[code] OTS logfile created on: 19.01.2011 17:22:05 - Run 1 OTS by OldTimer - Version 3.1.41.1 Folder = C:\Program Files (x86)\OTs 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 45,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,15 Gb Total Space | 177,70 Gb Free Space | 61,88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Q: | 9,77 Gb Total Space | 2,08 Gb Free Space | 21,34% Space Free | Partition Type: NTFS Computer Name: HELMUT-NB Current User Name: Helmut Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Program Files (x86)\OTs\OTS.exe -> [2011.01.19 16:37:47 | 000,642,048 | ---- | M] (OldTimer Tools) plugin-container.exe -> C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe -> [2010.12.15 05:50:46 | 000,016,856 | ---- | M] (Mozilla Corporation) firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010.12.15 05:50:45 | 000,912,344 | ---- | M] (Mozilla Corporation) avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -> [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) teamviewer_service.exe -> C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -> [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) winampa.exe -> C:\Program Files (x86)\Winamp\winampa.exe -> [2010.01.13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) applicationupdater.exe -> C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -> [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) qdlservice2klenovo.exe -> c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -> [2009.12.18 18:03:12 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) acsvc.exe -> C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -> [2009.12.11 12:22:06 | 000,255,336 | ---- | M] (Lenovo) acprfmgrsvc.exe -> C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -> [2009.12.11 12:22:04 | 000,124,264 | ---- | M] (Lenovo) svcguihlpr.exe -> C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe -> [2009.12.11 11:58:56 | 000,344,064 | ---- | M] (Lenovo) acdeskbandhlpr.exe -> C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe -> [2009.12.11 11:58:54 | 000,397,312 | ---- | M] (Lenovo) tponscr.exe -> C:\Programme\Lenovo\HOTKEY\TPONSCR.exe -> [2009.11.24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) micmute.exe -> C:\Programme\Lenovo\HOTKEY\micmute.exe -> [2009.11.17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) tposdsvc.exe -> C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe -> [2009.11.17 06:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) tphksvc.exe -> C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -> [2009.11.16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) tpnumlkd.exe -> C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe -> [2009.11.11 09:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) cammute.exe -> C:\Programme\Lenovo\HOTKEY\cammute.exe -> [2009.11.09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2009.10.01 10:08:44 | 000,268,824 | ---- | M] (Intel Corporation) tpscrex.exe -> C:\Programme\Lenovo\ZOOM\TpScrex.exe -> [2009.10.01 08:14:32 | 000,144,752 | ---- | M] (Lenovo Group Limited) suservice.exe -> c:\Program Files (x86)\Lenovo\System Update\SUService.exe -> [2009.09.24 22:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) rrservice.exe -> C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe -> [2009.09.04 05:30:52 | 001,474,560 | ---- | M] (Lenovo Group Limited) scheduler_proxy.exe -> C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe -> [2009.08.28 14:30:50 | 000,487,424 | ---- | M] (Lenovo Group Limited) tvt_reg_monitor_svc.exe -> C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -> [2009.08.28 14:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) bluetoothheadsetproxy.exe -> C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe -> [2009.08.11 16:59:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) mcplaunch.exe -> C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe -> [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () tpnumlk.exe -> C:\Programme\Lenovo\HOTKEY\tpnumlk.exe -> [2009.03.05 08:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) mmreminderservice.exe -> C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe -> [2008.11.14 03:46:04 | 000,037,656 | ---- | M] (Mindjet) acrotray.exe -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) iviregmgr.exe -> C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) dlg.exe -> C:\Program Files (x86)\Digital Line Detect\DLG.exe -> [2006.11.03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) [Modules - Safe List] ots.exe -> C:\Program Files (x86)\OTs\OTS.exe -> [2011.01.19 16:37:47 | 000,642,048 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll -> [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) winsta.dll -> C:\Windows\SysWOW64\winsta.dll -> [2009.07.14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(FLEXnet Licensing Service 64) [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2010.02.21 03:40:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) 64bit-(IBMPMSVC) [Auto | Running] -> C:\Windows\SysNative\ibmpmsvc.exe -> [2009.11.18 06:04:24 | 000,045,928 | ---- | M] (Lenovo.) 64bit-(TPHDEXLGSVC) [On_Demand | Stopped] -> C:\Windows\SysNative\TPHDEXLG64.exe -> [2009.10.09 12:12:52 | 000,047,656 | ---- | M] (Lenovo.) 64bit-(TurboBoost) [On_Demand | Stopped] -> C:\Program Files\Intel\TurboBoost\TurboBoost.exe -> [2009.09.29 17:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) 64bit-(AppMgmt) [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) (AVP) Kaspersky Anti-Virus Service [Auto | Running] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -> [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2010.02.21 03:38:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) (TeamViewer5) TeamViewer 5 [Auto | Running] -> C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -> [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) (Application Updater) Application Updater [Auto | Running] -> C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -> [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo) [Auto | Running] -> c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -> [2009.12.18 18:03:12 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) (AcSvc) AcSvc [Auto | Running] -> C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -> [2009.12.11 12:22:06 | 000,255,336 | ---- | M] (Lenovo) (AcPrfMgrSvc) AcPrfMgrSvc [Auto | Running] -> C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -> [2009.12.11 12:22:04 | 000,124,264 | ---- | M] (Lenovo) (DozeSvc) Lenovo Doze Mode Service [Auto | Running] -> C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -> [2009.12.10 19:11:00 | 000,161,128 | ---- | M] (Lenovo.) (Power Manager DBC Service) Power Manager DBC Service [On_Demand | Stopped] -> C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -> [2009.12.10 19:11:00 | 000,075,112 | ---- | M] (Lenovo) (LENOVO.MICMUTE) Lenovo Microphone Mute [Auto | Running] -> C:\Programme\Lenovo\HOTKEY\micmute.exe -> [2009.11.17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) (TPHKSVC) Anzeige am Bildschirm [Auto | Running] -> C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -> [2009.11.16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) (LENOVO.CAMMUTE) Lenovo Camera Mute [Auto | Running] -> C:\Programme\Lenovo\HOTKEY\cammute.exe -> [2009.11.09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) (UNS) Intel(R) Management & Security Application User Notification Service [Auto | Stopped] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2009.10.01 10:08:46 | 002,320,920 | ---- | M] (Intel Corporation) (LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2009.10.01 10:08:44 | 000,268,824 | ---- | M] (Intel Corporation) (SUService) System Update [Auto | Running] -> c:\Program Files (x86)\Lenovo\System Update\SUService.exe -> [2009.09.24 22:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) (EvtEng) Intel(R) PROSet/Wireless Event Log [Auto | Stopped] -> C:\Programme\Intel\WiFi\bin\EvtEng.exe -> [2009.09.21 16:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Auto | Running] -> C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2009.09.21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) (TVT Backup Service) TVT Backup Service [On_Demand | Running] -> C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe -> [2009.09.04 05:30:52 | 001,474,560 | ---- | M] (Lenovo Group Limited) (ThinkVantage Registry Monitor Service) ThinkVantage Registry Monitor Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -> [2009.08.28 14:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) (btwdins) Bluetooth Service [Auto | Running] -> C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -> [2009.08.11 16:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) (HsfXAudioService) HsfXAudioService [Auto | Running] -> C:\Windows\SysWOW64\XAudio64.dll -> [2009.04.29 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) (IviRegMgr) IviRegMgr [Auto | Running] -> C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Driver Services - Safe List] 64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2011.01.19 04:40:07 | 000,556,120 | ---- | M] (Kaspersky Lab) 64bit-(kl2) kl2 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kl2.sys -> [2010.06.09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) 64bit-(KL1) KL1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2010.06.09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) 64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2010.04.22 23:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) 64bit-(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klim6.sys -> [2010.04.22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) 64bit-(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDRT64.sys -> [2010.01.20 13:14:06 | 000,682,040 | ---- | M] (Conexant Systems Inc.) 64bit-(DzHDD64) DzHDD64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\DZHDD64.SYS -> [2009.12.10 19:11:00 | 000,030,320 | ---- | M] (Lenovo.) 64bit-(TPPWRIF) TPPWRIF [Kernel | System | Running] -> C:\Windows\SysNative\drivers\TPPWR64V.SYS -> [2009.12.10 19:11:00 | 000,013,104 | ---- | M] () 64bit-(e1kexpress) Intel(R) PRO/1000 PCI Express Network Connection Driver K [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\e1k62x64.sys -> [2009.12.10 17:37:56 | 000,294,064 | ---- | M] (Intel Corporation) 64bit-(qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -> [2009.12.08 10:14:40 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) 64bit-(qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\qcusbserlno2k.sys -> [2009.12.08 10:14:40 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) 64bit-(qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\qcfilterlno2k.sys -> [2009.12.08 10:14:40 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) 64bit-(vpcvmm) Virtual PC-Monitor für virtuelle Computer [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vpcvmm.sys -> [2009.12.01 18:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) 64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009.11.20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) 64bit-(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ibmpmdrv.sys -> [2009.11.18 06:04:04 | 000,032,880 | ---- | M] (Lenovo.) 64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2009.11.11 12:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) 64bit-(teamviewervpn) TeamViewer VPN Adapter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\teamviewervpn.sys -> [2009.11.09 18:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) 64bit-(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klmouflt.sys -> [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) 64bit-(5U877) USB Video Device [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\5U877.sys -> [2009.10.27 08:54:40 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) 64bit-(rimspci) rimspci [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\rimspe64.sys -> [2009.10.26 06:52:00 | 000,061,952 | ---- | M] (REDC) 64bit-(Impcd) Impcd [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Impcd.sys -> [2009.10.26 04:39:44 | 000,151,936 | ---- | M] (Intel Corporation) 64bit-(sdbus) sdbus [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2009.10.10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) 64bit-(Shockprf) Shockprf [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ApsX64.sys -> [2009.10.09 12:11:38 | 000,136,744 | ---- | M] (Lenovo.) 64bit-(TPDIGIMN) TPDIGIMN [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ApsHM64.sys -> [2009.10.09 12:10:00 | 000,023,592 | ---- | M] (Lenovo.) 