Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run anti-malware, install or update it

Started by Christoph Zimlich , Jan 19 2011 10:46 AM

  • This topic is locked This topic is locked

#1
Christoph Zimlich
Posted 19 January 2011 - 10:46 AM

Christoph Zimlich

    New Member

  • Member
  • Pip
  • 1 posts
hi all,

i have a smilar problem like this topic here
i couldnt run any updates from antvirus or spyware programs. i fixed it a bit. i found out the the rights setting of the installs folders under windows was incorrect. i changed it back to defaults and updated to kaspersky internet security 2011 und updates worked too. but the system is still infected and i want to clean it with other prgramms. when i try to install Malwarebytes' Anti-Malware i get this error:

Runtime Error (at - 1:0):

Cannot Import
dll:C:\Users\Username\AppData\Local\Temp\is-QMAOG.tmp\mbam.dll.

i did what to do in the other topic.

here is the file

thx for your help

OTS logfile created on: 19.01.2011 17:22:05 - Run 1
OTS by OldTimer - Version 3.1.41.1 Folder = C:\Program Files (x86)\OTs
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 45,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,15 Gb Total Space | 177,70 Gb Free Space | 61,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9,77 Gb Total Space | 2,08 Gb Free Space | 21,34% Space Free | Partition Type: NTFS

Computer Name: HELMUT-NB
Current User Name: Helmut
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Program Files (x86)\OTs\OTS.exe -> [2011.01.19 16:37:47 | 000,642,048 | ---- | M] (OldTimer Tools)
plugin-container.exe -> C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe -> [2010.12.15 05:50:46 | 000,016,856 | ---- | M] (Mozilla Corporation)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010.12.15 05:50:45 | 000,912,344 | ---- | M] (Mozilla Corporation)
avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -> [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
teamviewer_service.exe -> C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -> [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH)
winampa.exe -> C:\Program Files (x86)\Winamp\winampa.exe -> [2010.01.13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.)
applicationupdater.exe -> C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -> [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.)
qdlservice2klenovo.exe -> c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -> [2009.12.18 18:03:12 | 000,331,512 | ---- | M] (QUALCOMM, Inc.)
acsvc.exe -> C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -> [2009.12.11 12:22:06 | 000,255,336 | ---- | M] (Lenovo)
acprfmgrsvc.exe -> C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -> [2009.12.11 12:22:04 | 000,124,264 | ---- | M] (Lenovo)
svcguihlpr.exe -> C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe -> [2009.12.11 11:58:56 | 000,344,064 | ---- | M] (Lenovo)
acdeskbandhlpr.exe -> C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe -> [2009.12.11 11:58:54 | 000,397,312 | ---- | M] (Lenovo)
tponscr.exe -> C:\Programme\Lenovo\HOTKEY\TPONSCR.exe -> [2009.11.24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited)
micmute.exe -> C:\Programme\Lenovo\HOTKEY\micmute.exe -> [2009.11.17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited)
tposdsvc.exe -> C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe -> [2009.11.17 06:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited)
tphksvc.exe -> C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -> [2009.11.16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited)
tpnumlkd.exe -> C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe -> [2009.11.11 09:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited)
cammute.exe -> C:\Programme\Lenovo\HOTKEY\cammute.exe -> [2009.11.09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited)
lms.exe -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -> [2009.10.01 10:08:44 | 000,268,824 | ---- | M] (Intel Corporation)
tpscrex.exe -> C:\Programme\Lenovo\ZOOM\TpScrex.exe -> [2009.10.01 08:14:32 | 000,144,752 | ---- | M] (Lenovo Group Limited)
suservice.exe -> c:\Program Files (x86)\Lenovo\System Update\SUService.exe -> [2009.09.24 22:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited)
rrservice.exe -> C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe -> [2009.09.04 05:30:52 | 001,474,560 | ---- | M] (Lenovo Group Limited)
scheduler_proxy.exe -> C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe -> [2009.08.28 14:30:50 | 000,487,424 | ---- | M] (Lenovo Group Limited)
tvt_reg_monitor_svc.exe -> C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -> [2009.08.28 14:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited)
bluetoothheadsetproxy.exe -> C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe -> [2009.08.11 16:59:38 | 000,013,600 | ---- | M] (Broadcom Corporation.)
mcplaunch.exe -> C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe -> [2009.05.27 22:09:36 | 000,049,976 | ---- | M] ()
tpnumlk.exe -> C:\Programme\Lenovo\HOTKEY\tpnumlk.exe -> [2009.03.05 08:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited)
mmreminderservice.exe -> C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe -> [2008.11.14 03:46:04 | 000,037,656 | ---- | M] (Mindjet)
acrotray.exe -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.)
iviregmgr.exe -> C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo)
dlg.exe -> C:\Program Files (x86)\Digital Line Detect\DLG.exe -> [2006.11.03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software )

