5876  ShellHWDetection - ok
10:57:58.0656 5876  [ A3AEE791DB8C73882F4503BFAACD8C9E ] Shockprf        C:\WINDOWS\system32\DRIVERS\Apsx86.sys
10:57:58.0656 5876  Shockprf - ok
10:57:58.0656 5876  Simbad - ok
10:57:58.0703 5876  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:57:58.0781 5876  sisagp - ok
10:57:58.0828 5876  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:57:58.0890 5876  SLIP - ok
10:57:58.0921 5876  [ 350483C5A139F8A39ED3191AFF39BED0 ] smihlp          C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
10:57:58.0968 5876  smihlp - ok
10:57:59.0000 5876  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:57:59.0046 5876  Sparrow - ok
10:57:59.0078 5876  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:57:59.0140 5876  splitter - ok
10:57:59.0187 5876  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:57:59.0203 5876  Spooler - ok
10:57:59.0250 5876  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
10:57:59.0250 5876  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
10:57:59.0250 5876  sptd ( LockedFile.Multi.Generic ) - warning
10:57:59.0250 5876  sptd - detected LockedFile.Multi.Generic (1)
10:57:59.0296 5876  [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter       c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:57:59.0296 5876  SQLWriter - ok
10:57:59.0312 5876  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:57:59.0343 5876  sr - ok
10:57:59.0375 5876  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:57:59.0421 5876  srservice - ok
10:57:59.0437 5876  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:57:59.0484 5876  Srv - ok
10:57:59.0500 5876  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:57:59.0546 5876  SSDPSRV - ok
10:57:59.0578 5876  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:57:59.0578 5876  ssmdrv - ok
10:57:59.0625 5876  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:57:59.0703 5876  stisvc - ok
10:57:59.0750 5876  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:57:59.0828 5876  streamip - ok
10:57:59.0984 5876  [ 21BF43C19FE17F2B4319D1859B3694A4 ] SUService       c:\programme\lenovo\system update\suservice.exe
10:58:00.0015 5876  SUService ( UnsignedFile.Multi.Generic ) - warning
10:58:00.0015 5876  SUService - detected UnsignedFile.Multi.Generic (1)
10:58:00.0078 5876  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:58:00.0156 5876  swenum - ok
10:58:00.0171 5876  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:58:00.0250 5876  swmidi - ok
10:58:00.0250 5876  SwPrv - ok
10:58:00.0281 5876  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
10:58:00.0343 5876  symc810 - ok
10:58:00.0359 5876  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:58:00.0437 5876  symc8xx - ok
10:58:00.0453 5876  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:58:00.0515 5876  sym_hi - ok
10:58:00.0531 5876  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:58:00.0593 5876  sym_u3 - ok
10:58:00.0625 5876  [ B248B5FE80B285B91CB1E6F85B0AE1D7 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:58:00.0671 5876  SynTP - ok
10:58:00.0687 5876  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:58:00.0750 5876  sysaudio - ok
10:58:00.0781 5876  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:58:00.0843 5876  SysmonLog - ok
10:58:00.0875 5876  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:58:00.0953 5876  TapiSrv - ok
10:58:00.0984 5876  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:58:01.0015 5876  Tcpip - ok
10:58:01.0031 5876  [ 109D1F5CD9CC370A87901DB3DDD533F1 ] TcUsb           C:\WINDOWS\system32\Drivers\tcusb.sys
10:58:01.0046 5876  TcUsb - ok
10:58:01.0078 5876  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:58:01.0140 5876  TDPIPE - ok
10:58:01.0156 5876  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:58:01.0218 5876  TDTCP - ok
10:58:01.0218 5876  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:58:01.0296 5876  TermDD - ok
10:58:01.0328 5876  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:58:01.0406 5876  TermService - ok
10:58:01.0406 5876  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:58:01.0421 5876  Themes - ok
10:58:01.0484 5876  [ D04402CD654AF1058AD9A82B73AD67C8 ] ThinkVantage Registry Monitor Service C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
10:58:01.0515 5876  ThinkVantage Registry Monitor Service - ok
10:58:01.0546 5876  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
10:58:01.0609 5876  TlntSvr - ok
10:58:01.0625 5876  [ D213A9247DC347F305A2D4CC9B951487 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
10:58:01.0687 5876  TosIde - ok
10:58:01.0718 5876  [ 639BA7B37F25054CF5E82604E736D250 ] TPDIGIMN        C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
10:58:01.0734 5876  TPDIGIMN - ok
10:58:01.0750 5876  [ 3663C0F611711DAC453636AF562F0831 ] TPHDEXLGSVC     C:\WINDOWS\system32\TPHDEXLG.exe
10:58:01.0765 5876  TPHDEXLGSVC - ok
10:58:01.0812 5876  [ 542770C8925E13B29B1BA63F05898058 ] TPHKDRV         C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
10:58:01.0843 5876  TPHKDRV - ok
10:58:01.0875 5876  [ 44672DE6CEA9569C21C4B7A8D2560750 ] TPPWRIF         C:\WINDOWS\system32\drivers\Tppwrif.sys
10:58:01.0906 5876  TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
10:58:01.0906 5876  TPPWRIF - detected UnsignedFile.Multi.Generic (1)
10:58:01.0937 5876  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:58:02.0015 5876  TrkWks - ok
10:58:02.0031 5876  [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP         C:\WINDOWS\system32\drivers\TSMAPIP.SYS
10:58:02.0046 5876  TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
10:58:02.0046 5876  TSMAPIP - detected UnsignedFile.Multi.Generic (1)
10:58:02.0203 5876  [ 44D5BE1651390476C5EDB3B5DF28DE30 ] TSSCoreService  C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
10:58:02.0312 5876  TSSCoreService - ok
10:58:02.0359 5876  [ C8DA890DF821DBE5CD5B9A10C6C82D51 ] TVT Backup Protection Service C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
10:58:02.0390 5876  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
10:58:02.0390 5876  TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
10:58:02.0437 5876  [ 951675971BB6DE44284CCE95F33F7421 ] TVT Backup Service C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
10:58:02.0468 5876  TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
10:58:02.0468 5876  TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
10:58:02.0531 5876  [ 38A974E3D0D0C09317AF364C8359A6E4 ] TVT Scheduler   c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
10:58:02.0562 5876  TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
10:58:02.0562 5876  TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
10:58:02.0609 5876  [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter       C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
10:58:02.0640 5876  tvtfilter - ok
10:58:02.0703 5876  [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C          C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
10:58:02.0718 5876  TVTI2C - ok
10:58:02.0750 5876  [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk        C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
10:58:02.0765 5876  tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
10:58:02.0765 5876  tvtnetwk - detected UnsignedFile.Multi.Generic (1)
10:58:02.0781 5876  TVTPktFilter - ok
10:58:02.0781 5876  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:58:02.0859 5876  Udfs - ok
10:58:02.0859 5876  UIUSys - ok
10:58:02.0906 5876  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
10:58:02.0937 5876  ultra - ok
10:58:02.0984 5876  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
10:58:03.0015 5876  UMWdf - ok
10:58:03.0046 5876  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:58:03.0125 5876  Update - ok
10:58:03.0171 5876  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:58:03.0218 5876  upnphost - ok
10:58:03.0218 5876  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
10:58:03.0296 5876  UPS - ok
10:58:03.0328 5876  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
10:58:03.0390 5876  usbaudio - ok
10:58:03.0406 5876  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:58:03.0468 5876  usbccgp - ok
10:58:03.0484 5876  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:58:03.0546 5876  usbehci - ok
10:58:03.0578 5876  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:58:03.0656 5876  usbhub - ok
10:58:03.0687 5876  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:58:03.0750 5876  usbprint - ok
10:58:03.0781 5876  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:58:03.0843 5876  usbscan - ok
10:58:03.0859 5876  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:58:03.0937 5876  USBSTOR - ok
10:58:03.0937 5876  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:58:04.0015 5876  usbuhci - ok
10:58:04.0015 5876  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
10:58:04.0093 5876  usbvideo - ok
10:58:04.0093 5876  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:58:04.0156 5876  VgaSave - ok
10:58:04.0171 5876  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:58:04.0250 5876  viaagp - ok
10:58:04.0265 5876  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
10:58:04.0328 5876  ViaIde - ok
10:58:04.0375 5876  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:58:04.0468 5876  VolSnap - ok
10:58:04.0546 5876  [ 27B3DD12A19EEC50220DF15B64913DDA ] vsdatant        C:\WINDOWS\system32\vsdatant.sys
10:58:04.0562 5876  vsdatant - ok
10:58:04.0593 5876  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:58:04.0640 5876  VSS - ok
10:58:04.0656 5876  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:58:04.0734 5876  W32Time - ok
10:58:04.0750 5876  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:58:04.0812 5876  Wanarp - ok
10:58:04.0812 5876  WDICA - ok
10:58:04.0859 5876  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:58:04.0921 5876  wdmaud - ok
10:58:04.0937 5876  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:58:05.0015 5876  WebClient - ok
10:58:05.0046 5876  [ 307D248F97835B6879BDD361086924FE ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:58:05.0078 5876  winachsf - ok
10:58:05.0140 5876  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:58:05.0218 5876  winmgmt - ok
10:58:05.0281 5876  [ F2E9FCB970D02E1647E185DA1D2E3CA9 ] WMConnectCDS    C:\Programme\Windows Media Connect 2\wmccds.exe
10:58:05.0328 5876  WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
10:58:05.0328 5876  WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
10:58:05.0359 5876  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:58:05.0375 5876  WmdmPmSN - ok
10:58:05.0437 5876  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
10:58:05.0468 5876  Wmi - ok
10:58:05.0500 5876  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:58:05.0562 5876  WmiAcpi - ok
10:58:05.0609 5876  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:58:05.0687 5876  WmiApSrv - ok
10:58:05.0718 5876  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:58:05.0781 5876  wscsvc - ok
10:58:05.0828 5876  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:58:05.0890 5876  WSTCODEC - ok
10:58:05.0921 5876  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:58:05.0984 5876  wuauserv - ok
10:58:06.0031 5876  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:58:06.0109 5876  WZCSVC - ok
10:58:06.0125 5876  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:58:06.0203 5876  xmlprov - ok
10:58:06.0218 5876  ================ Scan global ===============================
10:58:06.0250 5876  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
10:58:06.0281 5876  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:58:06.0296 5876  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:58:06.0312 5876  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
10:58:06.0328 5876  [Global] - ok
10:58:06.0328 5876  ================ Scan MBR ==================================
10:58:06.0328 5876  [ 13673366CACAF0CAD108225F01B5C98B ] \Device\Harddisk0\DR0
10:58:06.0843 5876  \Device\Harddisk0\DR0 - ok
10:58:06.0843 5876  ================ Scan VBR ==================================
10:58:06.0843 5876  [ DABDBB29DE5AA776C0A5499D45CF5DDB ] \Device\Harddisk0\DR0\Partition1
10:58:06.0843 5876  \Device\Harddisk0\DR0\Partition1 - ok
10:58:06.0843 5876  ============================================================
10:58:06.0843 5876  Scan finished
10:58:06.0843 5876  ============================================================
10:58:06.0984 6084  Detected object count: 34
10:58:06.0984 6084  Actual detected object count: 34
10:58:44.0687 6084  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0687 6084  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0687 6084  AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0687 6084  AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0687 6084  ANC ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0687 6084  ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0687 6084  btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0687 6084  btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0687 6084  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0687 6084  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0687 6084  Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0687 6084  Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0687 6084  DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0687 6084  DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0687 6084  DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0687 6084  DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0703 6084  Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0703 6084  Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  pmem ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  sptd ( LockedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0718 6084  TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0718 6084  TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0734 6084  tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0734 6084  tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:58:44.0734 6084  WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:44.0734 6084  WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:59:30.0062 0584  Deinitialize success