64bit-(TurboB) Turbo Boost UI Monitor driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\TurboB.sys -> [2009.09.29 17:25:50 | 000,012,728 | ---- | M] () 64bit-(TVTI2C) Lenovo SM bus driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\tvti2c.sys -> [2009.09.24 12:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) 64bit-(vpcnfltr) Virtual PC Network Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vpcnfltr.sys -> [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) 64bit-(vpcusb) USB-Virtualisierungsconnectordienst [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vpcusb.sys -> [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) 64bit-(vpcbus) Virtual PC-Hostbusdienst [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vpchbus.sys -> [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) 64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009.09.17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) 64bit-(NETw5s64) Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NETw5s64.sys -> [2009.09.15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(usbser) USB Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbser.sys -> [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) 64bit-(TPM) TPM [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\tpm.sys -> [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) 64bit-(psadd) Lenovo Parties Service Access Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\psadd.sys -> [2009.07.02 03:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) 64bit-(btwavdt) Bluetooth AVDT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwavdt.sys -> [2009.07.01 04:46:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) 64bit-(btwaudio) Bluetooth-Audiogerät [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwaudio.sys -> [2009.07.01 04:46:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) 64bit-(btwrchid) btwrchid [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwrchid.sys -> [2009.07.01 04:46:00 | 000,021,160 | ---- | M] (Broadcom Corporation.) 64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CAX_DPV.sys -> [2009.06.30 05:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) 64bit-(CAXHWAZL) CAXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CAXHWAZL.sys -> [2009.06.30 05:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) 64bit-(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CAX_CNXT.sys -> [2009.06.30 04:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) 64bit-(SrvHsfV92) SrvHsfV92 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTDPV6.SYS -> [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) 64bit-(SrvHsfWinac) SrvHsfWinac [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTCNXT6.SYS -> [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) 64bit-(SrvHsfHDA) SrvHsfHDA [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTAZL6.SYS -> [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) 64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () 64bit-(igfx) igfx [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) 64bit-(netw5v64) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\netw5v64.sys -> [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) 64bit-(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\XAudio64.sys -> [2009.04.29 03:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) 64bit-(btwl2cap) Bluetooth L2CAP Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwl2cap.sys -> [2009.04.07 07:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) 64bit-(lenovo.smi) Lenovo System Interface Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\smiifx64.sys -> [2008.05.12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) 64bit-(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -> [2008.05.02 09:59:08 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) 64bit-(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -> [2008.05.02 09:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) 64bit-(nmwcdcx64) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbox64.sys -> [2008.05.02 09:58:48 | 000,023,552 | ---- | M] (Nokia) 64bit-(nmwcdx64) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbx64.sys -> [2008.05.02 09:58:48 | 000,018,432 | ---- | M] (Nokia) 64bit-(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\mdmxsdk.sys -> [2006.06.18 14:27:24 | 000,017,024 | ---- | M] (Conexant) (smihlp) SMI Helper Driver (smihlp) [Kernel | Auto | Running] -> C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -> [2009.03.13 14:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: Main\\"Default_Page_URL" -> http://lenovo.msn.com -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: Main\\"Default_Secondary_Page_URL" -> http://www.lenovo.com/welcome/thinkpad [binary data] -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: Main\\"Secondary Start Pages" -> http://www.lenovo.com/welcome/thinkpad [binary data] -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: Main\\"Start Page" -> http://lenovo.msn.com -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: URLSearchHooks\\"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll [Reg Error: Value error.] -> [2010.01.08 01:27:40 | 001,109,504 | ---- | M] (Spigot, Inc.) HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Users\Helmut\AppData\Roaming\Mozilla\FireFox\Profiles\q2pczals.default\prefs.js -> browser.search.param.yahoo-fr -> "chr-greentree_ff&type=302398" -> extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 -> extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3 -> extensions.enabledItems -> piclens@cooliris.com:1.12.0.36949 -> extensions.enabledItems -> foxstocks@ilan.cohen:1.36 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 -> extensions.enabledItems -> {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1 -> network.proxy.type -> 4 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010.12.15 05:50:47 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010.12.15 05:50:47 | 000,000,000 | ---D | M] HKLM\software\mozilla\Thunderbird\Extensions -> -> < FireFox Extensions [User Folders] > -> -> C:\Users\Helmut\AppData\Roaming\mozilla\Extensions -> [2010.02.20 22:15:58 | 000,000,000 | ---D | M] -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions -> [2011.01.19 04:09:18 | 000,000,000 | ---D | M] Forecastfox Weather -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2010.12.15 06:05:55 | 000,000,000 | ---D | M] IE Tab 2 (FF 3.6+) -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} -> [2011.01.14 16:43:13 | 000,000,000 | ---D | M] NoScript -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2011.01.14 16:43:13 | 000,000,000 | ---D | M] -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\foxstocks@ilan.cohen -> [2010.02.20 23:27:56 | 000,000,000 | ---D | M] -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\piclens@cooliris.com -> [2010.07.08 17:37:13 | 000,000,000 | ---D | M] -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\piclens@cooliris.com-trash -> [2010.07.08 17:37:13 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\mozilla firefox\extensions -> [2011.01.19 04:41:22 | 000,000,000 | ---D | M] Java Console -> C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010.04.23 09:35:24 | 000,000,000 | ---D | M] Java Console -> C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010.10.08 05:20:41 | 000,000,000 | ---D | M] -> C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru -> [2011.01.19 04:41:22 | 000,000,000 | ---D | M] -> C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru -> [2011.01.19 04:41:19 | 000,000,000 | ---D | M] FoxStocks -> C:\USERS\HELMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2PCZALS.DEFAULT\EXTENSIONS\FOXSTOCKS@ILAN.COHEN -> [2010.02.20 23:27:56 | 000,000,000 | ---D | M] Cooliris -> C:\USERS\HELMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2PCZALS.DEFAULT\EXTENSIONS\PICLENS@COOLIRIS.COM -> [2010.07.08 17:37:13 | 000,000,000 | ---D | M] < FireFox Components [Program Folders] > -> coolirisstub.dll -> C:\USERS\HELMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2PCZALS.DEFAULT\EXTENSIONS\PICLENS@COOLIRIS.COM\components\coolirisstub.dll -> [2010.06.14 11:08:48 | 000,057,856 | ---- | M] () < HOSTS File > ([2009.06.10 22:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll [IEVkbdBHO Class] -> [2010.10.05 20:27:50 | 000,061,624 | ---- | M] (Kaspersky Lab ZAO) {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID-Anmelde-Hilfsprogramm] -> [2009.08.18 11:50:40 | 000,532,336 | ---- | M] (Microsoft Corporation) {E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [FilterBHO Class] -> [2010.10.05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [IEVkbdBHO Class] -> [2010.10.05 20:27:00 | 000,068,280 | ---- | M] (Kaspersky Lab ZAO) {6FE6A929-59D1-4763-91AD-29B61CFFB35B} [HKLM] -> C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll [CmjBrowserHelperObject Object] -> [2008.11.14 03:45:50 | 000,070,944 | ---- | M] (Mindjet) {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) {B922D405-6D13-4A2B-AE89-08A030DA4402} [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [pdfforge Toolbar] -> [2010.01.08 03:17:38 | 000,700,416 | ---- | M] (Spigot, Inc.) {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} [HKLM] -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [IePasswordManagerHelper Class] -> [2009.08.26 15:32:18 | 000,763,192 | ---- | M] (Lenovo Group Limited) {E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll [Reg Error: Value error.] -> [2010.01.08 01:27:40 | 001,109,504 | ---- | M] (Spigot, Inc.) {E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [FilterBHO Class] -> [2010.10.05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO) {F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{D5F11930-C4B8-4248-88C3-43621271B3FA}" [HKLM] -> C:\Programme\PC-Doctor\ATLPcdToolbar.dll [Lenovo ThinkVantage Toolbox] -> [2009.11.14 08:29:22 | 000,152,048 | ---- | M] (PC-Doctor, Inc.) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) "{B922D405-6D13-4A2B-AE89-08A030DA4402}" [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [pdfforge Toolbar] -> [2010.01.08 03:17:38 | 000,700,416 | ---- | M] (Spigot, Inc.) "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AcWin7Hlpr" -> C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe] -> [2009.10.13 17:33:02 | 000,036,864 | ---- | M] () "NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2009.12.03 09:32:00 | 016,414,312 | ---- | M] (NVIDIA Corporation) "nwiz" -> C:\Windows\SysNative\nwiz.exe [nwiz.exe /installquiet] -> [2009.12.02 23:17:58 | 001,712,744 | ---- | M] () "SmartAudio" -> C:\Program Files\CONEXANT\SAII\SAIICpl.exe [C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t] -> [2009.07.16 04:38:58 | 000,307,768 | ---- | M] () "TPHOTKEY" -> C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe] -> [2009.11.17 06:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) "TpShocks" -> C:\Windows\SysNative\TpShocks.exe [TpShocks.exe] -> [2009.12.11 12:20:26 | 000,380,776 | ---- | M] (Lenovo.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Acrobat Assistant 8.0" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) "Adobe Acrobat Speed Launcher" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2008.06.12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) "AdobeCS4ServiceManager" -> C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2008.08.14 07:58:34 | 000,611,712 | ---- | M] (Adobe Systems Incorporated) "AVP" -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"] -> [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) "IMSS" -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ["C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"] -> [2009.10.01 10:08:36 | 000,111,640 | ---- | M] () "Launch Backup Service Once" -> C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe [C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start] -> [2009.08.28 14:27:58 | 000,021,304 | ---- | M] () "Message Center Plus" -> C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start] -> [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () "MMReminderService" -> C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe [C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe] -> [2008.11.14 03:46:04 | 000,037,656 | ---- | M] (Mindjet) "PWMTRV" -> [rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor] -> File not found "RotateImage" -> C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe] -> [2008.10.30 15:24:26 | 000,055,808 | ---- | M] (Ricoh