[Modules - Safe List]
ots.exe -> C:\Program Files (x86)\OTs\OTS.exe -> [2011.01.19 16:37:47 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll -> [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation)
winsta.dll -> C:\Windows\SysWOW64\winsta.dll -> [2009.07.14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(FLEXnet Licensing Service 64) [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2010.02.21 03:40:52 | 001,038,088 | ---- | M] (Acresso Software Inc.)
64bit-(IBMPMSVC) [Auto | Running] -> C:\Windows\SysNative\ibmpmsvc.exe -> [2009.11.18 06:04:24 | 000,045,928 | ---- | M] (Lenovo.)
64bit-(TPHDEXLGSVC) [On_Demand | Stopped] -> C:\Windows\SysNative\TPHDEXLG64.exe -> [2009.10.09 12:12:52 | 000,047,656 | ---- | M] (Lenovo.)
64bit-(TurboBoost) [On_Demand | Stopped] -> C:\Program Files\Intel\TurboBoost\TurboBoost.exe -> [2009.09.29 17:25:48 | 000,126,392 | ---- | M] (Intel® Corporation)
64bit-(AppMgmt) [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
(AVP) Kaspersky Anti-Virus Service [Auto | Running] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -> [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2010.02.21 03:38:44 | 000,655,624 | ---- | M] (Acresso Software Inc.)
(TeamViewer5) TeamViewer 5 [Auto | Running] -> C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -> [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH)
(Application Updater) Application Updater [Auto | Running] -> C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -> [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.)
(QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo) [Auto | Running] -> c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -> [2009.12.18 18:03:12 | 000,331,512 | ---- | M] (QUALCOMM, Inc.)
(AcSvc) AcSvc [Auto | Running] -> C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -> [2009.12.11 12:22:06 | 000,255,336 | ---- | M] (Lenovo)
(AcPrfMgrSvc) AcPrfMgrSvc [Auto | Running] -> C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -> [2009.12.11 12:22:04 | 000,124,264 | ---- | M] (Lenovo)
(DozeSvc) Lenovo Doze Mode Service [Auto | Running] -> C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -> [2009.12.10 19:11:00 | 000,161,128 | ---- | M] (Lenovo.)
(Power Manager DBC Service) Power Manager DBC Service [On_Demand | Stopped] -> C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -> [2009.12.10 19:11:00 | 000,075,112 | ---- | M] (Lenovo)
(LENOVO.MICMUTE) Lenovo Microphone Mute [Auto | Running] -> C:\Programme\Lenovo\HOTKEY\micmute.exe -> [2009.11.17 10:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited)
(TPHKSVC) Anzeige am Bildschirm [Auto | Running] -> C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -> [2009.11.16 10:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited)
(LENOVO.CAMMUTE) Lenovo Camera Mute [Auto | Running] -> C:\Programme\Lenovo\HOTKEY\cammute.exe -> [2009.11.09 05:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited)
(UNS) Intel® Management & Security Application User Notification Service [Auto | Stopped] -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -> [2009.10.01 10:08:46 | 002,320,920 | ---- | M] (Intel Corporation)
(LMS) Intel® Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -> [2009.10.01 10:08:44 | 000,268,824 | ---- | M] (Intel Corporation)
(SUService) System Update [Auto | Running] -> c:\Program Files (x86)\Lenovo\System Update\SUService.exe -> [2009.09.24 22:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited)
(EvtEng) Intel® PROSet/Wireless Event Log [Auto | Stopped] -> C:\Programme\Intel\WiFi\bin\EvtEng.exe -> [2009.09.21 16:24:40 | 001,420,560 | ---- | M] (Intel® Corporation)
(RegSrvc) Intel® PROSet/Wireless Registry Service [Auto | Running] -> C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2009.09.21 16:00:44 | 000,831,760 | ---- | M] (Intel® Corporation)
(TVT Backup Service) TVT Backup Service [On_Demand | Running] -> C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe -> [2009.09.04 05:30:52 | 001,474,560 | ---- | M] (Lenovo Group Limited)
(ThinkVantage Registry Monitor Service) ThinkVantage Registry Monitor Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -> [2009.08.28 14:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited)
(btwdins) Bluetooth Service [Auto | Running] -> C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -> [2009.08.11 16:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(HsfXAudioService) HsfXAudioService [Auto | Running] -> C:\Windows\SysWOW64\XAudio64.dll -> [2009.04.29 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.)
(IviRegMgr) IviRegMgr [Auto | Running] -> C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo)