Alt 24.01.2013, 11:14   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> GVU-Trojaner nach Systemwiederherstellung entfernt?

Alt 24.01.2013, 11:45   #22
mtmtmt
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


ComboFix hat den Computer neugestartet, aber dann die Logdatei ausgespuckt

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-23.01 - **** 24.01.2013  11:28:11.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2030.984 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\****\WINDOWS
C:\install.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\IsUn0407.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-24 bis 2013-01-24  ))))))))))))))))))))))))))))))
.
.
2013-01-23 08:38 . 2013-01-23 08:38	35144	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-01-22 13:41 . 2013-01-22 13:41	--------	d-----w-	c:\dokumente und einstellungen\****\Anwendungsdaten\Malwarebytes
2013-01-22 13:41 . 2013-01-22 13:41	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-01-21 22:22 . 2013-01-21 22:22	--------	d-----w-	c:\programme\7-Zip
2013-01-21 19:58 . 2013-01-21 19:58	--------	d-----w-	c:\dokumente und einstellungen\****\Anwendungsdaten\Avira
2013-01-21 19:55 . 2012-11-27 09:01	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-01-21 19:55 . 2012-11-22 14:51	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-01-21 19:55 . 2012-11-22 14:50	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-01-21 19:55 . 2013-01-21 19:55	--------	d-----w-	c:\programme\Avira
2013-01-21 19:55 . 2013-01-21 19:55	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2013-01-21 18:45 . 2013-01-21 18:45	--------	d-----w-	c:\windows\system32\wbem\Repository
2013-01-21 18:11 . 2013-01-21 18:11	3027	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
2013-01-14 22:21 . 2013-01-14 23:32	--------	d-----w-	c:\programme\TygemGlobal
2013-01-08 22:42 . 2013-01-08 22:42	--------	d-----w-	c:\programme\JagoClient
2013-01-08 00:24 . 2013-01-08 00:49	--------	d-----w-	c:\dokumente und einstellungen\****\Anwendungsdaten\GoPanda
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2006-01-27 01:00	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-14 00:10 . 2012-04-02 21:02	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-14 00:10 . 2011-05-16 17:23	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2006-01-27 01:00	1866496	------w-	c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2007-05-15 13:43	1371648	------w-	c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2006-01-27 01:00	375296	------w-	c:\windows\system32\dpnet.dll
2012-11-01 03:28 . 2006-01-27 01:01	832512	----a-w-	c:\windows\system32\wininet.dll
2012-11-01 03:28 . 2006-01-27 01:01	1830912	------w-	c:\windows\system32\inetcpl.cpl
2012-11-01 03:28 . 2006-01-27 01:01	78336	------w-	c:\windows\system32\ieencode.dll
2012-11-01 03:28 . 2006-01-27 01:00	17408	------w-	c:\windows\system32\corpol.dll
2013-01-21 19:55 . 2013-01-21 19:55	262552	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2007-04-03 . 2218E3FD674DC284CE98C807086CAB14 . 96384 . . [5.1.2600.3112] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[7] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[7] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[7] 2004-08-04 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-05-02 . BC84C4F67D0E880B0C46DC0CE2B8CBAA . 182656 . . [5.1.2600.2899] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[7] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[7] 2012-07-06 . B71549F23736ADF83A571061C47777FD . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[7] 2012-07-06 . B71549F23736ADF83A571061C47777FD . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[7] 2012-07-06 . B2CC8D85D27BF10C5FAF5B98C335978E . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[7] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[7] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2004-08-04 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[7] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-04 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[7] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[7] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[7] 2004-08-04 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[7] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[7] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2004-08-04 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[7] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[7] 2004-08-04 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[7] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[7] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . DBA9F9C00A7A2B45EB8E451C2B6D10E9 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-07-26 . 891E3E4537C6DFCAE475073FC49CE9CB . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[7] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[7] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2005-04-01 . B0B3908F5432F9DBBCD83CA4C33F0D82 . 507904 . . [5.1.2600.2645] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\system32\wuauclt.exe
[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-04-14 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
.
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[7] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[7] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 2B6ADE29F8D00EEFA5FA2250CBE094AD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-08-25 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . F64451D07B9368B46AB31172D56D1804 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[7] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[7] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2004-08-04 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[7] 2008-07-07 20:30 . D68ED3908C7A0DB446111D34AC40DC18 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[7] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[7] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[7] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-07-07 20:16 . 3912BEF896D1D687B6053409E5F5F2A6 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:29 . 0D0F85237E32538F58278D673032676A . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2005-07-26 03:39 . BEBC63622BDC30053A3145EBD90AF450 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[7] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2004-08-04 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[7] 2012-10-03 . 8214D49147FBB2CD5CF896CBE021D339 . 1063936 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[7] 2012-10-03 . 8214D49147FBB2CD5CF896CBE021D339 . 1063936 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2012-10-03 . A9D5CAF09ABD70F1CA28891ECED7B9E4 . 1065472 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[7] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2758857$\kernel32.dll
[7] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2006-07-05 . 0BEFE0BF274818EC0785B7B842967313 . 1058816 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . E42795D2E7725D378EE2A4BFA6FE9DB3 . 1057792 . . [5.1.2600.2945] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[7] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[7] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . F2AFE60F01040B23207D8EB7DC26EC96 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[7] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[7] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2004-08-04 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2013-01-11 . A27F256909600DFF4EF9C9ADDE25E59C . 3619328 . . [7.00.6000.17117] . . c:\windows\SoftwareDistribution\Download\550a2653daf8fccadaf3de6040b4ece1\sp3gdr\mshtml.dll
[7] 2013-01-11 . A27F256909600DFF4EF9C9ADDE25E59C . 3619328 . . [7.00.6000.17117] . . c:\windows\system32\mshtml.dll
[7] 2013-01-11 . A27F256909600DFF4EF9C9ADDE25E59C . 3619328 . . [7.00.6000.17117] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2013-01-11 . 8D824639DBA16CDB2651FCFBA355A939 . 3621376 . . [7.00.6000.21319] . . c:\windows\$hf_mig$\KB2799329-IE7\SP3QFE\mshtml.dll
[7] 2013-01-11 . 8D824639DBA16CDB2651FCFBA355A939 . 3621376 . . [7.00.6000.21319] . . c:\windows\SoftwareDistribution\Download\550a2653daf8fccadaf3de6040b4ece1\sp3qfe\mshtml.dll
[7] 2012-11-14 . 207FE9D87874A224EC7FBF686046506D . 3618816 . . [7.00.6000.17116] . . c:\windows\ie7updates\KB2799329-IE7\mshtml.dll
[7] 2012-11-14 . E7DD77C6369EDA30121CD36AF7C4142C . 3620864 . . [7.00.6000.21318] . . c:\windows\$hf_mig$\KB2761465-IE7\SP3QFE\mshtml.dll
[7] 2012-08-27 . 68B87B4623DE8ECA2E79500EBF22AFCE . 3618816 . . [7.00.6000.17114] . . c:\windows\ie7updates\KB2761465-IE7\mshtml.dll
[7] 2012-08-27 . 7F375AD6FFA234DFF1FDB553CC933E33 . 3620864 . . [7.00.6000.21316] . . c:\windows\$hf_mig$\KB2744842-IE7\SP3QFE\mshtml.dll
[7] 2012-07-03 . 0D8BC7FFBA2E93F278D795D451675152 . 3618816 . . [7.00.6000.17112] . . c:\windows\ie7updates\KB2744842-IE7\mshtml.dll
[7] 2012-07-03 . 18C6B7642C5C4D78DF00C05375CE7429 . 3620864 . . [7.00.6000.21314] . . c:\windows\$hf_mig$\KB2722913-IE7\SP3QFE\mshtml.dll
[7] 2012-04-23 . 65674C3F0F90BDD6636A39EDCCF5D5B6 . 3618816 . . [7.00.6000.17110] . . c:\windows\ie7updates\KB2722913-IE7\mshtml.dll
[7] 2012-04-23 . A56B9CF11527708705BBED3A835FE2CF . 3620864 . . [7.00.6000.21312] . . c:\windows\$hf_mig$\KB2699988-IE7\SP3QFE\mshtml.dll
[7] 2012-03-01 . D0FB9423F94B7C932A3E353863972FD5 . 3616768 . . [7.00.6000.17109] . . c:\windows\ie7updates\KB2699988-IE7\mshtml.dll
[7] 2012-03-01 . 3E1D28D159CED148726D2E7B6543DC5D . 3619328 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\mshtml.dll
[7] 2011-12-19 . 5F6D9147BB32636511E1D691A4BA64D9 . 3616768 . . [7.00.6000.17108] . . c:\windows\ie7updates\KB2675157-IE7\mshtml.dll
[7] 2011-12-19 . FF2F416EC804939371B2DF401C67A5FB . 3618816 . . [7.00.6000.21310] . . c:\windows\$hf_mig$\KB2647516-IE7\SP3QFE\mshtml.dll
[7] 2011-11-04 . A9748CCF8B735D3834F57F0B48A89078 . 3616256 . . [7.00.6000.17107] . . c:\windows\ie7updates\KB2647516-IE7\mshtml.dll
[7] 2011-11-04 . 429AEF742D0A4CD9C2F2C67A6AC2FB01 . 3618304 . . [7.00.6000.21309] . . c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\mshtml.dll
[7] 2011-09-05 . 949BEBED3B69B4577D3B1FDA24D7FB3E . 3615744 . . [7.00.6000.17104] . . c:\windows\ie7updates\KB2618444-IE7\mshtml.dll
[7] 2011-08-18 . 55C1F4E285A9A3776C060D82EBFCDEB0 . 3617792 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtml.dll
[7] 2011-07-22 . 4D5EA9CACBD06FA00B0EE0173F59156F . 3613696 . . [7.00.6000.17102] . . c:\windows\ie7updates\KB2586448-IE7\mshtml.dll
[7] 2011-07-22 . 11CD2E4815B15EEDE64CFDCDD494E8C0 . 3615744 . . [7.00.6000.21305] . . c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\mshtml.dll
[7] 2011-04-25 . E2F68B1B643A32B6D0C07386ECF8FC26 . 3608576 . . [7.00.6000.17098] . . c:\windows\ie7updates\KB2559049-IE7\mshtml.dll
[7] 2011-04-25 . F8F9909B85B18C8BD480E3A433C3ADA7 . 3610624 . . [7.00.6000.21300] . . c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\mshtml.dll
[7] 2011-02-17 . 7D09283AA1B4AAA7DEB8BB2504CBFB41 . 3609600 . . [7.00.6000.21299] . . c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\mshtml.dll
[7] 2011-02-17 . F151C3361111788527C625BF68541FF5 . 3607040 . . [7.00.6000.17097] . . c:\windows\ie7updates\KB2530548-IE7\mshtml.dll
[7] 2010-12-20 . 6BF883B318B70E8013ED5D2976DF5246 . 3609088 . . [7.00.6000.21297] . . c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\mshtml.dll
[7] 2010-12-20 . 104C6D442D68D15633E7866BA8FD6AD8 . 3606528 . . [7.00.6000.17095] . . c:\windows\ie7updates\KB2497640-IE7\mshtml.dll
[7] 2010-11-06 . DE049C4E531448E846E7C012763D530A . 3604480 . . [7.00.6000.17093] . . c:\windows\ie7updates\KB2482017-IE7\mshtml.dll
[7] 2010-11-06 . 76BFB01D6DE3AB3C2CA13470DEAB4B93 . 3607040 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mshtml.dll
[7] 2010-09-09 . BCEE4AF10B40BF085203AA164D8D8193 . 3601920 . . [7.00.6000.17092] . . c:\windows\ie7updates\KB2416400-IE7\mshtml.dll