co.,Ltd.) "SearchSettings" -> C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe [C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe] -> [2010.01.08 01:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) "WinampAgent" -> C:\Program Files (x86)\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] -> [2010.01.13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "msnmsgr" -> ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found \\"NoActiveDesktopChanges" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [0] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"EnableLUA" -> [0] -> File not found \\"PromptOnSecureDesktop" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> Nach Microsoft &Excel exportieren -> [res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> Nach Microsoft &Excel exportieren -> [res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> File not found < 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> An vorhandene PDF-Datei anfügen -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) Bild an &Bluetooth-Gerät senden... -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm] -> [2008.12.10 11:36:32 | 000,001,430 | ---- | M] () Hinzufügen zu Anti-Banner -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm] -> [2010.10.05 19:57:56 | 000,001,452 | ---- | M] () In Adobe PDF konvertieren -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) Linkziel an vorhandene PDF-Datei anhängen -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) Linkziel in Adobe PDF konvertieren -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) Seite an &Bluetooth-Gerät senden... -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] () < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> An vorhandene PDF-Datei anfügen -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) Bild an &Bluetooth-Gerät senden... -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm] -> [2008.12.10 11:36:32 | 000,001,430 | ---- | M] () Hinzufügen zu Anti-Banner -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm] -> [2010.10.05 19:57:56 | 000,001,452 | ---- | M] () In Adobe PDF konvertieren -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) Linkziel an vorhandene PDF-Datei anhängen -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) Linkziel in Adobe PDF konvertieren -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated) Nach Microsoft &Excel exportieren -> [res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> File not found Seite an &Bluetooth-Gerät senden... -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] () < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [Button: &Virtuelle Tastatur] -> [2010.10.05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO) {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] () {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [Menu: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] () {CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [Button: Li&nks untersuchen] -> [2010.10.05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2F72393D-2472-4F82-B600-ED77F354B7FF}:{6FE6A929-59D1-4763-91AD-29B61CFFB35B} [HKLM] -> C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll [Button: An Mindjet MindManager senden] -> [2008.11.14 03:45:50 | 000,070,944 | ---- | M] (Mindjet) {4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: &Virtuelle Tastatur] -> [2010.10.05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL [Button: Recherchieren] -> [2007.04.19 14:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation) {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [Button: Senden an Bluetooth] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] () {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [Menu: Senden an &Bluetooth-Gerät...] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] () {CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: Li&nks untersuchen] -> [2010.10.05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO) {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}:{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} [HKLM] -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [Menu: Lenovo Password Manager...] -> [2009.08.26 15:32:18 | 000,763,192 | ---- | M] (Lenovo Group Limited) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\Software\Microsoft\Internet Explorer\Extensions\ -> 64bit-CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> [@C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015;Senden an Bluetooth] -> File not found CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 [Senden an Bluetooth;@C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015;Senden an Bluetooth] -> File not found < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.178.254 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {797D86F6-5394-4391-9B91-C41F6F694673}\\DhcpNameServer -> 192.168.178.254 (Intel(R) 82577LM Gigabit Network Connection) -> < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll -> C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll -> [2010.10.05 20:27:54 | 000,029,368 | ---- | M] (Kaspersky Lab ZAO) C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll -> C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll -> [2010.10.05 20:27:50 | 000,017,592 | ---- | M] (Kaspersky Lab ZAO) *MultiFile Done* -> -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll -> C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll -> [2010.10.05 20:27:12 | 000,025,272 | ---- | M] (Kaspersky Lab ZAO) C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll -> C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll -> [2010.10.05 20:27:10 | 000,109,240 | ---- | M] (Kaspersky Lab ZAO) *MultiFile Done* -> -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009.07.14 02:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> klogon -> C:\Windows\SysNative\klogon.dll -> [2010.10.05 20:27:52 | 000,233,656 | ---- | M] (Kaspersky Lab ZAO) psfus -> C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll -> [2009.08.17 14:27:22 | 000,135,432 | ---- | M] (UPEK