[Driver Services - Safe List]
64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2011.01.19 04:40:07 | 000,556,120 | ---- | M] (Kaspersky Lab)
64bit-(kl2) kl2 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kl2.sys -> [2010.06.09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO)
64bit-(KL1) KL1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2010.06.09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2010.04.22 23:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated)
64bit-(KLIM6) Kaspersky Anti-Virus NDIS 6 Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\klim6.sys -> [2010.04.22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO)
64bit-(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDRT64.sys -> [2010.01.20 13:14:06 | 000,682,040 | ---- | M] (Conexant Systems Inc.)
64bit-(DzHDD64) DzHDD64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\DZHDD64.SYS -> [2009.12.10 19:11:00 | 000,030,320 | ---- | M] (Lenovo.)
64bit-(TPPWRIF) TPPWRIF [Kernel | System | Running] -> C:\Windows\SysNative\drivers\TPPWR64V.SYS -> [2009.12.10 19:11:00 | 000,013,104 | ---- | M] ()
64bit-(e1kexpress) Intel® PRO/1000 PCI Express Network Connection Driver K [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\e1k62x64.sys -> [2009.12.10 17:37:56 | 000,294,064 | ---- | M] (Intel Corporation)
64bit-(qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -> [2009.12.08 10:14:40 | 000,240,640 | ---- | M] (QUALCOMM Incorporated)
64bit-(qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\qcusbserlno2k.sys -> [2009.12.08 10:14:40 | 000,121,216 | ---- | M] (QUALCOMM Incorporated)
64bit-(qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\qcfilterlno2k.sys -> [2009.12.08 10:14:40 | 000,006,400 | ---- | M] (QUALCOMM Incorporated)
64bit-(vpcvmm) Virtual PC-Monitor für virtuelle Computer [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vpcvmm.sys -> [2009.12.01 18:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009.11.20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation)
64bit-(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\ibmpmdrv.sys -> [2009.11.18 06:04:04 | 000,032,880 | ---- | M] (Lenovo.)
64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2009.11.11 12:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation)
64bit-(teamviewervpn) TeamViewer VPN Adapter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\teamviewervpn.sys -> [2009.11.09 18:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH)
64bit-(klmouflt) Kaspersky Lab KLMOUFLT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\klmouflt.sys -> [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab)
64bit-(5U877) USB Video Device [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\5U877.sys -> [2009.10.27 08:54:40 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.)
64bit-(rimspci) rimspci [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\rimspe64.sys -> [2009.10.26 06:52:00 | 000,061,952 | ---- | M] (REDC)
64bit-(Impcd) Impcd [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Impcd.sys -> [2009.10.26 04:39:44 | 000,151,936 | ---- | M] (Intel Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2009.10.10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation)
64bit-(Shockprf) Shockprf [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ApsX64.sys -> [2009.10.09 12:11:38 | 000,136,744 | ---- | M] (Lenovo.)
64bit-(TPDIGIMN) TPDIGIMN [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ApsHM64.sys -> [2009.10.09 12:10:00 | 000,023,592 | ---- | M] (Lenovo.)
64bit-(TurboB) Turbo Boost UI Monitor driver [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\TurboB.sys -> [2009.09.29 17:25:50 | 000,012,728 | ---- | M] ()
64bit-(TVTI2C) Lenovo SM bus driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\tvti2c.sys -> [2009.09.24 12:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.)
64bit-(vpcnfltr) Virtual PC Network Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vpcnfltr.sys -> [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation)
64bit-(vpcusb) USB-Virtualisierungsconnectordienst [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vpcusb.sys -> [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation)
64bit-(vpcbus) Virtual PC-Hostbusdienst [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vpchbus.sys -> [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation)
64bit-(HECIx64) Intel® Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009.09.17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(NETw5s64) Intel® Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NETw5s64.sys -> [2009.09.15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(usbser) USB Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbser.sys -> [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation)
64bit-(TPM) TPM [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\tpm.sys -> [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation)
64bit-(psadd) Lenovo Parties Service Access Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\psadd.sys -> [2009.07.02 03:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.)
64bit-(btwavdt) Bluetooth AVDT [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwavdt.sys -> [2009.07.01 04:46:00 | 000,132,648 | ---- | M] (Broadcom Corporation.)
64bit-(btwaudio) Bluetooth-Audiogerät [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwaudio.sys -> [2009.07.01 04:46:00 | 000,098,344 | ---- | M] (Broadcom Corporation.)
64bit-(btwrchid) btwrchid [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwrchid.sys -> [2009.07.01 04:46:00 | 000,021,160 | ---- | M] (Broadcom Corporation.)
64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CAX_DPV.sys -> [2009.06.30 05:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.)
64bit-(CAXHWAZL) CAXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CAXHWAZL.sys -> [2009.06.30 05:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CAX_CNXT.sys -> [2009.06.30 04:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfV92) SrvHsfV92 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTDPV6.SYS -> [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfWinac) SrvHsfWinac [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTCNXT6.SYS -> [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfHDA) SrvHsfHDA [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTAZL6.SYS -> [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2009.06.10 21:38:56 | 000,000,308 | ---- | M] ()
64bit-(igfx) igfx [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation)
64bit-(netw5v64) Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\netw5v64.sys -> [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\XAudio64.sys -> [2009.04.29 03:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.)
64bit-(btwl2cap) Bluetooth L2CAP Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\btwl2cap.sys -> [2009.04.07 07:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.)
64bit-(lenovo.smi) Lenovo System Interface Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\smiifx64.sys -> [2008.05.12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited)
64bit-(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -> [2008.05.02 09:59:08 | 000,008,704 | ---- | M] (Windows ® Codename Longhorn DDK provider)
64bit-(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -> [2008.05.02 09:58:50 | 000,008,704 | ---- | M] (Windows ® Codename Longhorn DDK provider)
64bit-(nmwcdcx64) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbox64.sys -> [2008.05.02 09:58:48 | 000,023,552 | ---- | M] (Nokia)
64bit-(nmwcdx64) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbx64.sys -> [2008.05.02 09:58:48 | 000,018,432 | ---- | M] (Nokia)
64bit-(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\mdmxsdk.sys -> [2006.06.18 14:27:24 | 000,017,024 | ---- | M] (Conexant)
(smihlp) SMI Helper Driver (smihlp) [Kernel | Auto | Running] -> C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -> [2009.03.13 14:47:34 | 000,013,840 | ---- | M] (UPEK Inc.)