[7] 2010-09-09 . A5261D5EFC95731992DC0640FCC49B6C . 3605504 . . [7.00.6000.21294] . . c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\mshtml.dll
[7] 2010-06-24 . 118F0D56684A6114713E5B6D6C842133 . 3603968 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mshtml.dll
[7] 2010-06-24 . E1ED02EE84A8E8B31A344FCB2D626791 . 3600896 . . [7.00.6000.17080] . . c:\windows\ie7updates\KB2360131-IE7\mshtml.dll
[7] 2010-05-04 . 56B556FFAC4A62C51D0DAF10F6B2B554 . 3600384 . . [7.00.6000.17063] . . c:\windows\ie7updates\KB2183461-IE7\mshtml.dll
[7] 2010-05-04 . C302A90ED9202465BA99EB4A6534FF54 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
[7] 2010-03-11 . 49980F3384CFAF1E349A8CABE1C52D1B . 3599872 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[7] 2010-03-11 . 933BE33EA6098E87FAF092741166A4E7 . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
[7] 2010-01-05 . EFA849C79A3EBBC028E5ABE1BFC0FA15 . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[7] 2010-01-05 . FB09490E1D218772550A8A5823826677 . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[7] 2009-10-29 . ECE8C5082CD8370BDAC3F6B7004A7A1A . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[7] 2009-10-29 . 41080B245B3931133878A2B20ED48C1B . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[7] 2009-10-21 . AFBD8339073CD05B2BBEB2089E2C9233 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[7] 2009-10-21 . 45F5209869362161862057955A323208 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[7] 2009-08-29 . 66746BD88F71770815E12E6C6CAEF3EA . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[7] 2009-08-29 . 3701C2F766865BEF9F5987E8AB95A6DA . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[7] 2009-07-19 . 7DB04886F1455D9057F54A51E5A7BB32 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[7] 2009-07-19 . B553564076B41EBEA822B968D7C71C47 . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[7] 2009-04-29 . A0236D46EFCEF98D6703DD5A76AA1CB2 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-04-29 . 6770B436928E450F5B4866BDC59549CC . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 77605BDA8141E1F7D3B1321E31CA482B . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-20 . EE15CE7504EB54258F361AD7595E9077 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-16 . A76EEDA793C9BFC0C1B8C5F3439D8A39 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2009-01-16 . B44AC6A49DA4A5BAA7AFEA0AA6E5B967 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . 6C8D1CF85533A3792DCDDAAE42DBB161 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . E0825D1BC0F0C2B5CA434F7E9CCF10AE . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . AB864B71DF01CC98EAE726DF4BAF73D2 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . C998B6D5E64E11CE8EA8BB22A51CA570 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . 4872C0DA25F551A3E869501833754494 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . 21B2247D24C8A61C12CD3BE8F3C30AC8 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2006-11-07 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2006-02-01 . E8526A66802AC6213762D97BD0FA334C . 3035648 . . [6.00.2900.2838] . . c:\windows\ie7\mshtml.dll
[-] 2005-11-24 . 8ABDBAE6032562F17DCF962847ABB811 . 3016192 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-11-23 . 03F9910F7958A36088B9D8CD262903AE . 3013632 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB905915$\mshtml.dll
.
[7] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[7] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[7] 2004-08-04 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-04 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[7] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[7] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[7] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2004-08-04 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[7] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2004-08-04 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[7] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[7] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2004-08-04 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[7] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[7] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2004-08-04 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[7] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[7] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . F07061E18613F336A3120229097F7635 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 427D7EB3B453347082C8F4B370065D60 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 3751D7CF0E0A113D84414992146BCE6A . 578560 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[7] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2004-08-04 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2012-11-01 . ADAB46DAE19EE454D91A41C248929DA4 . 832512 . . [7.00.6000.17115] . . c:\windows\system32\wininet.dll
[7] 2012-11-01 . ADAB46DAE19EE454D91A41C248929DA4 . 832512 . . [7.00.6000.17115] . . c:\windows\system32\dllcache\wininet.dll
[7] 2012-11-01 . B399579D34211DA96D8B103A78871FA2 . 841216 . . [7.00.6000.21317] . . c:\windows\$hf_mig$\KB2761465-IE7\SP3QFE\wininet.dll
[7] 2012-08-27 . B71E96F15F45D4B3DB4D1F1D7A7B4A0C . 832512 . . [7.00.6000.17114] . . c:\windows\ie7updates\KB2761465-IE7\wininet.dll
[7] 2012-08-27 . D2D46205700B3D71C8A93EF4B295757A . 841216 . . [7.00.6000.21316] . . c:\windows\$hf_mig$\KB2744842-IE7\SP3QFE\wininet.dll
[7] 2012-07-03 . 1C201ECB9209A04CDAA3CB95C1233EF6 . 832512 . . [7.00.6000.17112] . . c:\windows\ie7updates\KB2744842-IE7\wininet.dll
[7] 2012-07-03 . B790F7FA8470DB617B29D1A01C39E40E . 841216 . . [7.00.6000.21314] . . c:\windows\$hf_mig$\KB2722913-IE7\SP3QFE\wininet.dll
[7] 2012-05-15 . B2FB8A88EBFDA2AF550CFFC1F25517AB . 832512 . . [7.00.6000.17111] . . c:\windows\ie7updates\KB2722913-IE7\wininet.dll
[7] 2012-05-15 . E7EEB502B8C3057D96E1447BC851F565 . 841216 . . [7.00.6000.21313] . . c:\windows\$hf_mig$\KB2699988-IE7\SP3QFE\wininet.dll
[7] 2012-03-01 . E6F509D60102B0ED953055AD293AB1F8 . 832512 . . [7.00.6000.17109] . . c:\windows\ie7updates\KB2699988-IE7\wininet.dll
[7] 2012-03-01 . 4DA5AC13C9E635428FB690FA01107397 . 841216 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\wininet.dll
[7] 2011-12-19 . 9D117DA0C01D2AA20A5F75DF188E83C7 . 832512 . . [7.00.6000.17108] . . c:\windows\ie7updates\KB2675157-IE7\wininet.dll
[7] 2011-12-19 . D7C8B47B787A20C5B9FE88965392AF2F . 841216 . . [7.00.6000.21310] . . c:\windows\$hf_mig$\KB2647516-IE7\SP3QFE\wininet.dll
[7] 2011-10-31 . 01BDE5984B35C367A3FDCC0EE8ED30E7 . 832512 . . [7.00.6000.17106] . . c:\windows\ie7updates\KB2647516-IE7\wininet.dll
[7] 2011-10-31 . BB152F931473A871C8CB0F7040147D03 . 841216 . . [7.00.6000.21308] . . c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\wininet.dll
[7] 2011-08-17 . AE55A628C1688AA66AE39D2B93BDE312 . 832512 . . [7.00.6000.17103] . . c:\windows\ie7updates\KB2618444-IE7\wininet.dll
[7] 2011-08-17 . BADFC58ACD58FB83C7FB968FE2571154 . 841216 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\wininet.dll
[7] 2011-06-21 . 0697B0F3FD198C5AF0876449789EB1D3 . 832512 . . [7.00.6000.17099] . . c:\windows\ie7updates\KB2586448-IE7\wininet.dll
[7] 2011-06-21 . CA3F86FD98DBEF99E8CBB5C5EC533E4E . 841216 . . [7.00.6000.21302] . . c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\wininet.dll
[7] 2011-04-25 . 36F92E2E8B0E6EBB02CC9EEEA2983C1E . 832512 . . [7.00.6000.17098] . . c:\windows\ie7updates\KB2559049-IE7\wininet.dll
[7] 2011-04-25 . C843BCAFB1C22AF2399FD5AA92257D4D . 841216 . . [7.00.6000.21300] . . c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\wininet.dll
[7] 2011-02-17 . 60A31B042CB6600EEB4357AFF19D345C . 841216 . . [7.00.6000.21298] . . c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\wininet.dll
[7] 2011-02-17 . B699449B3CB14E5D553688814D19FF56 . 832512 . . [7.00.6000.17096] . . c:\windows\ie7updates\KB2530548-IE7\wininet.dll
[7] 2010-12-20 . BD4C6C6694C20480599E75813C230EFC . 841216 . . [7.00.6000.21297] . . c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\wininet.dll
[7] 2010-12-20 . A2D15AB60F75AA102ED5234CA80688AD . 832512 . . [7.00.6000.17095] . . c:\windows\ie7updates\KB2497640-IE7\wininet.dll
[7] 2010-11-06 . A1A23A6C6DCA6B567106552475A65B79 . 832512 . . [7.00.6000.17093] . . c:\windows\ie7updates\KB2482017-IE7\wininet.dll
[7] 2010-11-06 . 512A074E47388E9252B1ADE326317CE9 . 841216 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\wininet.dll
[7] 2010-09-09 . 6BCB6C8396D75FA1676B65790EA17E4B . 832512 . . [7.00.6000.17091] . . c:\windows\ie7updates\KB2416400-IE7\wininet.dll
[7] 2010-09-09 . 859559B2F2B9B437DD279AC7EA68BE40 . 841216 . . [7.00.6000.21293] . . c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\wininet.dll
[7] 2010-06-24 . A85BA5BA928351CC7117123D53123384 . 841216 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\wininet.dll
[7] 2010-06-24 . F35DCEC860FDB1F17DE7D543D182B169 . 832512 . . [7.00.6000.17080] . . c:\windows\ie7updates\KB2360131-IE7\wininet.dll
[7] 2010-05-04 . 0AFFC00B24F30716688CF08ECFE377E9 . 832512 . . [7.00.6000.17055] . . c:\windows\ie7updates\KB2183461-IE7\wininet.dll
[7] 2010-05-04 . 6A2F855F0D2A09216656153636080D1E . 841216 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
[7] 2010-03-11 . 667D6FFC648739EB24931E9B2BC685D1 . 832512 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[7] 2010-03-11 . A20419E3612073BB2B5707EDA26173E6 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[7] 2010-01-05 . B0F874F81444643FCDA267033D630113 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[7] 2010-01-05 . C14A55B0286B5C2A910AEA3CE1DB7D76 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[7] 2009-10-29 . A20B2C09CCE24D136F0519323A3F7072 . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[7] 2009-10-29 . 9B5D0E4E82FFC178D82206D93D89C71C . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[7] 2009-08-29 . CB74316772D625807EF16F6701F2A25E . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[7] 2009-08-29 . BA0DE4DD7959D0638EAD5B400294C416 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[7] 2009-06-29 . 93552887262FEE6DD5D98E452FCD495A . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[7] 2009-06-29 . 90590032B6E9EF719F5E78FCD2AD2CBC . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[7] 2009-04-29 . B7E6D6663CB6BC05316FEB978217360D . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[7] 2009-04-29 . F5D59B0B453F8AF7ADC7AFB34D39C441 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-03-03 . AF68C6F857EB438770E86FFEE013F04D . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-03-03 . 9F434E15A82D1322FB6860E317783E57 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-12-20 . 2B5AE9ACD86E1B8B86D62E153DE130AB . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 . C3D4047626F8CC8EC7DD7558FA5CC2E2 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-10-16 . CBAAEBDFC6F9291D2D31E36FE1AD19AC . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-10-16 . 5A1F997EC096EF26F3A3880347F5F9D8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . E1F83BCC84D6223965D35AB06B63BBEB . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . B905F284F45675F3019413DFF055C666 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2006-11-07 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2006-01-09 . 957B39EFDAAFC58F43FB233933265F95 . 667648 . . [6.00.2900.2823] . . c:\windows\ie7\wininet.dll
[-] 2005-10-21 . F3118DF4ABD118B11326D1C7A0093867 . 667136 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-10-21 . 19625F6F8357C2306BA4B3583C705836 . 664064 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB905915$\wininet.dll
.