Inc.) < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {03F7C2B2-6AF1-45B0-9C86-556A73AEE509} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {1B721B20-3F9C-4174-909C-612CDF981235} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {1C589A15-21F2-4E87-BD36-17E5BC6414E5} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {2730B178-AA96-4685-BFE7-200665586EF7} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {2CCC36CB-4875-43D9-AF69-AA54FEA811BF} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {383B7B81-78B0-4DA4-98E9-E680497FDBE0} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {49038D97-9756-437F-BEFE-74BA2F64B02E} -> lport=5353 | profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | {49C36B46-9EA0-4822-AAC9-FE9DE4A1E0D8} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {4CEFD534-2EF1-4CD0-A39A-50A27CDCE19E} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {6A43390C-5486-427A-B406-F436F3125A5C} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {71E11ABF-1CCB-4FED-9757-F2F0D36C9401} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {84015D77-E22B-485D-ADED-575035DB07C6} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {870104F8-172C-4546-B935-29457E59256D} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {9776AFB2-7714-4DFD-922D-4926C15FBDCD} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {A88B1DC3-34A6-4EBD-A87B-4E93E4219873} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {A909580C-BF57-4B5C-A5EA-FA30E7EAD9AB} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {B3E3C9B7-B5BB-4A24-8EA9-09EF3BC52C83} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {BEAFC35D-F91F-40F5-B6A0-C07D475D835A} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {D23E8E48-AE37-4E59-A094-956140725421} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {DB9A7590-B69A-487A-8A38-20FEEC2ED402} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {ED649ADA-6AF4-4075-A8CA-5C99EAEAA764} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {FD7696B5-3197-44E0-90DC-DB481526F010} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {015CE0C8-A7BA-4944-A532-994594B8EFD2} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {05FA21CB-400D-4AFA-A05A-87772C45DA20} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {21F92401-CB39-4DDD-81EE-BFBD3EBC3901} -> profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | {2286BDE5-7098-48A5-8496-FA2F7133990B} -> profile=public | protocol=17 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | {2922760B-9EF2-4CF2-A95D-4F6A10F02903} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {3307EFAC-522D-495B-A918-C4FCE5066570} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {37597B51-21DA-4305-AA76-1760E461BD7F} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | {4DE834ED-7B70-4911-A0BE-AD923FAE6F4E} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {5AF48F4B-83B9-4087-AA93-8BDAB9148AF5} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {5B9D54BC-8FEF-42D1-AF0D-9282435EF676} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {5C774DBA-83A3-4F15-BA90-A81F90C653AF} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {5D62B2E4-FD01-4220-BE22-7F6BAFB849B2} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {7B047FFF-75BC-46ED-B419-7FD39C8C74C9} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {7B62C7B1-A308-4ADE-8341-84EBF998A19E} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {8373C8DE-5965-4920-8EAE-568F4E233DA8} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {9C1F1D4B-4B43-404D-8273-81A95079AA1E} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {9C5E64D7-F752-4BCF-BC53-02B7F654719E} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {9DADE123-33AF-453D-9002-CF3FDA66592D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {A38844A2-5988-422C-BE8A-C18305EBE50A} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {A9457797-E0F9-43CE-96B9-85D3B64F62C7} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {AFDCEC0E-0DE3-4118-98F3-A2AF1E471352} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {C37178AC-1F1C-46F9-9DD5-719E9C6601E9} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | {CF929CA7-7DDA-4736-9A9B-691317B3B03B} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {EE4B8BBE-4653-4395-B61A-2DAB055AED78} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {F5E20EF1-8677-4519-9896-796A2B43CBA5} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | TCP Query User{31D10690-5AA1-49B6-AA3D-62357D75E3D1}C:\programdata\kaspersky lab setup files\kaspersky internet security 2011 11.0.2.556\de\setup.exe -> profile=public | protocol=6 | dir=in | action=allow | name=setup | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2011 11.0.2.556\de\setup.exe | UDP Query User{CC6356EB-A413-4B38-8EBA-F71B9C78790A}C:\programdata\kaspersky lab setup files\kaspersky internet security 2011 11.0.2.556\de\setup.exe -> profile=public | protocol=17 | dir=in | action=allow | name=setup | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2011 11.0.2.556\de\setup.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM-Laufwerktreiber -> "ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> Q:\AUTORUN.INF [[AutoRun] | open=LenovoQDrive.exe | icon=qdrive.ico | ] -> Q:\AUTORUN.INF [ NTFS ] -> [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{5dedf56c-bfe5-11df-b236-00a0c6000000} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dedf56c-bfe5-11df-b236-00a0c6000000}\shell \{5dedf56c-bfe5-11df-b236-00a0c6000000}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dedf56c-bfe5-11df-b236-00a0c6000000}\shell\AutoRun\command \{5dedf56c-bfe5-11df-b236-00a0c6000000}\shell\AutoRun\command\\"" -> [D:\LaunchU3.exe] -> File not found \{7393924d-8513-11df-a910-001f1637fe34} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7393924d-8513-11df-a910-001f1637fe34}\shell \{7393924d-8513-11df-a910-001f1637fe34}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7393924d-8513-11df-a910-001f1637fe34}\shell\AutoRun\command \{7393924d-8513-11df-a910-001f1637fe34}\shell\AutoRun\command\\"" -> [D:\AutoRun.exe] -> File not found \{73939253-8513-11df-a910-001f1637fe34} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73939253-8513-11df-a910-001f1637fe34}\shell \{73939253-8513-11df-a910-001f1637fe34}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73939253-8513-11df-a910-001f1637fe34}\shell\AutoRun\command \{73939253-8513-11df-a910-001f1637fe34}\shell\AutoRun\command\\"" -> [D:\AutoRun.exe] -> File not found \{eca7d7f7-0d6c-11df-804f-806e6f6e6963} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca7d7f7-0d6c-11df-804f-806e6f6e6963}\shell \{eca7d7f7-0d6c-11df-804f-806e6f6e6963}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca7d7f7-0d6c-11df-804f-806e6f6e6963}\shell\AutoRun\command \{eca7d7f7-0d6c-11df-804f-806e6f6e6963}\shell\AutoRun\command\\"" -> Q:\LenovoQDrive.exe [Q:\LenovoQDrive.exe] -> [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009.07.14 02:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2010.09.08 05:28:01 | 010,988,544 | ---- | M] (Microsoft Corporation) 64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010.09.08 05:28:44 | 005,977,600 | ---- | M] (Microsoft Corporation) 64bit-piffile [open] -> "%1" %* -> File not found 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009.07.14 02:38:51 | 000,130,048 | ---- | M] (Microsoft Corporation) 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010.01.30 23:27:38 | 000,141,061 | ---- | M] () 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009.07.14 02:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation) 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010.01.30 23:27:38 | 000,141,061 | ---- | M] () 64bit-Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) 64bit-Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) 64bit-Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) 64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009.07.14 02:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009.07.14 02:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation) InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2010.09.08 05:28:01 | 010,988,544 | ---- | M] (Microsoft Corporation) InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010.09.08 05:28:44 | 005,977,600 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009.07.14 02:14:08 | 000,128,000 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010.01.30 23:27:38 | 000,141,061 | ---- | M] () Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009.07.14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010.01.30 23:27:38 | 000,141,061 | ---- | M] () Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) Folder [open] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 13.01.2011 04:18:33 Computer Name = Helmut-NB | Source = MSSQL$MSSMLBIZ | ID = 8313 -> Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert. Application [ Error ] 13.01.2011 04:18:33 Computer Name = Helmut-NB | Source = MSSQL$MSSMLBIZ | ID = 3409 -> Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt. Application [ Error ] 13.01.2011 04:19:56 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert . Application [ Error ] 13.01.2011 04:21:42 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert . Application [ Error ] 13.01.2011 04:21:42 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert . Application [ Error ] 13.01.2011 04:21:51 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert . Application [ Error ] 13.01.2011 04:21:51 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert . Application [ Error ] 14.01.2011 02:42:39 Computer Name = Helmut-NB | Source = MSSQL$MSSMLBIZ | ID = 8313 -> Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert. Application [ Error ] 14.01.2011 02:42:39 Computer Name = Helmut-NB | Source = MSSQL$MSSMLBIZ | ID = 3409 -> Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt. Application [ Error ] 14.01.2011 02:44:13 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert . Lenovo-Message Center Plus/Admin [ Error ] 09.01.2011 05:36:44 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. Lenovo-Message Center Plus/Admin [ Error ] 09.01.2011 09:43:43 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. Lenovo-Message Center Plus/Admin [ Error ] 10.01.2011 15:53:23 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. Lenovo-Message Center Plus/Admin [ Error ] 12.01.2011 05:50:34 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. Lenovo-Message Center Plus/Admin [ Error ] 12.01.2011 11:30:54 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. Lenovo-Message Center Plus/Admin [ Error ] 13.01.2011 07:26:40 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. Lenovo-Message Center Plus/Admin [ Error ] 13.01.2011 12:48:50 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. Lenovo-Message Center Plus/Admin [ Error ] 14.01.2011 06:31:39 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. Lenovo-Message Center Plus/Admin [ Error ] 14.01.2011 11:42:22 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. Lenovo-Message Center Plus/Admin [ Error ] 18.01.2011 20:57:33 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = DCOM | ID = 10005 -> Description = System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = DCOM | ID = 10005 -> Description = System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 System [ Error ] 26.08.2010 06:29:31 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7000 -> Description = Der Dienst "regi" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 [Files/Folders - Created Within 30 Days] OTS -> C:\Program Files (x86)\OTS -> [2011.01.19 05:06:40 | 000,000,000 | ---D | C] COMODO -> C:\Programme\COMODO -> [2011.01.19 04:47:34 | 000,000,000 | ---D | C] Config.Msi -> C:\Config.Msi -> [2011.01.19 04:46:48 | 000,000,000 | -HSD | C] Kaspersky Internet Security 2011 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011 -> [2011.01.19 04:41:22 | 000,000,000 | ---D | C] Kaspersky Lab -> C:\Program Files (x86)\Kaspersky Lab -> [2011.01.19 04:40:18 | 000,000,000 | ---D | C] klif.sys -> C:\Windows\SysNative\drivers\klif.sys -> [2011.01.19 04:40:07 | 000,556,120 | ---- | C] (Kaspersky Lab) Comodo -> C:\ProgramData\Comodo -> [2011.01.19 03:58:48 | 000,000,000 | ---D | C] kleaner.tmp -> C:\kleaner.tmp -> [2011.01.19 00:27:00 | 000,000,000 | -H-D | C] Broadcom -> C:\Users\Helmut\AppData\Local\Broadcom -> [2011.01.18 19:36:08 | 000,000,000 | ---D | C] Bluetooth-Exchange-Ordner -> C:\Users\Helmut\Documents\Bluetooth-Exchange-Ordner -> [2011.01.18 19:36:08 | 000,000,000 | ---D | C] MSMCML09.DLL -> C:\Windows\SysNative\MSMCML09.DLL -> [2011.01.14 19:33:08 | 000,298,496 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) MSPOOL09.DLL -> C:\Windows\SysNative\MSPOOL09.DLL -> [2011.01.14 19:33:08 | 000,073,216 