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> ->
HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: Main\\"Default_Page_URL" -> http://lenovo.msn.com ->
HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: Main\\"Default_Secondary_Page_URL" -> http://www.lenovo.com/welcome/thinkpad [binary data] ->
HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: Main\\"Secondary Start Pages" -> http://www.lenovo.com/welcome/thinkpad [binary data] ->
HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: Main\\"Start Page" -> http://lenovo.msn.com ->
HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: URLSearchHooks\\"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll [Reg Error: Value error.] -> [2010.01.08 01:27:40 | 001,109,504 | ---- | M] (Spigot, Inc.)
HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Helmut\AppData\Roaming\Mozilla\FireFox\Profiles\q2pczals.default\prefs.js ->
browser.search.param.yahoo-fr -> "chr-greentree_ff&type=302398" ->
extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 ->
extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3 ->
extensions.enabledItems -> [email protected]:1.12.0.36949 ->
extensions.enabledItems -> [email protected]:1.36 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
extensions.enabledItems -> {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010.12.15 05:50:47 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010.12.15 05:50:47 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions -> ->
< FireFox Extensions [User Folders] > ->
-> C:\Users\Helmut\AppData\Roaming\mozilla\Extensions -> [2010.02.20 22:15:58 | 000,000,000 | ---D | M]
-> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions -> [2011.01.19 04:09:18 | 000,000,000 | ---D | M]
Forecastfox Weather -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2010.12.15 06:05:55 | 000,000,000 | ---D | M]
IE Tab 2 (FF 3.6+) -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} -> [2011.01.14 16:43:13 | 000,000,000 | ---D | M]
NoScript -> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2011.01.14 16:43:13 | 000,000,000 | ---D | M]
-> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\[email protected] -> [2010.02.20 23:27:56 | 000,000,000 | ---D | M]
-> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\[email protected] -> [2010.07.08 17:37:13 | 000,000,000 | ---D | M]
-> C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\q2pczals.default\extensions\[email protected] -> [2010.07.08 17:37:13 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\mozilla firefox\extensions -> [2011.01.19 04:41:22 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010.04.23 09:35:24 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010.10.08 05:20:41 | 000,000,000 | ---D | M]
-> C:\Program Files (x86)\mozilla firefox\extensions\[email protected] -> [2011.01.19 04:41:22 | 000,000,000 | ---D | M]
-> C:\Program Files (x86)\mozilla firefox\extensions\[email protected] -> [2011.01.19 04:41:19 | 000,000,000 | ---D | M]
FoxStocks -> C:\USERS\HELMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2PCZALS.DEFAULT\EXTENSIONS\[email protected] -> [2010.02.20 23:27:56 | 000,000,000 | ---D | M]
Cooliris -> C:\USERS\HELMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2PCZALS.DEFAULT\EXTENSIONS\[email protected] -> [2010.07.08 17:37:13 | 000,000,000 | ---D | M]
< FireFox Components [Program Folders] > ->
coolirisstub.dll -> C:\USERS\HELMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2PCZALS.DEFAULT\EXTENSIONS\[email protected]\components\coolirisstub.dll -> [2010.06.14 11:08:48 | 000,057,856 | ---- | M] ()
< HOSTS File > ([2009.06.10 22:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll [IEVkbdBHO Class] -> [2010.10.05 20:27:50 | 000,061,624 | ---- | M] (Kaspersky Lab ZAO)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID-Anmelde-Hilfsprogramm] -> [2009.08.18 11:50:40 | 000,532,336 | ---- | M] (Microsoft Corporation)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [FilterBHO Class] -> [2010.10.05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [IEVkbdBHO Class] -> [2010.10.05 20:27:00 | 000,068,280 | ---- | M] (Kaspersky Lab ZAO)
{6FE6A929-59D1-4763-91AD-29B61CFFB35B} [HKLM] -> C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll [CmjBrowserHelperObject Object] -> [2008.11.14 03:45:50 | 000,070,944 | ---- | M] (Mindjet)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
{B922D405-6D13-4A2B-AE89-08A030DA4402} [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [pdfforge Toolbar] -> [2010.01.08 03:17:38 | 000,700,416 | ---- | M] (Spigot, Inc.)
{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} [HKLM] -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [IePasswordManagerHelper Class] -> [2009.08.26 15:32:18 | 000,763,192 | ---- | M] (Lenovo Group Limited)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll [Reg Error: Value error.] -> [2010.01.08 01:27:40 | 001,109,504 | ---- | M] (Spigot, Inc.)
{E33CF602-D945-461A-83F0-819F76A199F8} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [FilterBHO Class] -> [2010.10.05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{D5F11930-C4B8-4248-88C3-43621271B3FA}" [HKLM] -> C:\Programme\PC-Doctor\ATLPcdToolbar.dll [Lenovo ThinkVantage Toolbox] -> [2009.11.14 08:29:22 | 000,152,048 | ---- | M] (PC-Doctor, Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
"{B922D405-6D13-4A2B-AE89-08A030DA4402}" [HKLM] -> C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [pdfforge Toolbar] -> [2010.01.08 03:17:38 | 000,700,416 | ---- | M] (Spigot, Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AcWin7Hlpr" -> C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe] -> [2009.10.13 17:33:02 | 000,036,864 | ---- | M] ()
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2009.12.03 09:32:00 | 016,414,312 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\Windows\SysNative\nwiz.exe [nwiz.exe /installquiet] -> [2009.12.02 23:17:58 | 001,712,744 | ---- | M] ()
"SmartAudio" -> C:\Program Files\CONEXANT\SAII\SAIICpl.exe [C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t] -> [2009.07.16 04:38:58 | 000,307,768 | ---- | M] ()
"TPHOTKEY" -> C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe] -> [2009.11.17 06:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited)
"TpShocks" -> C:\Windows\SysNative\TpShocks.exe [TpShocks.exe] -> [2009.12.11 12:20:26 | 000,380,776 | ---- | M] (Lenovo.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Acrobat Assistant 8.0" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.)
"Adobe Acrobat Speed Launcher" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2008.06.12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated)
"AdobeCS4ServiceManager" -> C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2008.08.14 07:58:34 | 000,611,712 | ---- | M] (Adobe Systems Incorporated)
"AVP" -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"] -> [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO)
"IMSS" -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ["C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"] -> [2009.10.01 10:08:36 | 000,111,640 | ---- | M] ()
"Launch Backup Service Once" -> C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe [C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe -start] -> [2009.08.28 14:27:58 | 000,021,304 | ---- | M] ()
"Message Center Plus" -> C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start] -> [2009.05.27 22:09:36 | 000,049,976 | ---- | M] ()
"MMReminderService" -> C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe [C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe] -> [2008.11.14 03:46:04 | 000,037,656 | ---- | M] (Mindjet)
"PWMTRV" -> [rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor] -> File not found
"RotateImage" -> C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe] -> [2008.10.30 15:24:26 | 000,055,808 | ---- | M] (Ricoh co.,Ltd.)
"SearchSettings" -> C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe [C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe] -> [2010.01.08 01:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.)
"WinampAgent" -> C:\Program Files (x86)\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] -> [2010.01.13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"msnmsgr" -> ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"PromptOnSecureDesktop" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
Nach Microsoft &Excel exportieren -> [res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
Nach Microsoft &Excel exportieren -> [res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
An vorhandene PDF-Datei anfügen -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Bild an &Bluetooth-Gerät senden... -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm] -> [2008.12.10 11:36:32 | 000,001,430 | ---- | M] ()
Hinzufügen zu Anti-Banner -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm] -> [2010.10.05 19:57:56 | 000,001,452 | ---- | M] ()
In Adobe PDF konvertieren -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Linkziel an vorhandene PDF-Datei anhängen -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Linkziel in Adobe PDF konvertieren -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Seite an &Bluetooth-Gerät senden... -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] ()
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
An vorhandene PDF-Datei anfügen -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Bild an &Bluetooth-Gerät senden... -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm] -> [2008.12.10 11:36:32 | 000,001,430 | ---- | M] ()
Hinzufügen zu Anti-Banner -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm] -> [2010.10.05 19:57:56 | 000,001,452 | ---- | M] ()
In Adobe PDF konvertieren -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Linkziel an vorhandene PDF-Datei anhängen -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Linkziel in Adobe PDF konvertieren -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008.06.11 22:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Nach Microsoft &Excel exportieren -> [res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> File not found
Seite an &Bluetooth-Gerät senden... -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] ()
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [Button: &Virtuelle Tastatur] -> [2010.10.05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [Menu: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] ()
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll [Button: Li&nks untersuchen] -> [2010.10.05 20:27:52 | 000,234,168 | ---- | M] (Kaspersky Lab ZAO)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2F72393D-2472-4F82-B600-ED77F354B7FF}:{6FE6A929-59D1-4763-91AD-29B61CFFB35B} [HKLM] -> C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll [Button: An Mindjet MindManager senden] -> [2008.11.14 03:45:50 | 000,070,944 | ---- | M] (Mindjet)
{4248FE82-7FCB-46AC-B270-339F08212110}:{4248FE82-7FCB-46AC-B270-339F08212110} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: &Virtuelle Tastatur] -> [2010.10.05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL [Button: Recherchieren] -> [2007.04.19 14:10:18 | 000,063,840 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [Button: Senden an Bluetooth] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm [Menu: Senden an &Bluetooth-Gerät...] -> [2008.12.10 11:36:32 | 000,003,989 | ---- | M] ()
{CCF151D8-D089-449F-A5A4-D9909053F20F}:{CCF151D8-D089-449F-A5A4-D9909053F20F} [HKLM] -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [Button: Li&nks untersuchen] -> [2010.10.05 20:27:06 | 000,191,160 | ---- | M] (Kaspersky Lab ZAO)
{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}:{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} [HKLM] -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [Menu: Lenovo Password Manager...] -> [2009.08.26 15:32:18 | 000,763,192 | ---- | M] (Lenovo Group Limited)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
64bit-CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> [@C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015;Senden an Bluetooth] -> File not found
CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 [Senden an Bluetooth;@C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015;Senden an Bluetooth] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\] > -> HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-4241898883-52967262-3797943489-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_17] ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_21] ->
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_21] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_21] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.178.254 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{797D86F6-5394-4391-9B91-C41F6F694673}\\DhcpNameServer -> 192.168.178.254 (Intel® 82577LM Gigabit Network Connection) ->
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll -> C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll -> [2010.10.05 20:27:54 | 000,029,368 | ---- | M] (Kaspersky Lab ZAO)
C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll -> C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll -> [2010.10.05 20:27:50 | 000,017,592 | ---- | M] (Kaspersky Lab ZAO)
*MultiFile Done* -> ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll -> C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll -> [2010.10.05 20:27:12 | 000,025,272 | ---- | M] (Kaspersky Lab ZAO)
C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll -> C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll -> [2010.10.05 20:27:10 | 000,109,240 | ---- | M] (Kaspersky Lab ZAO)
*MultiFile Done* -> ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009.07.14 02:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
/pagefile -> -> File not found
*MultiFile Done* -> ->
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
klogon -> C:\Windows\SysNative\klogon.dll -> [2010.10.05 20:27:52 | 000,233,656 | ---- | M] (Kaspersky Lab ZAO)
psfus -> C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll -> [2009.08.17 14:27:22 | 000,135,432 | ---- | M] (UPEK Inc.)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{03F7C2B2-6AF1-45B0-9C86-556A73AEE509} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{1B721B20-3F9C-4174-909C-612CDF981235} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{1C589A15-21F2-4E87-BD36-17E5BC6414E5} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{2730B178-AA96-4685-BFE7-200665586EF7} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system |
{2CCC36CB-4875-43D9-AF69-AA54FEA811BF} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{383B7B81-78B0-4DA4-98E9-E680497FDBE0} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system |
{49038D97-9756-437F-BEFE-74BA2F64B02E} -> lport=5353 | profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 |
{49C36B46-9EA0-4822-AAC9-FE9DE4A1E0D8} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system |
{4CEFD534-2EF1-4CD0-A39A-50A27CDCE19E} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system |
{6A43390C-5486-427A-B406-F436F3125A5C} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system |
{71E11ABF-1CCB-4FED-9757-F2F0D36C9401} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system |
{84015D77-E22B-485D-ADED-575035DB07C6} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{870104F8-172C-4546-B935-29457E59256D} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{9776AFB2-7714-4DFD-922D-4926C15FBDCD} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system |
{A88B1DC3-34A6-4EBD-A87B-4E93E4219873} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system |
{A909580C-BF57-4B5C-A5EA-FA30E7EAD9AB} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{B3E3C9B7-B5BB-4A24-8EA9-09EF3BC52C83} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{BEAFC35D-F91F-40F5-B6A0-C07D475D835A} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system |
{D23E8E48-AE37-4E59-A094-956140725421} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss |
{DB9A7590-B69A-487A-8A38-20FEEC2ED402} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system |
{ED649ADA-6AF4-4075-A8CA-5C99EAEAA764} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{FD7696B5-3197-44E0-90DC-DB481526F010} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{015CE0C8-A7BA-4944-A532-994594B8EFD2} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 |
{05FA21CB-400D-4AFA-A05A-87772C45DA20} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{21F92401-CB39-4DDD-81EE-BFBD3EBC3901} -> profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
{2286BDE5-7098-48A5-8496-FA2F7133990B} -> profile=public | protocol=17 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
{2922760B-9EF2-4CF2-A95D-4F6A10F02903} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe |
{3307EFAC-522D-495B-A918-C4FCE5066570} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe |
{37597B51-21DA-4305-AA76-1760E461BD7F} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
{4DE834ED-7B70-4911-A0BE-AD923FAE6F4E} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{5AF48F4B-83B9-4087-AA93-8BDAB9148AF5} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system |
{5B9D54BC-8FEF-42D1-AF0D-9282435EF676} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe |
{5C774DBA-83A3-4F15-BA90-A81F90C653AF} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe |
{5D62B2E4-FD01-4220-BE22-7F6BAFB849B2} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{7B047FFF-75BC-46ED-B419-7FD39C8C74C9} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{7B62C7B1-A308-4ADE-8341-84EBF998A19E} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 |
{8373C8DE-5965-4920-8EAE-568F4E233DA8} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe |
{9C1F1D4B-4B43-404D-8273-81A95079AA1E} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{9C5E64D7-F752-4BCF-BC53-02B7F654719E} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe |
{9DADE123-33AF-453D-9002-CF3FDA66592D} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{A38844A2-5988-422C-BE8A-C18305EBE50A} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 |
{A9457797-E0F9-43CE-96B9-85D3B64F62C7} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{AFDCEC0E-0DE3-4118-98F3-A2AF1E471352} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe |
{C37178AC-1F1C-46F9-9DD5-719E9C6601E9} -> profile=private | protocol=6 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
{CF929CA7-7DDA-4736-9A9B-691317B3B03B} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 |
{EE4B8BBE-4653-4395-B61A-2DAB055AED78} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe |
{F5E20EF1-8677-4519-9896-796A2B43CBA5} -> profile=private | protocol=17 | dir=in | action=allow | name=teamviewer remote control application | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
TCP Query User{31D10690-5AA1-49B6-AA3D-62357D75E3D1}C:\programdata\kaspersky lab setup files\kaspersky internet security 2011 11.0.2.556\de\setup.exe -> profile=public | protocol=6 | dir=in | action=allow | name=setup | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2011 11.0.2.556\de\setup.exe |
UDP Query User{CC6356EB-A413-4B38-8EBA-F71B9C78790A}C:\programdata\kaspersky lab setup files\kaspersky internet security 2011 11.0.2.556\de\setup.exe -> profile=public | protocol=17 | dir=in | action=allow | name=setup | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2011 11.0.2.556\de\setup.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM-Laufwerktreiber ->
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
Q:\AUTORUN.INF [[AutoRun] | open=LenovoQDrive.exe | icon=qdrive.ico | ] -> Q:\AUTORUN.INF [ NTFS ] -> [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{5dedf56c-bfe5-11df-b236-00a0c6000000}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dedf56c-bfe5-11df-b236-00a0c6000000}\shell
\{5dedf56c-bfe5-11df-b236-00a0c6000000}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dedf56c-bfe5-11df-b236-00a0c6000000}\shell\AutoRun\command
\{5dedf56c-bfe5-11df-b236-00a0c6000000}\shell\AutoRun\command\\"" -> [D:\LaunchU3.exe] -> File not found
\{7393924d-8513-11df-a910-001f1637fe34}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7393924d-8513-11df-a910-001f1637fe34}\shell
\{7393924d-8513-11df-a910-001f1637fe34}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7393924d-8513-11df-a910-001f1637fe34}\shell\AutoRun\command
\{7393924d-8513-11df-a910-001f1637fe34}\shell\AutoRun\command\\"" -> [D:\AutoRun.exe] -> File not found
\{73939253-8513-11df-a910-001f1637fe34}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73939253-8513-11df-a910-001f1637fe34}\shell
\{73939253-8513-11df-a910-001f1637fe34}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73939253-8513-11df-a910-001f1637fe34}\shell\AutoRun\command
\{73939253-8513-11df-a910-001f1637fe34}\shell\AutoRun\command\\"" -> [D:\AutoRun.exe] -> File not found
\{eca7d7f7-0d6c-11df-804f-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca7d7f7-0d6c-11df-804f-806e6f6e6963}\shell
\{eca7d7f7-0d6c-11df-804f-806e6f6e6963}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca7d7f7-0d6c-11df-804f-806e6f6e6963}\shell\AutoRun\command
\{eca7d7f7-0d6c-11df-804f-806e6f6e6963}\shell\AutoRun\command\\"" -> Q:\LenovoQDrive.exe [Q:\LenovoQDrive.exe] -> [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-batfile [open] -> "%1" %* -> File not found
64bit-cmdfile [open] -> "%1" %* -> File not found
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009.07.14 02:39:13 | 000,010,240 | ---- | M] (Microsoft Corporation)
64bit-InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2010.09.08 05:28:01 | 010,988,544 | ---- | M] (Microsoft Corporation)
64bit-InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010.09.08 05:28:44 | 005,977,600 | ---- | M] (Microsoft Corporation)
64bit-piffile [open] -> "%1" %* -> File not found
64bit-scrfile [config] -> "%1" -> File not found
64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009.07.14 02:38:51 | 000,130,048 | ---- | M] (Microsoft Corporation)
64bit-scrfile [open] -> "%1" /S -> File not found
64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found
64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010.01.30 23:27:38 | 000,141,061 | ---- | M] ()
64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009.07.14 02:39:01 | 000,344,576 | ---- | M] (Microsoft Corporation)
64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010.01.30 23:27:38 | 000,141,061 | ---- | M] ()
64bit-Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
64bit-Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
64bit-Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
64bit-Folder [open] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009.07.14 02:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)
exefile [open] -> "%1" %* ->
inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009.07.14 02:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation)
InternetShortcut [open] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l -> [2010.09.08 05:28:01 | 010,988,544 | ---- | M] (Microsoft Corporation)
InternetShortcut [print] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" -> [2010.09.08 05:28:44 | 005,977,600 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* ->
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2009.07.14 02:14:08 | 000,128,000 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2010.01.30 23:27:38 | 000,141,061 | ---- | M] ()
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2009.07.14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2010.01.30 23:27:38 | 000,141,061 | ---- | M] ()
Directory [Winamp.Bookmark] -> "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -> "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
Directory [Winamp.Play] -> "C:\Program Files (x86)\Winamp\winamp.exe" "%1" -> [2010.01.13 23:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.)
Folder [open] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 13.01.2011 04:18:33 Computer Name = Helmut-NB | Source = MSSQL$MSSMLBIZ | ID = 8313 -> Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert.
Application [ Error ] 13.01.2011 04:18:33 Computer Name = Helmut-NB | Source = MSSQL$MSSMLBIZ | ID = 3409 -> Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt.
Application [ Error ] 13.01.2011 04:19:56 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert .
Application [ Error ] 13.01.2011 04:21:42 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert .
Application [ Error ] 13.01.2011 04:21:42 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert .
Application [ Error ] 13.01.2011 04:21:51 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert .
Application [ Error ] 13.01.2011 04:21:51 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert .
Application [ Error ] 14.01.2011 02:42:39 Computer Name = Helmut-NB | Source = MSSQL$MSSMLBIZ | ID = 8313 -> Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren. SQL Server-Leistungsindikatoren sind deaktiviert.
Application [ Error ] 14.01.2011 02:42:39 Computer Name = Helmut-NB | Source = MSSQL$MSSMLBIZ | ID = 3409 -> Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen Registrierungsberechtigungen verfügt.
Application [ Error ] 14.01.2011 02:44:13 Computer Name = Helmut-NB | Source = Microsoft-Windows-CAPI2 | ID = 256 -> Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. Fehler: 5 (0x5) : Zugriff verweigert .
Lenovo-Message Center Plus/Admin [ Error ] 09.01.2011 05:36:44 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
Lenovo-Message Center Plus/Admin [ Error ] 09.01.2011 09:43:43 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
Lenovo-Message Center Plus/Admin [ Error ] 10.01.2011 15:53:23 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
Lenovo-Message Center Plus/Admin [ Error ] 12.01.2011 05:50:34 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
Lenovo-Message Center Plus/Admin [ Error ] 12.01.2011 11:30:54 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
Lenovo-Message Center Plus/Admin [ Error ] 13.01.2011 07:26:40 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
Lenovo-Message Center Plus/Admin [ Error ] 13.01.2011 12:48:50 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
Lenovo-Message Center Plus/Admin [ Error ] 14.01.2011 06:31:39 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
Lenovo-Message Center Plus/Admin [ Error ] 14.01.2011 11:42:22 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
Lenovo-Message Center Plus/Admin [ Error ] 18.01.2011 20:57:33 Computer Name = Helmut-NB | Source = Lenovo-Message Center Plus/Admin | ID = 2 -> Description = Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist. -> Exception message: Fehler beim Erstellen des Webproxys, der im Konfigurationsabschnitt system.net/defaultProxy angegeben ist.
System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
System [ Error ] 26.08.2010 05:04:18 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7001 -> Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
System [ Error ] 26.08.2010 06:29:31 Computer Name = Helmut-NB | Source = Service Control Manager | ID = 7000 -> Description = Der Dienst "regi" wurde aufgrund folgenden Fehlers nicht gestartet: %%2