[7] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2004-08-04 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[7] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[7] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[7] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[7] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[7] 2011-11-01 . D684C601EC79D9543D50EB2DB124FE78 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[7] 2010-07-16 . B28AF7976F2D8109C0DC2CF2460BEDC2 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[7] 2010-07-16 . B3D7633CF83B09042A49810A7A72ADED . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . 24EDF93FD04CA1A98D32F092DD4F9953 . 1286144 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-07-26 . CC50261CA5DC93A47D6CF548C4223F44 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[7] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[7] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[7] 2010-04-16 . EB2AD9C7DADE6C63F5F933881BA2A430 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[7] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[7] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\ksuser.dll
[7] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\ksuser.dll
[7] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[7] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[7] 2009-07-27 . 927666F4228E3FBBC3D1171581DC8BDC . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[7] 2004-08-04 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[7] 2008-04-14 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[7] 2008-04-14 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[7] 2004-08-04 . 3B8A9C87027BF8D6D156BE5FA6E8EBC6 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[7] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[7] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-04 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[7] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[7] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[7] 2010-12-09 . 0314B25236E38383DACD4527C40156E8 . 743936 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[7] 2010-12-09 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[7] 2010-12-09 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[7] 2009-02-09 . 06DA2C9091606174BFC6F46037AAFFF8 . 740864 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2009-02-09 . 1392B1FB3CD232D4439418DB91DB57A1 . 740352 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[7] 2008-04-14 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
[7] 2008-04-14 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[7] 2004-08-04 . 00E9FF65CC5C4F965ABB0C7BBDAE8309 . 733696 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
.
[7] 2008-04-14 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[7] 2008-04-14 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[7] 2004-08-04 . C7329927E2C73450323565DCFE17D78E . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[7] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[7] 2004-08-04 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[7] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[7] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[7] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[7] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[7] 2004-08-04 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[7] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[7] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[7] 2004-08-04 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[7] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[7] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2004-08-04 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[7] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2004-08-04 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[7] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[7] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2004-08-04 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[7] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[7] 2004-08-04 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[7] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[7] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[7] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[7] 2010-09-18 07:18 . 4891FCDAE77486BFB56999AA217651FA . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[7] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2004-08-04 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[7] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[7] 2004-08-04 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[7] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[7] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2004-08-04 12:00 . D68CC4EBF7B03FD770D5962295AD814E . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[7] 2012-08-23 . 683CCEEF613AB24D24C9A764C79A80F2 . 2071936 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2012-08-23 . 683CCEEF613AB24D24C9A764C79A80F2 . 2071936 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2012-08-23 . 2A212067C4734FD67095DA9FF522B503 . 2030080 . . [5.1.2600.6284] . . c:\windows\system32\ntkrnlpa.exe
[7] 2012-08-23 . 3E6F700819774FD290FA8A79465E41DA . 2071936 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[7] 2012-05-05 . BE4A6D3DB8E11A1B644B8675FE7D1A43 . 2029056 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[7] 2012-05-05 . 339D9DA45F631C9D9D7132D9F6957943 . 2071424 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[7] 2012-04-11 . 12E964E3514BC6ECD028A792F23E1976 . 2029056 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntkrnlpa.exe
[7] 2012-04-11 . C3124524EDDDA49504AE558352440F65 . 2071424 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[7] 2011-10-26 . 07FD1B85212CB29D3D75932B8C3FD210 . 2029568 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[7] 2011-10-26 . ADD968B4D4A095407FD5B915F89BA8B5 . 2071680 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 7B1CA0A6C042E4B90A18B49ED73CBA76 . 2071680 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 56371A8F18F7D9570A11B1C54D602A2A . 2029568 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[7] 2010-04-28 . 4EACA49489EB3C4A2E83C5546EB5884C . 2069248 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-04-28 . 6D8D53C3EE866AB72AC73A68808E7371 . 2027008 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[7] 2010-02-16 . 1DFCBCFD1C9016C051BE6D7243459CCA . 2027008 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[7] 2010-02-16 . CEE28C8C47E52F185F9F8F3A2E31880C . 2069248 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 2E72317A93EF61138E43DCF7CD423EDF . 2068480 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 1143EBE276EA80A88942A21613078088 . 2026496 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . C50ED62BB5CDC5AD4F3985ED39C6AE87 . 2068480 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 1FF1F43613BA7510A5A975ED034EB8E0 . 2026496 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-09 . 43FBA8A9CBEEA36EA95AF77CD538200A . 2026496 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . C789B5AEA9AB71C5BEF6DD568F744842 . 2068352 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4BFEE42DD31F3D4BB1D827D9E2B4644C . 2023424 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 . 326C258774EB791E78FEA8A9E14D5C3E . 2068352 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . 13334FAF18AB3B9083B8DD8A668B8BB6 . 2026496 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 . FEFB3BDA35CF469809B0C89AB6833AFC . 2026496 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2006-04-12 . 49DC9CB5DC9255F2BC3A049FC22046A0 . 2019328 . . [5.1.2600.2885] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2005-03-02 . AE8364004BBFD70461D2EF34888D3360 . 2059264 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . BDFF8FFA77EE7DF9758EF8C1E0DA8EFF . 2059136 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
.
[7] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[7] 2004-08-04 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[7] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[7] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[7] 2004-08-04 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[7] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[7] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2004-08-04 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[7] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[7] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[7] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[7] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[7] 2004-08-04 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[7] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[7] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[7] 2004-08-04 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[7] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[7] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[7] 2004-08-04 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[7] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[7] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[7] 2004-08-04 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[7] 2012-10-31 . F77E696991FED3B92E09AC0CE91E9BCA . 643104 . . [7.00.6000.17115] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2012-10-31 . CE4C28454C062C30489D4B82FDB515F3 . 643104 . . [7.00.6000.21317] . . c:\windows\$hf_mig$\KB2761465-IE7\SP3QFE\iexplore.exe
[7] 2012-08-26 . 326B5461CCD7DB0CD6B126ADEB28667A . 634504 . . [7.00.6000.17114] . . c:\windows\ie7updates\KB2761465-IE7\iexplore.exe
[7] 2012-08-26 . F516E1F811AC01F5DA1D486051069A7C . 634504 . . [7.00.6000.21316] . . c:\windows\$hf_mig$\KB2744842-IE7\SP3QFE\iexplore.exe
[7] 2012-07-03 . 0F06AE8613FE66FF4C02A0C27D0DC7EF . 634488 . . [7.00.6000.17112] . . c:\windows\ie7updates\KB2744842-IE7\iexplore.exe
[7] 2012-07-03 . 5A120ED9A6327241A69241A3D854AB21 . 634488 . . [7.00.6000.21314] . . c:\windows\$hf_mig$\KB2722913-IE7\SP3QFE\iexplore.exe
[7] 2012-04-22 . 0A39EEAD063CCDFF36AC9F0B8F800956 . 634488 . . [7.00.6000.17110] . . c:\windows\ie7updates\KB2722913-IE7\iexplore.exe
[7] 2012-04-22 . CE2379FC341C65CAD88FF8264A791AB5 . 634488 . . [7.00.6000.21312] . . c:\windows\$hf_mig$\KB2699988-IE7\SP3QFE\iexplore.exe
[7] 2012-02-29 . 50BA6A230D743A4D33BFFA2FA1113055 . 634680 . . [7.00.6000.17109] . . c:\windows\ie7updates\KB2699988-IE7\iexplore.exe
[7] 2012-02-29 . DF642AABFDACE36E3B4329091A07DE87 . 634680 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\iexplore.exe
[7] 2011-12-16 . 1C206B8FEEC6882B7F7F479E95D2BDD9 . 634680 . . [7.00.6000.17108] . . c:\windows\ie7updates\KB2675157-IE7\iexplore.exe
[7] 2011-12-16 . DB9D9A73FACB0B11992201D670D73E16 . 634680 . . [7.00.6000.21310] . . c:\windows\$hf_mig$\KB2647516-IE7\SP3QFE\iexplore.exe
[7] 2011-10-31 . 2E34CF22B5862AB02786F0819B9FD819 . 634504 . . [7.00.6000.17106] . . c:\windows\ie7updates\KB2647516-IE7\iexplore.exe
[7] 2011-10-31 . 1C5DA2D9EA2A59D0D5C116FA3A5A21AA . 634504 . . [7.00.6000.21308] . . c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\iexplore.exe
[7] 2011-08-17 . 6A1D755C68C10863C598C78A597FA7C3 . 634632 . . [7.00.6000.17103] . . c:\windows\ie7updates\KB2618444-IE7\iexplore.exe
[7] 2011-08-17 . CB0AFAF9E5C5FE70EC7087E71275DD33 . 634632 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\iexplore.exe
[7] 2011-06-20 . 993F33696EF219C306BF9BBA34D85073 . 634648 . . [7.00.6000.17099] . . c:\windows\ie7updates\KB2586448-IE7\iexplore.exe
[7] 2011-06-20 . DE0F15DD275A36C3E67DC1E36F958F3A . 634648 . . [7.00.6000.21302] . . c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\iexplore.exe
[7] 2011-04-21 . B6E13F9C120C776A89D783E26D6C15C5 . 634648 . . [7.00.6000.17098] . . c:\windows\ie7updates\KB2559049-IE7\iexplore.exe
[7] 2011-04-21 . 3E23DBEBE1020D52C63235E4189FAC03 . 634648 . . [7.00.6000.21300] . . c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\iexplore.exe
[7] 2011-02-14 . E4A798DFDE7FE6E79F23548F0EF0F844 . 634648 . . [7.00.6000.17096] . . c:\windows\ie7updates\KB2530548-IE7\iexplore.exe
[7] 2011-02-14 . E3CC8CCF21BFDC954255BB17083FB9F0 . 634648 . . [7.00.6000.21298] . . c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\iexplore.exe
[7] 2010-12-20 . 091D358EFC9D22901BD879EF37F0DAC4 . 634648 . . [7.00.6000.17095] . . c:\windows\ie7updates\KB2497640-IE7\iexplore.exe