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) MTAG3209.DLL -> C:\Windows\SysNative\MTAG3209.DLL -> [2011.01.14 19:33:08 | 000,007,168 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) MLMON_09.DLL -> C:\Windows\SysNative\MLMON_09.DLL -> [2011.01.14 19:33:06 | 000,059,392 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) MIMF3209.DLL -> C:\Windows\SysNative\MIMF3209.DLL -> [2011.01.14 19:33:06 | 000,017,408 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) MICM__09.DLL -> C:\Windows\SysNative\MICM__09.DLL -> [2011.01.14 19:33:06 | 000,013,312 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) MGDI3209.DLL -> C:\Windows\SysNative\MGDI3209.DLL -> [2011.01.14 19:33:05 | 000,034,816 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) MCMM__09.DLL -> C:\Windows\SysNative\MCMM__09.DLL -> [2011.01.14 19:33:05 | 000,021,504 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) webio_1.dll -> C:\Windows\SysNative\webio_1.dll -> [2011.01.14 18:38:22 | 000,395,776 | ---- | C] (Microsoft Corporation) Skype -> C:\Users\Helmut\AppData\Roaming\Skype -> [2011.01.14 18:33:24 | 000,000,000 | ---D | C] 1 C:\*.tmp files -> C:\*.tmp -> [Files/Folders - Modified Within 30 Days] 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011.01.19 16:26:13 | 000,020,704 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011.01.19 16:26:13 | 000,020,704 | -H-- | M] () OTL.exe - Verknüpfung.lnk -> C:\Users\Helmut\Desktop\OTL.exe - Verknüpfung.lnk -> [2011.01.19 16:21:23 | 000,001,314 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011.01.19 16:18:38 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2011.01.19 16:18:29 | 3110,875,136 | -HS- | M] () klin.dat -> C:\Windows\SysNative\drivers\klin.dat -> [2011.01.19 04:52:57 | 000,150,083 | ---- | M] () klick.dat -> C:\Windows\SysNative\drivers\klick.dat -> [2011.01.19 04:52:57 | 000,107,075 | ---- | M] () sfi.dat -> C:\Windows\SysNative\drivers\sfi.dat -> [2011.01.19 04:47:53 | 000,236,912 | ---- | M] () klif.sys -> C:\Windows\SysNative\drivers\klif.sys -> [2011.01.19 04:40:07 | 000,556,120 | ---- | M] (Kaspersky Lab) PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011.01.19 00:35:23 | 001,686,864 | ---- | M] () perfh007.dat -> C:\Windows\SysNative\perfh007.dat -> [2011.01.19 00:35:23 | 000,733,288 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011.01.19 00:35:23 | 000,671,270 | ---- | M] () perfc007.dat -> C:\Windows\SysNative\perfc007.dat -> [2011.01.19 00:35:23 | 000,160,666 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011.01.19 00:35:23 | 000,130,212 | ---- | M] () bootsqm.dat -> C:\bootsqm.dat -> [2011.01.18 21:23:25 | 000,003,544 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011.01.14 19:10:27 | 003,050,776 | ---- | M] () atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2011.01.14 19:05:47 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) wiso.ini -> C:\Windows\wiso.ini -> [2011.01.14 18:24:48 | 000,000,879 | ---- | M] () 32 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 32 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 1 C:\*.tmp files -> C:\*.tmp -> [Files - No Company Name] OTL.exe - Verknüpfung.lnk -> C:\Users\Helmut\Desktop\OTL.exe - Verknüpfung.lnk -> [2011.01.19 16:21:23 | 000,001,314 | ---- | C] () sfi.dat -> C:\Windows\SysNative\drivers\sfi.dat -> [2011.01.19 04:43:47 | 000,236,912 | ---- | C] () klin.dat -> C:\Windows\SysNative\drivers\klin.dat -> [2011.01.19 04:41:08 | 000,150,083 | ---- | C] () klick.dat -> C:\Windows\SysNative\drivers\klick.dat -> [2011.01.19 04:41:07 | 000,107,075 | ---- | C] () bootsqm.dat -> C:\bootsqm.dat -> [2011.01.18 21:23:25 | 000,003,544 | ---- | C] () MSUMLT09.INI -> C:\Windows\MSUMLT09.INI -> [2011.01.14 19:33:08 | 000,024,028 | ---- | C] () MUNZ__09.UNM -> C:\Windows\SysNative\MUNZ__09.UNM -> [2011.01.14 19:33:08 | 000,003,212 | ---- | C] () MSHRES09.DLL -> C:\Windows\SysNative\MSHRES09.DLL -> [2011.01.14 19:33:07 | 000,002,560 | ---- | C] () MSEP0109.SEP -> C:\Windows\SysNative\MSEP0109.SEP -> [2011.01.14 19:33:07 | 000,000,061 | ---- | C] () webio.dll -> C:\Windows\SysNative\webio.dll -> [2011.01.14 18:38:22 | 000,394,752 | ---- | C] () wanancsp.dat -> C:\Users\Helmut\AppData\Local\wanancsp.dat -> [2010.04.30 13:05:10 | 000,646,848 | ---- | C] () Transfer W169.245 Start 2010_02_04.mmap.pdf -> C:\Users\Helmut\AppData\Local\Transfer W169.245 Start 2010_02_04.mmap.pdf -> [2010.03.08 06:11:22 | 001,545,486 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010.03.06 18:34:02 | 000,005,632 | ---- | C] () wiso.ini -> C:\Windows\wiso.ini -> [2010.02.22 20:21:26 | 000,000,879 | ---- | C] () cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010.02.21 00:55:47 | 000,000,034 | ---- | C] () ODBC.INI -> C:\Windows\ODBC.INI -> [2010.02.20 23:35:22 | 000,000,400 | ---- | C] () PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010.01.30 08:50:16 | 001,710,496 | ---- | C] () nView.dll -> C:\Windows\SysWow64\nView.dll -> [2010.01.30 08:09:22 | 001,612,392 | ---- | C] () nvwimg.dll -> C:\Windows\SysWow64\nvwimg.dll -> [2010.01.30 08:09:22 | 001,108,584 | ---- | C] () webio.dll -> C:\Windows\SysWow64\webio.dll -> [2009.07.14 00:56:08 | 000,313,856 | ---- | C] () BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () OUTLPERF.INI -> C:\Windows\SysWow64\OUTLPERF.INI -> [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () [File - Lop Check] Buhl -> C:\Users\Helmut\AppData\Roaming\Buhl -> [2010.02.22 20:30:13 | 000,000,000 | ---D | M] Buhl Data Service -> C:\Users\Helmut\AppData\Roaming\Buhl Data Service -> [2010.02.22 20:21:52 | 000,000,000 | ---D | M] InterVideo -> C:\Users\Helmut\AppData\Roaming\InterVideo -> [2010.05.18 09:06:24 | 000,000,000 | ---D | M] Lenovo -> C:\Users\Helmut\AppData\Roaming\Lenovo -> [2010.02.20 21:24:41 | 000,000,000 | ---D | M] TeamViewer -> C:\Users\Helmut\AppData\Roaming\TeamViewer -> [2010.09.10 18:17:23 | 000,000,000 | ---D | M] PCDoctorBackgroundMonitorTask.job -> C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job -> [2010.09.08 17:00:00 | 000,000,528 | ---- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010.06.09 04:17:21 | 000,032,624 | ---- | M] () SystemToolsDailyTest.job -> C:\Windows\Tasks\SystemToolsDailyTest.job -> [2010.12.13 20:49:04 | 000,000,340 | ---- | M] () [File - Purity Scan] < End of report > [/code]