[Files/Folders - Created Within 30 Days]
OTS -> C:\Program Files (x86)\OTS -> [2011.01.19 05:06:40 | 000,000,000 | ---D | C]
COMODO -> C:\Programme\COMODO -> [2011.01.19 04:47:34 | 000,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2011.01.19 04:46:48 | 000,000,000 | -HSD | C]
Kaspersky Internet Security 2011 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011 -> [2011.01.19 04:41:22 | 000,000,000 | ---D | C]
Kaspersky Lab -> C:\Program Files (x86)\Kaspersky Lab -> [2011.01.19 04:40:18 | 000,000,000 | ---D | C]
klif.sys -> C:\Windows\SysNative\drivers\klif.sys -> [2011.01.19 04:40:07 | 000,556,120 | ---- | C] (Kaspersky Lab)
Comodo -> C:\ProgramData\Comodo -> [2011.01.19 03:58:48 | 000,000,000 | ---D | C]
kleaner.tmp -> C:\kleaner.tmp -> [2011.01.19 00:27:00 | 000,000,000 | -H-D | C]
Broadcom -> C:\Users\Helmut\AppData\Local\Broadcom -> [2011.01.18 19:36:08 | 000,000,000 | ---D | C]
Bluetooth-Exchange-Ordner -> C:\Users\Helmut\Documents\Bluetooth-Exchange-Ordner -> [2011.01.18 19:36:08 | 000,000,000 | ---D | C]
MSMCML09.DLL -> C:\Windows\SysNative\MSMCML09.DLL -> [2011.01.14 19:33:08 | 000,298,496 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
MSPOOL09.DLL -> C:\Windows\SysNative\MSPOOL09.DLL -> [2011.01.14 19:33:08 | 000,073,216 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
MTAG3209.DLL -> C:\Windows\SysNative\MTAG3209.DLL -> [2011.01.14 19:33:08 | 000,007,168 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
MLMON_09.DLL -> C:\Windows\SysNative\MLMON_09.DLL -> [2011.01.14 19:33:06 | 000,059,392 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
MIMF3209.DLL -> C:\Windows\SysNative\MIMF3209.DLL -> [2011.01.14 19:33:06 | 000,017,408 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
MICM__09.DLL -> C:\Windows\SysNative\MICM__09.DLL -> [2011.01.14 19:33:06 | 000,013,312 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
MGDI3209.DLL -> C:\Windows\SysNative\MGDI3209.DLL -> [2011.01.14 19:33:05 | 000,034,816 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
MCMM__09.DLL -> C:\Windows\SysNative\MCMM__09.DLL -> [2011.01.14 19:33:05 | 000,021,504 | ---- | C] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
webio_1.dll -> C:\Windows\SysNative\webio_1.dll -> [2011.01.14 18:38:22 | 000,395,776 | ---- | C] (Microsoft Corporation)
Skype -> C:\Users\Helmut\AppData\Roaming\Skype -> [2011.01.14 18:33:24 | 000,000,000 | ---D | C]
1 C:\*.tmp files -> C:\*.tmp ->