[7] 2010-12-20 . B74CBEBA34E3CAA2CCACC87FEE8A16C0 . 634648 . . [7.00.6000.21297] . . c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\iexplore.exe
[7] 2010-10-18 . 72D1F43C4146D312B0DB6AB98C21340E . 634648 . . [7.00.6000.17093] . . c:\windows\ie7updates\KB2482017-IE7\iexplore.exe
[7] 2010-10-18 . DA6E1F0F1932B62DD2F6ED05541C555C . 634648 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe
[7] 2010-08-25 . E5412ED9E07C42C20C48D3FF71E6B1E8 . 634648 . . [7.00.6000.17091] . . c:\windows\ie7updates\KB2416400-IE7\iexplore.exe
[7] 2010-08-25 . F047BEB9771E45A05F425499A30F9BBA . 634648 . . [7.00.6000.21293] . . c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\iexplore.exe
[7] 2010-06-17 . 203E897F843D56496E2CC101DFF6CE34 . 634656 . . [7.00.6000.17080] . . c:\windows\ie7updates\KB2360131-IE7\iexplore.exe
[7] 2010-06-17 . B0BC6DC9C9277250C5C8F7B7A48A02CC . 634648 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe
[7] 2010-04-16 . C4BA5E36FB57F547117305BF1E0FE454 . 634656 . . [7.00.6000.17055] . . c:\windows\ie7updates\KB2183461-IE7\iexplore.exe
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[7] 2010-02-23 . B5116340B84824DDD0A641E36B126194 . 634648 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
[7] 2009-12-18 . 53C291F3B01EECECBD7FD358EA3ACC94 . 634648 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\iexplore.exe
[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe
[7] 2009-10-28 . 4F9B04D546C23A295F3F0AE015BE51DB . 634632 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\iexplore.exe
[7] 2009-08-27 . F232BA9F39BC0F722672C7E79E68EBEA . 634648 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\iexplore.exe
[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
[7] 2009-06-29 . 3CFC56F73D494FC1AA2B6E981DF15ACD . 634632 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-04-14 . 3BFE49B4CDFAC83B0F3C79412895A179 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2006-10-17 . 5334D4461AA92A7B008755FE6D13C5F2 . 622080 . . [7.00.5730.11] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2004-08-04 . B39A6AF04A431E317C85BF061719E705 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
.
[7] 2012-08-23 . 777AC14497340CDCFC12438904528E67 . 2195200 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2012-08-23 . 777AC14497340CDCFC12438904528E67 . 2195200 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2012-08-23 . 36E49FA67679847C40F452219D871163 . 2151424 . . [5.1.2600.6284] . . c:\windows\system32\ntoskrnl.exe
[7] 2012-08-23 . DEF6103237BB417D4082DB5077837853 . 2195328 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[7] 2012-05-05 . 916B2FD262DDD2DD31EB5B80B5645516 . 2150912 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[7] 2012-05-05 . C11516E90F6D8C45329A070429392A04 . 2194944 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[7] 2012-04-11 . 1055CB3C62F7007EBD5ECB1E5CC8069E . 2150912 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntoskrnl.exe
[7] 2012-04-11 . 35BEC26067274CCFE4BE16CA22E54557 . 2194944 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[7] 2011-10-26 . 63907C9E2D9EEA3ADA8263F0A8D79797 . 2151424 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[7] 2011-10-26 . 43BA9F58FD87BBF57F958C06241F2C9C . 2195072 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 2A5A8BE47E1F8E55520FB4031E21D129 . 2195072 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . DAC0BE266F11618A2B9A6EC4D1F255ED . 2151424 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[7] 2010-04-28 . 490911C4B913989D4958543FED2C8F21 . 2148864 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2010-04-28 . 6AF2E8CEB03F7CB3B8183359563DBB87 . 2192384 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-16 . E1BD0FAFF2C1D0A825CBA97DCF0DDDAE . 2148864 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[7] 2010-02-16 . 4456016C2FF1A8CCCAC8309C9B76E2F5 . 2192384 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . A97847B2D30F4A299B35239D26BAD948 . 2191616 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . D4128AA197DD8F3120FC80008AB66CF7 . 2147840 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 . 96D6882D49438D58B0DE0F7E8C8D241B . 2147840 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . 4B86421F2D85D9A4ECB06885C40B8EEB . 2191616 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . 18D976FE984BDA3DAC8164B05D69205D . 2147840 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . 59282EFE7147C011530E51FF92BA86AC . 2191488 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 2EB6D6755011965E6CB549BC0B32901D . 2145280 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 . 934FBEA25F8DE017ABFC6169B8446D94 . 2191488 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . 5961DD3AEC44962A76F0D8D895C172F1 . 2147840 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-14 . 88077F757C6C793C33408D878B6E0F76 . 2147840 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2006-04-12 . 80E146CEE8721128C3DC53A67541DE00 . 2139648 . . [5.1.2600.2885] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2005-03-02 . EB5538A452E0E99169E2B6CDB62FF9D2 . 2181888 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 7189A2391ADC1F65C9AE87B0ABE0F945 . 2181632 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
.
[7] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[7] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[7] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[7] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[7] 2004-08-04 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[7] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[7] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[7] 2004-08-04 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[7] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[7] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[7] 2004-08-04 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[7] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[7] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . 45F87F6E7AB4F79B5C719B78C289DB66 . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . DC940E8932827D65180F6A71BD4BD878 . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
[7] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[7] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[7] 2004-08-04 . 3FEADE4D0B41D22E8B8460739A9B4FEE . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\dokumente und einstellungen\****\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\dokumente und einstellungen\****\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\dokumente und einstellungen\****\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\dokumente und einstellungen\****\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104]
"nwiz"="nwiz.exe" [2007-12-10 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"LWS"="c:\programme\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\****\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2013-1-4 28539232]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2008-6-26 50688]
LRZ VPN Client.lnk - c:\programme\LRZ VPN Client\vpngui.exe [2008-10-15 1537064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 20:17	89600	------w-	c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37	34344	------w-	c:\programme\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06	28672	------w-	c:\programme\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Maxima-5.16.3\\bin\\xmaxima.exe"=
"c:\\Programme\\Maxima-5.16.3\\wxMaxima\\wxMaxima.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\NX Client for Windows\\nxclient.exe"=
"c:\\Programme\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programme\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Dokumente und Einstellungen\\****\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.10.2010 13:06 691696]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 17:32 19504]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [21.01.2013 20:55 36552]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [21.01.2013 20:55 85280]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [26.06.2008 13:27 554352]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.03.2007 21:10 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programme\Lenovo\Rescue and Recovery\rrpservice.exe [08.02.2007 12:11 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.05.2007 14:59 30336]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23.01.2013 09:38 35144]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10.02.2011 13:53 27064]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 22:31	1606760	----a-w-	c:\programme\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2013-01-13 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-26 11:21]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-09-29 19:54]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-09-29 19:54]
.
2013-01-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-06-26 16:22]
.
2013-01-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-03-03 21:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumente und einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2009-09-21 10:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-MathExperte Analysis 1 Version 1.41 Revision 7 - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Reclams elektronisches Reimlexikon - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-24 11:36
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3660004609-3411007303-2895799563-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3c,e4,79,52,03,14,40,ed,dd,a1,67,a4,87,a9,51,2f,79,45,0b,09,92,e8,57,
   70,96,83,b4,4f,67,ad,48,be,1b,ee,18,77,d1,17,a3,75,50,fe,b0,d3,36,55,fe,96,\
"??"=hex:e8,96,da,54,85,c1,92,be,d1,84,95,15,ec,0f,9f,35
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\°* ¸*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Anwendungsdaten\\Intel\\Wireless\\"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1736)
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\ThinkVantage Fingerprint Software\remote.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
c:\programme\ThinkVantage Fingerprint Software\pscssint.dll
c:\programme\ThinkVantage Fingerprint Software\crypto.dll
.
- - - - - - - > 'lsass.exe'(1792)
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
.
- - - - - - - > 'explorer.exe'(1580)
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSDE.DLL
c:\programme\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\programme\Lenovo\Client Security Solution\tvt_passwordmanager.dll
c:\programme\Lenovo\Client Security Solution\css_banner.dll
c:\programme\Lenovo\Client Security Solution\csswait.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\programme\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\programme\Gemeinsame Dateien\Lenovo\tvt_think_res.dll
c:\programme\Lenovo\Client Security Solution\css_think_res.dll
c:\dokumente und einstellungen\****\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\nvwddi.dll
c:\progra~1\WINDOW~1\wmpband.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\LRZ VPN Client\cvpnd.exe
c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\lenovo\system update\suservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\programme\Lenovo\Client Security Solution\tvttcsd.exe
c:\programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
c:\windows\system32\rundll32.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\programme\Intel\Wireless\Bin\Dot1XCfg.exe
c:\programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-24  11:42:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-24 10:42
.
Vor Suchlauf: 17 Verzeichnis(se), 88.441.839.616 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 89.104.347.136 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B513677C14B0EA4EE20569875C168B6C
--- --- ---
Alt 24.01.2013, 11:49   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.01.2013, 14:04   #24
mtmtmt
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