[Files/Folders - Modified Within 30 Days]
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011.01.19 16:26:13 | 000,020,704 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011.01.19 16:26:13 | 000,020,704 | -H-- | M] ()
OTL.exe - Verknüpfung.lnk -> C:\Users\Helmut\Desktop\OTL.exe - Verknüpfung.lnk -> [2011.01.19 16:21:23 | 000,001,314 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011.01.19 16:18:38 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2011.01.19 16:18:29 | 3110,875,136 | -HS- | M] ()
klin.dat -> C:\Windows\SysNative\drivers\klin.dat -> [2011.01.19 04:52:57 | 000,150,083 | ---- | M] ()
klick.dat -> C:\Windows\SysNative\drivers\klick.dat -> [2011.01.19 04:52:57 | 000,107,075 | ---- | M] ()
sfi.dat -> C:\Windows\SysNative\drivers\sfi.dat -> [2011.01.19 04:47:53 | 000,236,912 | ---- | M] ()
klif.sys -> C:\Windows\SysNative\drivers\klif.sys -> [2011.01.19 04:40:07 | 000,556,120 | ---- | M] (Kaspersky Lab)
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011.01.19 00:35:23 | 001,686,864 | ---- | M] ()
perfh007.dat -> C:\Windows\SysNative\perfh007.dat -> [2011.01.19 00:35:23 | 000,733,288 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011.01.19 00:35:23 | 000,671,270 | ---- | M] ()
perfc007.dat -> C:\Windows\SysNative\perfc007.dat -> [2011.01.19 00:35:23 | 000,160,666 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011.01.19 00:35:23 | 000,130,212 | ---- | M] ()
bootsqm.dat -> C:\bootsqm.dat -> [2011.01.18 21:23:25 | 000,003,544 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011.01.14 19:10:27 | 003,050,776 | ---- | M] ()
atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2011.01.14 19:05:47 | 000,366,080 | ---- | M] (Adobe Systems Incorporated)
wiso.ini -> C:\Windows\wiso.ini -> [2011.01.14 18:24:48 | 000,000,879 | ---- | M] ()
32 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp ->
32 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp ->
1 C:\*.tmp files -> C:\*.tmp ->

[Files - No Company Name]
OTL.exe - Verknüpfung.lnk -> C:\Users\Helmut\Desktop\OTL.exe - Verknüpfung.lnk -> [2011.01.19 16:21:23 | 000,001,314 | ---- | C] ()
sfi.dat -> C:\Windows\SysNative\drivers\sfi.dat -> [2011.01.19 04:43:47 | 000,236,912 | ---- | C] ()
klin.dat -> C:\Windows\SysNative\drivers\klin.dat -> [2011.01.19 04:41:08 | 000,150,083 | ---- | C] ()
klick.dat -> C:\Windows\SysNative\drivers\klick.dat -> [2011.01.19 04:41:07 | 000,107,075 | ---- | C] ()
bootsqm.dat -> C:\bootsqm.dat -> [2011.01.18 21:23:25 | 000,003,544 | ---- | C] ()
MSUMLT09.INI -> C:\Windows\MSUMLT09.INI -> [2011.01.14 19:33:08 | 000,024,028 | ---- | C] ()
MUNZ__09.UNM -> C:\Windows\SysNative\MUNZ__09.UNM -> [2011.01.14 19:33:08 | 000,003,212 | ---- | C] ()
MSHRES09.DLL -> C:\Windows\SysNative\MSHRES09.DLL -> [2011.01.14 19:33:07 | 000,002,560 | ---- | C] ()
MSEP0109.SEP -> C:\Windows\SysNative\MSEP0109.SEP -> [2011.01.14 19:33:07 | 000,000,061 | ---- | C] ()
webio.dll -> C:\Windows\SysNative\webio.dll -> [2011.01.14 18:38:22 | 000,394,752 | ---- | C] ()
wanancsp.dat -> C:\Users\Helmut\AppData\Local\wanancsp.dat -> [2010.04.30 13:05:10 | 000,646,848 | ---- | C] ()
Transfer W169.245 Start 2010_02_04.mmap.pdf -> C:\Users\Helmut\AppData\Local\Transfer W169.245 Start 2010_02_04.mmap.pdf -> [2010.03.08 06:11:22 | 001,545,486 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010.03.06 18:34:02 | 000,005,632 | ---- | C] ()
wiso.ini -> C:\Windows\wiso.ini -> [2010.02.22 20:21:26 | 000,000,879 | ---- | C] ()
cdplayer.ini -> C:\Windows\cdplayer.ini -> [2010.02.21 00:55:47 | 000,000,034 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2010.02.20 23:35:22 | 000,000,400 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2010.01.30 08:50:16 | 001,710,496 | ---- | C] ()
nView.dll -> C:\Windows\SysWow64\nView.dll -> [2010.01.30 08:09:22 | 001,612,392 | ---- | C] ()
nvwimg.dll -> C:\Windows\SysWow64\nvwimg.dll -> [2010.01.30 08:09:22 | 001,108,584 | ---- | C] ()
webio.dll -> C:\Windows\SysWow64\webio.dll -> [2009.07.14 00:56:08 | 000,313,856 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009.07.14 00:42:10 | 000,064,000 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009.07.13 22:03:59 | 000,364,544 | ---- | C] ()
OUTLPERF.INI -> C:\Windows\SysWow64\OUTLPERF.INI -> [2003.02.20 17:53:42 | 000,005,702 | ---- | C] ()