adwCleaner:

Code:
ATTFilter
# AdwCleaner v2.107 - Datei am 24/01/2013 um 14:03:07 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : **** - LENOVO-DDD3664B
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\****\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\Software\eRightSoft\OpenCandy
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.17115

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3

*************************

AdwCleaner[R1].txt - [1769 octets] - [24/01/2013 14:03:07]

########## EOF - C:\AdwCleaner[R1].txt - [1829 octets] ##########

Alt 24.01.2013, 14:11   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.01.2013, 14:29   #26
mtmtmt
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


adwCleaner:

Code:
ATTFilter
# AdwCleaner v2.107 - Datei am 24/01/2013 um 14:12:59 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : **** - LENOVO-DDD3664B
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\Software\eRightSoft\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.17115

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [1898 octets] - [24/01/2013 14:03:07]
AdwCleaner[S1].txt - [1705 octets] - [24/01/2013 14:12:59]

########## EOF - C:\AdwCleaner[S1].txt - [1765 octets] ##########

OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.01.2013 14:18:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,98 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,51% Memory free
3,83 Gb Paging File | 3,14 Gb Available in Paging File | 81,98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 142,51 Gb Total Space | 83,09 Gb Free Space | 58,30% Space Free | Partition Type: NTFS
Drive E: | 3,81 Gb Total Space | 3,40 Gb Free Space | 89,06% Space Free | Partition Type: FAT32
 
Computer Name: LENOVO-DDD3664B | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - c:\Programme\LRZ VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe ()
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe (InstallShield Software Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a4652f28\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a51affbd\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL ()
MOD - C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe ()
MOD - C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll ()
MOD - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
MOD - C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll ()
MOD - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
MOD - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (CVPND) -- c:\Programme\LRZ VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TVT Scheduler) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (TVTPktFilter) -- system32\DRIVERS\tvtpktfilter.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder PMP Edition\SysInfo.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ahfcfs5t) --  File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (NETw4x32) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (smihlp) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz-muenchen.de/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\****\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\****\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.21 20:55:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.21 20:55:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Programme\Lenovo\Client Security Solution\PWM Firefox Extension [2008.10.11 14:46:01 | 000,000,000 | ---D | M]
 
[2008.10.11 12:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2012.10.25 21:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\extensions
[2010.04.27 14:56:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\searchplugins\conduit.xml
[2013.01.21 20:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.22 18:43:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013.01.21 20:55:17 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.22 18:43:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.11 12:22:42 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2007.05.16 09:30:04 | 000,036,864 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npSfAppM.dll
[2012.03.26 13:37:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.04 21:48:56 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.26 13:37:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.26 13:37:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.26 13:37:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.26 13:37:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: SciFinder Application Plugin for Mozilla (Enabled) = C:\Programme\Mozilla Firefox\plugins\npSfAppM.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.01.24 11:34:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\LRZ VPN Client.lnk = C:\Programme\LRZ VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 14:01:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.24 11:26:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.24 11:25:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.24 11:25:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.24 11:25:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.24 11:25:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.24 11:25:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.24 11:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.24 11:22:22 | 005,026,296 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe
[2013.01.22 14:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2013.01.22 14:41:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.21 23:22:21 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2013.01.21 23:22:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2013.01.21 21:20:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\GVU
[2013.01.21 21:18:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2013.01.21 20:58:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Avira
[2013.01.21 20:56:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013.01.21 20:55:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.01.21 20:55:51 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.01.21 20:55:51 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.01.21 20:55:51 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.01.21 20:55:50 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2013.01.21 20:55:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2013.01.21 20:55:06 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.15 00:07:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\TygemBaduk Program
[2013.01.14 23:21:09 | 000,000,000 | ---D | C] -- C:\Programme\TygemGlobal
[2013.01.14 23:21:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TongYang Online
[2013.01.13 14:57:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Zeug
[2013.01.08 23:42:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JagoClient
[2013.01.08 23:42:10 | 000,000,000 | ---D | C] -- C:\Programme\JagoClient
[2013.01.08 01:26:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GoPanda2
[2013.01.08 01:24:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GoPanda
[2013.01.08 01:24:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\Pandanet IGS
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 14:16:18 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013.01.24 14:16:04 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013.01.24 14:15:45 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2013.01.24 14:15:19 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.24 14:15:17 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.24 14:15:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2013.01.24 14:15:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.24 11:34:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.24 11:26:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.01.24 11:24:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.24 11:22:52 | 005,026,296 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe
[2013.01.24 11:01:02 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Microsoft Office Word 2007.lnk
[2013.01.24 09:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.23 09:38:11 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.01.21 21:18:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2013.01.21 21:18:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2013.01.21 20:56:11 | 000,001,678 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.01.21 19:11:22 | 000,003,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2013.01.16 00:07:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.13 12:16:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013.01.11 02:26:39 | 003,619,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.11 01:51:53 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\****\.go.cfg
[2013.01.10 20:30:13 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.08 23:51:33 | 000,463,344 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.08 23:51:33 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.08 23:51:33 | 000,086,188 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.08 23:51:33 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.08 23:46:38 | 002,001,061 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2013.01.08 21:45:50 | 000,001,054 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\Dropbox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.24 11:26:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.01.24 11:26:44 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.24 11:25:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.24 11:25:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.24 11:25:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.24 11:25:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.24 11:25:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.23 09:38:11 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.01.21 21:18:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2013.01.21 20:56:11 | 000,001,678 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.01.21 19:11:22 | 000,003,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2013.01.08 23:43:39 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.go.cfg
[2012.10.31 14:00:04 | 000,000,621 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.ImageJ_3D_Viewer.props
[2012.09.04 23:40:30 | 000,000,925 | ---- | C] () -- C:\WINDOWS\kaiser.ini
[2011.10.26 13:53:28 | 000,005,449 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel
[2011.10.11 11:22:15 | 000,049,075 | ---- | C] () -- C:\WINDOWS\DIAMOND.INI
[2011.07.17 21:34:31 | 000,000,443 | ---- | C] () -- C:\WINDOWS\capture.ini
[2011.07.15 13:03:25 | 000,000,421 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2011.03.07 15:28:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.10.21 14:55:58 | 000,000,198 | ---- | C] () -- C:\Dokumente und Einstellungen\****\vgalusr1.vr
[2010.01.20 15:22:58 | 000,000,158 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.Xauthority
[2009.07.04 09:40:50 | 000,022,016 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.28 14:39:34 | 000,000,922 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\gnuplot_history
[2009.01.12 23:31:20 | 000,008,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate
[2008.12.01 19:22:17 | 000,000,083 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\X-Plane Installer.prf
[2008.10.16 21:24:05 | 000,056,663 | ---- | C] () -- C:\Dokumente und Einstellungen\****\maxout.openmath
[2008.10.16 10:22:50 | 000,155,362 | ---- | C] () -- C:\Dokumente und Einstellungen\****\maxout.gnuplot
[2008.10.16 10:20:24 | 000,000,528 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.xmaximarc
[2008.10.11 13:55:34 | 000,038,332 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft Excel.ADR
[2008.10.10 15:33:02 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.01.27 18:19:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---



Extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.01.2013 14:18:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,98 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,51% Memory free
3,83 Gb Paging File | 3,14 Gb Available in Paging File | 81,98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 142,51 Gb Total Space | 83,09 Gb Free Space | 58,30% Space Free | Partition Type: NTFS
Drive E: | 3,81 Gb Total Space | 3,40 Gb Free Space | 89,06% Space Free | Partition Type: FAT32
 
Computer Name: LENOVO-DDD3664B | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\Maxima-5.16.3\bin\xmaxima.exe" = C:\Programme\Maxima-5.16.3\bin\xmaxima.exe:*:Disabled:Tclkit, a standalone runtime for Tcl/Tk -- (Equi4 Software)
"C:\Programme\Maxima-5.16.3\wxMaxima\wxMaxima.exe" = C:\Programme\Maxima-5.16.3\wxMaxima\wxMaxima.exe:*:Disabled:wxMaxima -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\NX Client for Windows\nxclient.exe" = C:\Programme\NX Client for Windows\nxclient.exe:*:Enabled:nxclient -- ()
"C:\Programme\NX Client for Windows\bin\nxssh.exe" = C:\Programme\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Programme\Microsoft Office 2007\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\ImageJ\jre\bin\javaw.exe" = C:\Programme\ImageJ\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59BDB81E-9BB8-476E-A0A4-EE053A7FCBCB}" = PDF-XChange Viewer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C92B42-DFED-4304-8AA2-C90783D706FD}" = Skat 8.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72F0172C-6D1D-470E-9298-A3A1A6530CFB}" = Origin8
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ACDLabs in C__Programme_ACDFREE12_" = ACD/Labs Software in C:\Programme\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Armagetron Advanced" = Armagetron Advanced 0.2.8.2.1.gcc
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = Maintenance Manager
"capella 5.0" = capella professionell Version 5.3
"CBReader " = CBReader 
"ChemAxon Marvin Beans 5.1.03" = ChemAxon Marvin Beans 5.1.03
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EXCEL" = Microsoft Office Excel 2007
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"GNU Backgammon 0.15-stable_is1" = GNU Backgammon 0.15-stable (20061119 code)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImageJ_is1" = ImageJ 1.44p
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"IrfanView" = IrfanView (remove only)
"iSnooker" = iSnooker
"JagoClient_is1" = JagoClient Version 6.0
"Lenovo Registration" = Lenovo Registration
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Maxima-5.16.3_is1" = Maxima 5.16.3
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIDI Klavier_is1" = MIDI Klavier 1.0
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"nxclient_is1" = NX Client for Windows 3.4.0-5
"OnScreenDisplay" = Anzeige am Bildschirm
"OpenAL" = OpenAL
"OUTLOOK" = Microsoft Office Outlook 2007
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"POWERPOINT" = Microsoft Office PowerPoint 2007
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Tygem Baduk" = TygemBaduk Remove
"WashAndGo_is1" = WashAndGo
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"WORD" = Microsoft Office Word 2007
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoPanda" = GoPanda
"GoPanda 2" = GoPanda 2
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2013 14:49:33 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 14:50:40 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 14:50:44 | Computer Name = LENOVO-DDD3664B | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avguard.exe, Version 12.3.0.15, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00019af2.
 
Error - 21.01.2013 14:51:52 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:18:55 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:28:39 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:30:59 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:38:54 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:44:44 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 24.01.2013 06:24:56 | Computer Name = LENOVO-DDD3664B | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3.
 
[ OSession Events ]
Error - 16.11.2012 10:29:59 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 16.11.2012 10:36:26 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 220 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 18.11.2012 17:27:07 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 4355 seconds with 840 seconds of active time.  This session ended with a 
crash.
 
Error - 18.11.2012 17:43:14 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 945 seconds with 900 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.01.2013 04:11:52 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst SharedAccess.
 
Error - 24.01.2013 04:11:52 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
 wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 24.01.2013 04:12:04 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
Error - 24.01.2013 04:12:35 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
Error - 24.01.2013 06:25:18 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 24.01.2013 06:27:57 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "tvtnetwk" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 24.01.2013 06:36:14 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst WZCSVC.
 
Error - 24.01.2013 06:36:14 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
Error - 24.01.2013 06:36:14 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst Schedule.
 
Error - 24.01.2013 06:36:14 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
 
< End of report >
--- --- ---
Alt 24.01.2013, 14:29   #27
mtmtmt
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


(Doppelt)

Alt 24.01.2013, 15:10   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


Code:
ATTFilter
Scan Mode: Current user
Du hast den Haken bei Scanne alle Benutzer vergessen! Bitte das Log nochmal richtig machen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.01.2013, 15:43   #29
mtmtmt
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


Sorry, das hab ich überlesen... Hier die neuen Logs:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.01.2013 15:34:21 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,98 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,55% Memory free
3,83 Gb Paging File | 3,09 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 142,51 Gb Total Space | 83,09 Gb Free Space | 58,30% Space Free | Partition Type: NTFS
Drive E: | 3,81 Gb Total Space | 3,40 Gb Free Space | 89,06% Space Free | Partition Type: FAT32
 
Computer Name: LENOVO-DDD3664B | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - c:\Programme\LRZ VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe ()
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe (InstallShield Software Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a4652f28\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a51affbd\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL ()
MOD - C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe ()
MOD - C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll ()
MOD - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
MOD - C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll ()
MOD - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
MOD - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll ()
MOD - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (CVPND) -- c:\Programme\LRZ VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TVT Scheduler) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (TVTPktFilter) -- system32\DRIVERS\tvtpktfilter.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder PMP Edition\SysInfo.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ahfcfs5t) --  File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (NETw4x32) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (smihlp) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE 
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz-muenchen.de/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\****\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\****\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.21 20:55:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.21 20:55:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Programme\Lenovo\Client Security Solution\PWM Firefox Extension [2008.10.11 14:46:01 | 000,000,000 | ---D | M]
 
[2008.10.11 12:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2012.10.25 21:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\extensions
[2010.04.27 14:56:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\searchplugins\conduit.xml
[2013.01.21 20:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.22 18:43:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013.01.21 20:55:17 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.22 18:43:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.11 12:22:42 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2007.05.16 09:30:04 | 000,036,864 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npSfAppM.dll
[2012.03.26 13:37:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.04 21:48:56 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.26 13:37:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.26 13:37:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.26 13:37:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.26 13:37:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: SciFinder Application Plugin for Mozilla (Enabled) = C:\Programme\Mozilla Firefox\plugins\npSfAppM.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.01.24 11:34:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008..\RunOnce: [configmsi] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\DOKUME~1\****\LOKALE~1\Temp\{F055E1B2-8A05-4D87-8039-1BE979BA4193}"" File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\LRZ VPN Client.lnk = C:\Programme\LRZ VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 14:01:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.24 11:26:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.24 11:25:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.24 11:25:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.24 11:25:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.24 11:25:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.24 11:25:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.24 11:25:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.24 11:22:22 | 005,026,296 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe
[2013.01.22 14:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2013.01.22 14:41:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.21 23:22:21 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2013.01.21 23:22:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2013.01.21 21:20:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\GVU
[2013.01.21 21:18:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2013.01.21 20:58:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Avira
[2013.01.21 20:56:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013.01.21 20:55:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.01.21 20:55:51 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.01.21 20:55:51 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.01.21 20:55:51 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.01.21 20:55:50 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2013.01.21 20:55:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2013.01.21 20:55:06 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.15 00:07:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\TygemBaduk Program
[2013.01.14 23:21:09 | 000,000,000 | ---D | C] -- C:\Programme\TygemGlobal
[2013.01.14 23:21:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TongYang Online
[2013.01.13 14:57:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Zeug
[2013.01.08 23:42:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JagoClient
[2013.01.08 23:42:10 | 000,000,000 | ---D | C] -- C:\Programme\JagoClient
[2013.01.08 01:26:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GoPanda2
[2013.01.08 01:24:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GoPanda
[2013.01.08 01:24:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\Pandanet IGS
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 14:24:10 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.24 14:16:18 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013.01.24 14:16:04 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013.01.24 14:15:45 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2013.01.24 14:15:19 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.24 14:15:17 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.24 14:15:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2013.01.24 14:15:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.24 11:34:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.24 11:26:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.01.24 11:22:52 | 005,026,296 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe
[2013.01.24 11:01:02 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Microsoft Office Word 2007.lnk
[2013.01.24 09:21:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.23 09:38:11 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.01.21 21:18:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2013.01.21 21:18:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2013.01.21 20:56:11 | 000,001,678 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.01.21 19:11:22 | 000,003,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2013.01.16 00:07:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.13 12:16:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013.01.11 02:26:39 | 003,619,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.11 01:51:53 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\****\.go.cfg
[2013.01.10 20:30:13 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.08 23:51:33 | 000,463,344 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.08 23:51:33 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.08 23:51:33 | 000,086,188 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.08 23:51:33 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.08 23:46:38 | 002,001,061 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2013.01.08 21:45:50 | 000,001,054 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\Dropbox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.24 11:26:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.01.24 11:26:44 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.24 11:25:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.24 11:25:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.24 11:25:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.24 11:25:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.24 11:25:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.23 09:38:11 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.01.21 21:18:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2013.01.21 20:56:11 | 000,001,678 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.01.21 19:11:22 | 000,003,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2013.01.08 23:43:39 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.go.cfg
[2012.10.31 14:00:04 | 000,000,621 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.ImageJ_3D_Viewer.props
[2012.09.04 23:40:30 | 000,000,925 | ---- | C] () -- C:\WINDOWS\kaiser.ini
[2011.10.26 13:53:28 | 000,005,449 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel
[2011.10.11 11:22:15 | 000,049,075 | ---- | C] () -- C:\WINDOWS\DIAMOND.INI
[2011.07.17 21:34:31 | 000,000,443 | ---- | C] () -- C:\WINDOWS\capture.ini
[2011.07.15 13:03:25 | 000,000,421 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2011.03.07 15:28:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.10.21 14:55:58 | 000,000,198 | ---- | C] () -- C:\Dokumente und Einstellungen\****\vgalusr1.vr
[2010.01.20 15:22:58 | 000,000,158 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.Xauthority
[2009.07.04 09:40:50 | 000,022,016 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.28 14:39:34 | 000,000,922 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\gnuplot_history
[2009.01.12 23:31:20 | 000,008,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate
[2008.12.01 19:22:17 | 000,000,083 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\X-Plane Installer.prf
[2008.10.16 21:24:05 | 000,056,663 | ---- | C] () -- C:\Dokumente und Einstellungen\****\maxout.openmath
[2008.10.16 10:22:50 | 000,155,362 | ---- | C] () -- C:\Dokumente und Einstellungen\****\maxout.gnuplot
[2008.10.16 10:20:24 | 000,000,528 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.xmaximarc
[2008.10.11 13:55:34 | 000,038,332 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft Excel.ADR
[2008.10.10 15:33:02 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.01.27 18:19:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.01.2013 15:34:21 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,98 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,55% Memory free
3,83 Gb Paging File | 3,09 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 142,51 Gb Total Space | 83,09 Gb Free Space | 58,30% Space Free | Partition Type: NTFS
Drive E: | 3,81 Gb Total Space | 3,40 Gb Free Space | 89,06% Space Free | Partition Type: FAT32
 
Computer Name: LENOVO-DDD3664B | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\Maxima-5.16.3\bin\xmaxima.exe" = C:\Programme\Maxima-5.16.3\bin\xmaxima.exe:*:Disabled:Tclkit, a standalone runtime for Tcl/Tk -- (Equi4 Software)
"C:\Programme\Maxima-5.16.3\wxMaxima\wxMaxima.exe" = C:\Programme\Maxima-5.16.3\wxMaxima\wxMaxima.exe:*:Disabled:wxMaxima -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\NX Client for Windows\nxclient.exe" = C:\Programme\NX Client for Windows\nxclient.exe:*:Enabled:nxclient -- ()
"C:\Programme\NX Client for Windows\bin\nxssh.exe" = C:\Programme\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Google\Google Talk\googletalk.exe" = C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Programme\Microsoft Office 2007\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\ImageJ\jre\bin\javaw.exe" = C:\Programme\ImageJ\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59BDB81E-9BB8-476E-A0A4-EE053A7FCBCB}" = PDF-XChange Viewer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C92B42-DFED-4304-8AA2-C90783D706FD}" = Skat 8.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72F0172C-6D1D-470E-9298-A3A1A6530CFB}" = Origin8
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAEBA159-3D7A-4C3C-B2EA-35A627506606}" = Fritz11
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ACDLabs in C__Programme_ACDFREE12_" = ACD/Labs Software in C:\Programme\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Armagetron Advanced" = Armagetron Advanced 0.2.8.2.1.gcc
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = Maintenance Manager
"capella 5.0" = capella professionell Version 5.3
"CBReader " = CBReader 
"ChemAxon Marvin Beans 5.1.03" = ChemAxon Marvin Beans 5.1.03
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EXCEL" = Microsoft Office Excel 2007
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"GNU Backgammon 0.15-stable_is1" = GNU Backgammon 0.15-stable (20061119 code)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImageJ_is1" = ImageJ 1.44p
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"IrfanView" = IrfanView (remove only)
"iSnooker" = iSnooker
"JagoClient_is1" = JagoClient Version 6.0
"Lenovo Registration" = Lenovo Registration
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Maxima-5.16.3_is1" = Maxima 5.16.3
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIDI Klavier_is1" = MIDI Klavier 1.0
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"nxclient_is1" = NX Client for Windows 3.4.0-5
"OnScreenDisplay" = Anzeige am Bildschirm
"OpenAL" = OpenAL
"OUTLOOK" = Microsoft Office Outlook 2007
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"POWERPOINT" = Microsoft Office PowerPoint 2007
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Tygem Baduk" = TygemBaduk Remove
"WashAndGo_is1" = WashAndGo
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"WORD" = Microsoft Office Word 2007
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3660004609-3411007303-2895799563-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoPanda" = GoPanda
"GoPanda 2" = GoPanda 2
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2013 14:49:33 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 14:50:40 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 14:50:44 | Computer Name = LENOVO-DDD3664B | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avguard.exe, Version 12.3.0.15, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00019af2.
 
Error - 21.01.2013 14:51:52 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:18:55 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:28:39 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:30:59 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:38:54 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.01.2013 15:44:44 | Computer Name = LENOVO-DDD3664B | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 24.01.2013 06:24:56 | Computer Name = LENOVO-DDD3664B | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3.
 
[ OSession Events ]
Error - 16.11.2012 10:29:59 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 64 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 16.11.2012 10:36:26 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 220 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 18.11.2012 17:27:07 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 4355 seconds with 840 seconds of active time.  This session ended with a 
crash.
 
Error - 18.11.2012 17:43:14 | Computer Name = LENOVO-DDD3664B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 945 seconds with 900 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.01.2013 04:11:52 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst SharedAccess.
 
Error - 24.01.2013 04:11:52 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
 wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 24.01.2013 04:12:04 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
Error - 24.01.2013 04:12:35 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
Error - 24.01.2013 06:25:18 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 24.01.2013 06:27:57 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7034
Description = Dienst "tvtnetwk" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 24.01.2013 06:36:14 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst WZCSVC.
 
Error - 24.01.2013 06:36:14 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
Error - 24.01.2013 06:36:14 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst Schedule.
 
Error - 24.01.2013 06:36:14 | Computer Name = LENOVO-DDD3664B | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
 
< End of report >
--- --- ---
Alt 24.01.2013, 15:57   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner nach Systemwiederherstellung entfernt? - Standard

GVU-Trojaner nach Systemwiederherstellung entfernt?


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\wmipz1d0.default\searchplugins\conduit.xml
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu GVU-Trojaner nach Systemwiederherstellung entfernt?
abgesicherte, abgesicherten, abgesicherten modus, anhang, einfach, eingabeaufforderung, ellung, entfern, entfernt, entfernt?, gelöst, gvu-trojaner, heute, konnte, modus, scans, system, systemwiederherstellung


« GVU/BSI-Virus auf PC, brauche Rat! | GVU Bundes Trojaner NEU !!! HILFE ??? Auswertung Log.dateien benötigt »


Ähnliche Themen: GVU-Trojaner nach Systemwiederherstellung entfernt?


  1. akm trojaner nach systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (12)
  2. Lösegeld-Trojaner nach Systemwiederherstellung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 26.05.2013 (11)
  3. GVU Trojaner nach Systemwiederherstellung komplett entfernt ?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (8)
  4. GVU Trojaner nach Systemwiederherstellung Windows 7
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (12)
  5. GVU Trojaner - vorgehensweise nach Systemwiederherstellung in XP SP3
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (17)
  6. GVU Trojaner auf Win7, per Systemwiederherstellung entfernt, was nun?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (13)
  7. GVU Trojaner - Stand nach Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (21)
  8. gvu trojaner nach systemwiederherstellung entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (2)
  9. GVU Trojaner nach Systemwiederherstellung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (12)
  10. Gvu trojaner nach systemwiederherstellung
    Log-Analyse und Auswertung - 07.11.2012 (15)
  11. GVU Trojaner - was tun nach Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (42)
  12. Bundespolizei Virus / Trojaner vom 11.8. wirklich durch Systemwiederherstellung entfernt?
    Log-Analyse und Auswertung - 22.08.2012 (19)
  13. GVU-Trojaner entfernt nach Systemwiederherstellung
    Log-Analyse und Auswertung - 15.07.2012 (11)
  14. Bundespolizei Trojaner - weg nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  15. BKA Trojaner nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (7)
  16. Bundespolizei-Trojaner nach Systemwiederherstellung
    Log-Analyse und Auswertung - 12.08.2011 (34)
  17. Probleme nach Trojaner und Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 28.03.2011 (40)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU-Trojaner nach Systemwiederherstellung entfernt? - Das hat bei mir niemand mit einer CD installiert - ist ein ThinkPad von Lenovo, T-Series 2008, da ist Windows werksseitig drauf - GVU-Trojaner nach Systemwiederherstellung entfernt?...
Archiv
Du betrachtest: GVU-Trojaner nach Systemwiederherstellung entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55