[File - Lop Check]
Buhl -> C:\Users\Helmut\AppData\Roaming\Buhl -> [2010.02.22 20:30:13 | 000,000,000 | ---D | M]
Buhl Data Service -> C:\Users\Helmut\AppData\Roaming\Buhl Data Service -> [2010.02.22 20:21:52 | 000,000,000 | ---D | M]
InterVideo -> C:\Users\Helmut\AppData\Roaming\InterVideo -> [2010.05.18 09:06:24 | 000,000,000 | ---D | M]
Lenovo -> C:\Users\Helmut\AppData\Roaming\Lenovo -> [2010.02.20 21:24:41 | 000,000,000 | ---D | M]
TeamViewer -> C:\Users\Helmut\AppData\Roaming\TeamViewer -> [2010.09.10 18:17:23 | 000,000,000 | ---D | M]
PCDoctorBackgroundMonitorTask.job -> C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job -> [2010.09.08 17:00:00 | 000,000,528 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010.06.09 04:17:21 | 000,032,624 | ---- | M] ()
SystemToolsDailyTest.job -> C:\Windows\Tasks\SystemToolsDailyTest.job -> [2010.12.13 20:49:04 | 000,000,340 | ---- | M] ()

[File - Purity Scan]

< End of report >

Attached Files

  • Attached File  OTS.Txt   183.71KB   520 downloads

Edited by Dakeyras, 22 January 2011 - 03:20 PM.
Added OTL Log, please do not attach any logs unless requested, thank you.

  • 0

Advertisements

#2
Dakeyras
Posted 22 January 2011 - 03:22 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :D

Do you still require assistance?
  • 0

#3
Dakeyras
Posted 25 January 2011 - 05:08 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP