Hallo,

ich habe schon einen ähnliches Thema gefunden, aber es hat mir nicht geholfen. Alle elf Minuten kommt Antivir und berichtet mir von:

TR/PSW.Zbot.133169.Y

Jedes mal, wenn auch die Meldung auftaucht wird ein temporärer Ordner unter windows/temp angelegt z.B. xmaq.tmp oder ihoa.tmp Antivir sperrt das Programm dann, aber alle elf Minuten kommt es mit einem neuen Ordner wieder

Das System möchte ich nicht neu aufsetzen. Habe auch Antivir und Spyboot in der neusten Version mit allen Updaten. XP mit SR-Pack 3. Temporäre Dateien von Java habe ich schon unterbunden und auch die Flash-Cookies gelöscht und abgestellt. Auch wenn ich die Ordner lösche, kommen immer wieder neue...
Habe nun auch schon diverse weitere Programme durchlaufen lassen. Die Protokolle reiche ich gleich nach, aber leider hat das nicht viel gebracht.

Der Virus scheint aktiv zu sein, obgleich ich nicht feststellen konnte was er befallen hat bzw. wo er aktiv ist.

Das ist vom Quick-Scan aber der ausführliche hat auch nichts gezeigt:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4246

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.06.2010 18:41:05
mbam-log-2010-06-27 (18-41-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142634
Laufzeit: 7 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Auch Combo-Fix habe ich probiert, danach wurden zwar einige Einträge in Spyboot wohl wieder repariert aber das Problem bleibt bestehen:

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-06-26.02 - Norman 27.06.2010  17:51:11.1.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3070.2651 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Norman\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Norman\Anwendungsdaten\EurekaLog
c:\windows\system32\Cache

.
(((((((((((((((((((((((   Dateien erstellt von 2010-05-27 bis 2010-06-27  ))))))))))))))))))))))))))))))
.

2010-06-27 15:40 . 2010-06-27 15:40	--------	d-----w-	C:\rsit
2010-06-27 11:37 . 2010-06-27 11:38	--------	dc-h--w-	c:\windows\ie8
2010-06-27 08:22 . 2010-06-27 08:22	--------	d-----w-	c:\programme\CCleaner
2010-06-27 07:52 . 2010-06-27 07:52	--------	d-----w-	c:\programme\Trend Micro
2010-06-26 13:33 . 2010-06-26 13:33	--------	d-----w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Malwarebytes
2010-06-26 13:33 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 13:33 . 2010-06-26 13:33	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-26 13:33 . 2010-06-26 13:33	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-06-26 13:33 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-26 09:24 . 2010-06-27 08:34	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-06-18 06:36 . 2010-06-18 08:01	--------	d-----w-	c:\programme\Microsoft ActiveSync
2010-06-17 15:04 . 2010-04-27 02:25	100352	----a-w-	c:\windows\system32\drivers\ssceserd.sys
2010-06-17 15:04 . 2010-04-27 02:25	98560	----a-w-	c:\windows\system32\drivers\sscebus.sys
2010-06-17 15:04 . 2010-04-27 02:25	14848	----a-w-	c:\windows\system32\drivers\sscemdfl.sys
2010-06-17 15:04 . 2010-04-27 02:25	12416	----a-w-	c:\windows\system32\drivers\sscecmnt.sys
2010-06-17 15:04 . 2010-04-27 02:25	12416	----a-w-	c:\windows\system32\drivers\sscecm.sys
2010-06-17 15:04 . 2010-04-27 02:25	123648	----a-w-	c:\windows\system32\drivers\sscemdm.sys
2010-06-17 15:04 . 2010-04-27 02:25	12288	----a-w-	c:\windows\system32\drivers\sscewhnt.sys
2010-06-17 15:04 . 2010-04-27 02:25	12288	----a-w-	c:\windows\system32\drivers\sscewh.sys
2010-06-17 10:23 . 2010-06-17 10:23	--------	d-----w-	c:\dokumente und einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-06-10 14:54 . 2010-06-10 14:54	34848	----a-w-	c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-06-10 14:54 . 2010-06-10 14:54	--------	d-sh--w-	c:\dokumente und einstellungen\Administrator\PrivacIE
2010-06-10 14:48 . 2010-06-10 14:48	--------	d-sh--w-	c:\dokumente und einstellungen\Administrator\IETldCache
2010-06-10 06:30 . 2010-05-06 10:31	743424	------w-	c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 08:53 . 2010-06-17 10:41	--------	d-----w-	c:\programme\MyFree Codec
2010-06-04 08:06 . 2010-06-04 08:06	--------	d-----w-	c:\windows\system32\KB905474

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 15:28 . 2008-01-06 11:48	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-06-27 11:46 . 2008-04-25 07:06	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-06-27 08:37 . 2010-06-27 08:37	503808	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcp71.dll
2010-06-27 08:37 . 2010-06-27 08:37	499712	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\jmc.dll
2010-06-27 08:37 . 2010-06-27 08:37	348160	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcr71.dll
2010-06-27 08:37 . 2010-06-27 08:37	61440	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-sse.dll
2010-06-27 08:37 . 2010-06-27 08:37	12800	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-d3d.dll
2010-06-27 06:55 . 2008-09-11 06:58	--------	d-----w-	c:\programme\Eusing Free Registry Cleaner
2010-06-27 06:14 . 2010-05-27 21:02	--------	d-----w-	c:\programme\PC Connectivity Solution
2010-06-27 06:05 . 2010-02-21 22:38	--------	d-----w-	c:\programme\PC-Doctor
2010-06-26 22:00 . 2007-09-07 17:06	5427	----a-w-	c:\windows\system32\EGATHDRV.SYS
2010-06-26 17:45 . 2010-02-21 22:39	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr
2010-06-26 17:10 . 2007-09-08 15:32	--------	d-----w-	c:\programme\Mozilla Thunderbird
2010-06-26 13:03 . 2008-02-28 13:08	--------	d-----w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\IBP
2010-06-26 09:25 . 2007-09-07 16:54	--------	d-----w-	c:\programme\Gemeinsame Dateien\Java
2010-06-26 09:24 . 2007-09-07 16:54	--------	d-----w-	c:\programme\Java
2010-06-23 07:02 . 2007-09-07 16:43	--------	d--h--w-	c:\programme\InstallShield Installation Information
2010-06-23 06:19 . 2006-01-27 01:01	521298	----a-w-	c:\windows\system32\perfh007.dat
2010-06-23 06:19 . 2006-01-27 01:01	105016	----a-w-	c:\windows\system32\perfc007.dat
2010-06-18 08:17 . 2010-05-27 21:02	--------	d-----w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung
2010-06-17 07:34 . 2007-09-09 06:14	--------	d-----w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\LPC
2010-06-17 07:32 . 2007-09-09 06:14	--------	d-----w-	c:\programme\Link Popularity Check
2010-06-13 12:03 . 2010-06-13 12:03	1465512	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe
2010-06-13 12:03 . 2010-05-20 05:07	--------	d-----w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update
2010-06-09 09:26 . 2010-05-27 21:05	36608	----a-w-	c:\windows\system32\FsUsbExDisk.Sys
2010-06-09 09:26 . 2010-05-27 21:05	233472	----a-w-	c:\windows\system32\FsUsbExService.Exe
2010-06-05 03:54 . 2010-06-22 11:22	265528	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
2010-06-05 03:52 . 2010-06-22 11:22	6144	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\de-DE\MCS.Thunder.Update.resources.dll
2010-06-05 03:50 . 2010-06-22 11:22	47616	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll
2010-06-05 03:49 . 2010-06-22 11:22	12288	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll
2010-06-04 10:02 . 2010-06-22 11:22	9728	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll
2010-06-04 10:00 . 2010-06-22 11:22	204288	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\CabLib.dll
2010-06-04 09:59 . 2010-06-22 11:22	6656	----a-w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll
2010-05-28 08:52 . 2007-09-07 16:43	--------	d-----w-	c:\programme\ThinkPad
2010-05-28 08:52 . 2007-09-07 16:46	--------	d-----w-	c:\programme\Lenovo
2010-05-27 21:05 . 2010-05-27 21:05	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite
2010-05-27 21:05 . 2010-05-27 21:05	--------	d-----w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\PC Suite
2010-05-27 21:04 . 2010-05-27 21:04	--------	d-----w-	c:\programme\DIFX
2010-05-27 21:02 . 2010-05-27 21:02	--------	d-----w-	c:\programme\Common Files
2010-05-27 21:02 . 2010-05-27 21:02	--------	d-----w-	c:\programme\MarkAny
2010-05-27 20:54 . 2010-05-27 20:54	--------	d-----w-	c:\programme\Gemeinsame Dateien\Samsung
2010-05-22 07:49 . 2010-05-22 07:49	--------	d-----w-	c:\programme\eBay
2010-05-21 15:41 . 2007-09-08 13:50	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2010-05-14 08:42 . 2009-05-27 12:51	--------	d-----w-	c:\programme\IBP 11
2010-05-02 08:05 . 2009-04-24 21:47	1851392	----a-w-	c:\windows\system32\win32k.sys
2010-05-01 06:51 . 2010-05-27 21:05	110592	------w-	c:\windows\system32\FsUsbExDevice.Dll
2010-04-23 14:59 . 2010-04-23 14:59	49152	------r-	c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59	1044480	------r-	c:\windows\system32\roboex32.dll
2010-04-20 05:29 . 2006-01-27 01:00	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-04-14 06:27 . 2010-04-14 06:27	96768	------w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\iGO8\SDS\saipservice.dll
2010-04-14 06:15 . 2010-04-14 06:15	152088	------w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\NNGStart.exe
2010-04-14 06:15 . 2010-04-14 06:15	39632	------w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\MSVCR80.DLL
2010-03-31 07:59 . 2010-03-31 07:59	1925088	------w-	c:\dokumente und einstellungen\Norman\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-03-30 22:16 . 2010-03-30 22:16	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10	295264	----a-w-	c:\windows\system32\PresentationHost.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TpShocks"="TpShocks.exe" [2009-02-02 181536]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2007-02-02 419376]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]
"Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"Adobe Acrobat Speed Launcher"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]
"Acrobat Assistant 8.0"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104]
hpoddt01.exe.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
officejet 6100.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
sipgate X-Lite.lnk - c:\programme\sipgate X-Lite\sipgateXLite.exe [2007-10-31 3227648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07	49152	------w-	c:\programme\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\IBP 10\\IBP.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"e:\\Programme\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Programme\\sipgate X-Lite\\sipgateXLite.exe"=
"c:\\Programme\\Mozilla Thunderbird\\thunderbird.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.01.2009 17:57 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [28.05.2010 10:51 13480]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.10.2009 11:55 108289]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [21.05.2009 20:48 44984]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [24.10.2008 10:05 53248]
S2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]
S2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]
S2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [02.03.2007 14:07 63928]
S2 XAMPP;XAMPP Service; [x]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 06:46 288112]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27.05.2010 23:05 36608]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [17.06.2010 17:04 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [17.06.2010 17:04 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [17.06.2010 17:04 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [17.06.2010 17:04 100352]
.
Inhalt des "geplante Tasks" Ordners

2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-06-27 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]

2010-06-27 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8190378331.job
- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2010-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]

2010-06-27 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-07 11:41]

2010-06-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programme\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]

2010-06-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
Handler: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - c:\programme\Haufe\HaufeReader\HRInstmon.dll
FF - ProfilePath - c:\dokumente und einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\
FF - prefs.js: network.proxy.http - hxxp://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
Notify-psfus - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-27 18:01
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,
   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,
   a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(308)
c:\programme\THINKPAD\CONNECTUTILITIES\ACNotify.dll
c:\programme\THINKPAD\CONNECTUTILITIES\AcSvcStub.dll
c:\programme\THINKPAD\CONNECTUTILITIES\AcLocSettings.dll
c:\programme\THINKPAD\CONNECTUTILITIES\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\programme\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(728)
c:\programme\PC-Doctor\ATLPcdToolbar551452.dll
c:\windows\system32\ieframe.dll
.
Zeit der Fertigstellung: 2010-06-27  18:10:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-06-27 16:10

Vor Suchlauf: 8.496.275.456 Bytes frei
Nach Suchlauf: 8.338.980.864 Bytes frei

- - End Of File - - 14B9F19BDF697453CC082543C8481C1B
         

--- --- ---

Hier noch das Protokoll von HijackThis aber hier wird laut der Website auch nichts schlimmes festgestellt:

HiJackthis Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:11, on 27.06.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe
E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programme\Alice\Signup\AliceCnn.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: sipgate X-Lite.lnk = C:\Programme\sipgate X-Lite\sipgateXLite.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937
O17 - HKLM\System\CCS\Services\Tcpip\..\{0498C351-E77C-4AB4-9D02-E0C50E0E954A}: NameServer = 213.191.74.11 213.191.92.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{0498C351-E77C-4AB4-9D02-E0C50E0E954A}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O20 - Winlogon Notify: ACNotify - C:\WINDOWS\
O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Lenovo (United States) Inc. - (no file)
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 16537 bytes
         

--- --- ---

Wie kommt man auf die Idee, trotz ständiger Hinweise ComboFix nicht einfach so laufen zu lassen, es trotzdem zu tun ?


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf .
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bei HijackThis gibt es folgende Neutrale Einträge:

O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) - Unnötiger (unwirksamer) Eintrag der entfernt werden kann! AvkWebIE.dll - G DATA Internet Security, hxxp://www.gdata.de/trade/productview/56 8/28/

und

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) - Unnötiger (unwirksamer) Eintrag der entfernt werden kann! AvkWebIE.dll - G DATA Internet Security, hxxp://www.gdata.de/trade/productview/56 8/28/

Mit Fragezeichen sind:

O20 - Winlogon Notify: ACNotify - C:\WINDOWS\

und

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Lenovo (United States) Inc. - (no file)

Letzterer ist aber vermutlich OK, da ich einen Lenovo Rechner habe. Für den ersten Eintrag bin ich mir aber unsicher, da ich irgenwo schon gelesen habe, dass sich dahinter gern Trojaner verbergen.

Ich habe von dieser Materie wirklich keine Ahnung, kann mir jemand BITTE einen Tipp geben?

Hier noch ein Beispiel aus dem AntiVir Protokoll:
"In der Datei 'C:\WINDOWS\temp\cfrx.tmp\svchost.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.133169.Y' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern"

Halli hallo.

Als erstes das Wichtigste:

Ändere von einem sauberen PC aus alle deine Passwörter und Zugangsaccounts!!! Das ist bei einer Infizierung mit einem ZBot sehr wichtig!

• Lade dir dieses Tool herunter.
• Nach dem Download starte die MWAV.exe als Administrator.
• Danach klicke im Hauptfenster auf Aktuallisieren!
• Setze danach die Haken genau wie in diesem Bild:
  
• Danach drückst du scannen.
• Die Untersuchung kann sehr lange dauern!
• Nach dem Scan kannst du auf "Log ansehen" drücken. Die Datei speichere bitte auf deinem Desktop und hänge sie an deinen nächsten Post an.

PS: Es wäre übrigens wirklich besser wenn du Neuaufsetzen würdest! Mit einer ZBot Backddor Infektion ist nicht zu spaßen!


EDIT: Hey Larusso! Garnicht gesehen...

Hier noch das Protokoll vom OTL:
OTL logfile created on: 27.06.2010 19:13:35 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Norman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,17 Gb Total Space | 4,59 Gb Free Space | 6,54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: Norman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
PRC - [2010.04.03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- E:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.03.24 20:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010.03.18 03:39:19 | 011,957,424 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009.10.01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009.04.14 19:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.02 20:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009.01.29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009.01.29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008.10.27 11:03:32 | 000,135,168 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008.10.27 10:56:38 | 000,143,360 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008.07.04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008.06.05 02:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.26 03:06:00 | 000,059,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.26 16:58:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007.04.25 17:59:08 | 000,408,432 | ---- | M] (Hansenet) -- C:\Programme\Alice\Signup\AliceCnn.exe
PRC - [2007.02.02 03:00:02 | 000,419,376 | ---- | M] (LENOVO) -- C:\Programme\ThinkVantage\AMSG\Amsg.exe
PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006.08.16 19:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.07.14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006.07.04 03:05:00 | 000,229,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.03.16 01:07:06 | 000,421,888 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2006.03.13 16:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005.05.20 02:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003.04.06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003.04.06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003.04.06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe


========== Modules (SafeList) ==========

MOD - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008.03.13 18:46:24 | 000,079,224 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2007.11.26 16:55:46 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007.11.26 16:53:36 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAMPP)
SRV - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009.11.17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009.01.02 20:51:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.09.07 19:07:22 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009.12.11 10:17:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009.07.12 09:40:48 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009.06.18 01:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009.01.28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009.01.28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.01.03 12:12:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2009.01.02 15:31:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2008.12.09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008.11.11 01:52:08 | 003,301,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.10.24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2008.10.24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008.07.03 23:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.05.12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.11.27 16:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.11.27 16:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.11.21 11:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.11.01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.11.01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.11.01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.09.07 19:06:32 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007.06.29 12:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.03.23 10:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.07.14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006.07.14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006.07.14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2)
DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006.03.01 03:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.18 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005.05.17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004.11.30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "hxxp://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:defficial"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 09:12:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.27 09:12:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 10:21:49 | 000,000,000 | ---D | M]

[2010.04.02 11:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions
[2010.04.02 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.27 10:11:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions
[2010.06.13 23:28:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.24 17:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}
[2010.02.05 22:34:39 | 000,000,000 | ---D | M] (IE View) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.04.11 23:11:29 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009.07.01 21:20:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.04.24 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.02.15 08:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2008.07.31 20:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org
[2009.10.08 09:29:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009.04.24 17:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com
[2010.04.09 10:15:28 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\searchplugins\ixquickde-https.xml
[2010.06.27 12:05:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.27 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.27 10:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.06.27 18:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\sipgate X-Lite.lnk = C:\Programme\sipgate X-Lite\sipgateXLite.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1400_1050 Think EMEA Map.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.11 18:07:58 | 000,000,000 | ---D | M] - E:\Automobilia -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Ist das peinlich Tut mir leid... Hier nun die Protokolle OTL:

OTL logfile created on: 28.06.2010 09:11:22 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Norman\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,17 Gb Total Space | 4,36 Gb Free Space | 6,21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: Norman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
PRC - [2010.04.03 22:32:35 | 000,038,840 | ---- | M] (Adobe Systems Incorporated) -- E:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2010.04.03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- E:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009.10.01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009.04.14 19:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.02 20:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009.01.29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009.01.29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008.10.27 11:03:32 | 000,135,168 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008.10.27 10:56:38 | 000,143,360 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008.07.04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008.06.05 02:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.26 03:06:00 | 000,059,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.26 16:58:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007.02.02 03:00:02 | 000,419,376 | ---- | M] (LENOVO) -- C:\Programme\ThinkVantage\AMSG\Amsg.exe
PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006.08.16 19:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.07.14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006.07.04 03:05:00 | 000,229,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.05.18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.03.16 01:07:06 | 000,421,888 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2006.03.13 16:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006.02.02 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005.05.20 02:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe
PRC - [2004.07.27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003.04.06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003.04.06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003.04.06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe


========== Modules (SafeList) ==========

MOD - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.11.26 16:55:46 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAMPP)
SRV - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009.11.17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009.01.02 20:51:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.09.07 19:07:22 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009.12.11 10:17:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009.07.12 09:40:48 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009.06.18 01:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009.01.28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009.01.28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.01.03 12:12:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2009.01.02 15:31:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2008.12.09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008.11.11 01:52:08 | 003,301,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.10.24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2008.10.24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008.07.03 23:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.05.12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007.11.27 16:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.11.27 16:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.11.21 11:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.11.01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.11.01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.11.01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.09.07 19:06:32 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007.06.29 12:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.03.23 10:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.07.14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006.07.14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006.07.14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2)
DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006.03.01 03:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.11.18 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005.05.17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004.11.30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "hxxp://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:defficial"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 09:12:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.27 09:12:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 10:21:49 | 000,000,000 | ---D | M]

[2010.04.02 11:12:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions
[2010.04.02 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.27 10:11:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions
[2010.06.13 23:28:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.24 17:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}
[2010.02.05 22:34:39 | 000,000,000 | ---D | M] (IE View) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010.04.11 23:11:29 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009.07.01 21:20:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.04.24 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.02.15 08:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2008.07.31 20:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org
[2009.10.08 09:29:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009.04.24 17:01:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com
[2010.04.09 10:15:28 | 000,002,433 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\searchplugins\ixquickde-https.xml
[2010.06.27 12:05:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.27 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.27 10:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

Protokoll OTL Teil 2:

O1 HOSTS File: ([2010.06.27 18:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\sipgate X-Lite.lnk = C:\Programme\sipgate X-Lite\sipgateXLite.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 475
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 475
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1400_1050 Think EMEA Map.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.11 18:07:58 | 000,000,000 | ---D | M] - E:\Automobilia -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.06.27 23:43:52 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\TFC.exe
[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.06.27 19:27:59 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.27 19:27:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld
[2010.06.27 19:27:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2010.06.27 19:23:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Download Manager
[2010.06.27 18:39:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
[2010.06.27 18:32:53 | 166,440,096 | ---- | C] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe
[2010.06.27 18:24:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.27 18:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.27 17:47:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.27 17:47:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.27 17:47:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.27 17:47:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.27 17:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.27 17:44:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.27 17:40:29 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.27 17:28:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Norman\Recent
[2010.06.27 13:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.06.27 12:12:58 | 036,598,544 | ---- | C] (PC Tools ) -- C:\Dokumente und Einstellungen\Norman\Desktop\sdsetup.exe
[2010.06.27 10:22:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.27 09:52:44 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.27 09:51:21 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HJTInstall.exe
[2010.06.26 15:33:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Malwarebytes
[2010.06.26 15:33:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.26 15:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.26 15:33:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.26 15:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.26 14:37:19 | 001,870,056 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HousecallLauncher.exe
[2010.06.26 14:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.06.26 11:25:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.06.26 11:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.26 10:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.06.18 08:36:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync
[2010.06.17 17:04:08 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys
[2010.06.17 17:04:07 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys
[2010.06.17 17:04:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys
[2010.06.17 17:04:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys
[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys
[2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys
[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys
[2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys
[2010.06.17 16:32:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\SelfMV
[2010.06.17 12:23:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.06.14 14:34:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Galileo Press
[2010.06.09 10:53:28 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec
[2010.06.04 10:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010.05.27 23:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.05.27 23:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\PC Suite
[2010.05.27 23:05:20 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010.05.27 23:04:10 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.05.27 23:04:09 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010.05.27 23:02:54 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.05.27 23:02:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Samsung
[2010.05.27 23:02:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files
[2010.05.27 23:02:14 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny
[2010.05.27 22:54:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Samsung
[2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Programme\eBay
[2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\eBay
[2010.05.20 07:07:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Update
[2010.04.23 16:59:54 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2010.04.05 08:11:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\elsterformular
[2010.04.02 12:30:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\Thunderbird

========== Files - Modified Within 90 Days ==========

[2010.06.28 09:10:35 | 000,010,027 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010.06.28 09:08:20 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010.06.28 09:07:39 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.06.28 09:07:21 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.06.28 09:07:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.28 09:07:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.28 09:07:00 | 000,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.06.28 09:06:54 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.28 00:06:00 | 015,466,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.dat
[2010.06.28 00:05:38 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Norman\ntuser.ini
[2010.06.27 23:43:48 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\TFC.exe
[2010.06.27 23:36:24 | 006,456,900 | -H-- | M] () -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.27 23:21:52 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\qbron9eb.exe
[2010.06.27 23:18:53 | 000,001,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip
[2010.06.27 19:30:55 | 000,000,053 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.06.27 19:27:58 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.27 19:24:58 | 086,349,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\mwav.exe
[2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Norman\Desktop\OTL.exe
[2010.06.27 18:35:09 | 166,440,096 | ---- | M] (G Data Software AG) -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\GER_R_ESD_IS.exe
[2010.06.27 18:01:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.27 18:01:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.27 17:29:48 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_172942.reg
[2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job
[2010.06.27 13:56:11 | 000,027,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_135544.reg
[2010.06.27 12:13:18 | 036,598,544 | ---- | M] (PC Tools ) -- C:\Dokumente und Einstellungen\Norman\Desktop\sdsetup.exe
[2010.06.27 12:09:29 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\RSIT.exe
[2010.06.27 10:22:05 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\CCleaner.lnk
[2010.06.27 10:07:18 | 003,721,252 | R--- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe
[2010.06.27 09:52:44 | 000,001,705 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HijackThis.lnk
[2010.06.27 09:51:03 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HJTInstall.exe
[2010.06.27 09:12:23 | 000,001,573 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.06.27 09:06:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.27 08:39:07 | 002,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\esetsmartinstaller_enu.exe
[2010.06.27 08:36:27 | 000,000,727 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Eusing Free Registry Cleaner.lnk
[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010.06.26 15:33:11 | 000,000,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.26 14:37:09 | 001,870,056 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Norman\Desktop\HousecallLauncher.exe
[2010.06.26 10:29:39 | 000,409,923 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100626-131548.backup
[2010.06.26 10:10:13 | 000,000,246 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010.06.24 20:36:35 | 010,560,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\Börge-Hendrik Spröde.QBW
[2010.06.24 20:31:43 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010.06.24 20:28:21 | 000,018,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf
[2010.06.23 20:09:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.06.23 19:07:21 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc
[2010.06.23 18:56:34 | 000,026,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc
[2010.06.23 15:09:25 | 000,018,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf
[2010.06.23 08:59:50 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010.06.23 08:19:00 | 001,179,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 08:19:00 | 000,521,298 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.23 08:19:00 | 000,491,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 08:19:00 | 000,105,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.23 08:19:00 | 000,089,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.22 21:19:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.22 14:31:53 | 000,072,314 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg
[2010.06.18 09:26:33 | 007,844,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi
[2010.06.17 15:51:36 | 000,018,287 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf
[2010.06.17 10:19:45 | 000,247,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB
[2010.06.16 20:46:57 | 000,018,502 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf
[2010.06.12 00:28:06 | 000,070,995 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg
[2010.06.10 19:34:49 | 004,376,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.09 11:27:44 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\abrechnung.xlr
[2010.06.09 11:26:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010.06.09 11:26:50 | 000,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.05.30 00:27:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.05.28 12:07:28 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Home.LNK
[2010.05.28 07:08:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.05.27 23:03:40 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\$_hpcst$.hpc
[2010.05.19 18:34:20 | 000,033,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Transfers PB.pdf
[2010.05.18 23:27:58 | 000,017,220 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Bestellung-Samsung-Wave.pdf
[2010.05.14 10:42:43 | 000,001,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\IBP starten.lnk
[2010.05.07 16:53:51 | 000,148,830 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Business-Viano.pdf
[2010.05.02 16:42:55 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.01 08:51:28 | 000,110,592 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys
[2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys
[2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys
[2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys
[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys
[2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys
[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys
[2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.24 11:36:18 | 029,312,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - invoice-1.psd
[2010.04.24 11:35:30 | 000,142,765 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - in....pdf
[2010.04.23 16:59:54 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2010.04.23 14:02:20 | 000,067,193 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Nachweis-Zustellung.pdf
[2010.04.20 21:44:43 | 000,361,459 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HEBUX-Bestätigung.pdf
[2010.04.16 10:37:16 | 000,020,732 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Alfa-Romeo.pdf
[2010.04.05 08:10:53 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2010.04.02 12:21:39 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk
[2010.03.31 15:28:25 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Link Popularity Check.lnk

========== Files Created - No Company Name ==========

[2010.06.27 23:22:01 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\qbron9eb.exe
[2010.06.27 23:18:53 | 000,001,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Eigene Dateien\pinfect.zip
[2010.06.27 19:28:25 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.06.27 19:27:59 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.06.27 19:23:33 | 086,349,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\mwav.exe
[2010.06.27 18:16:54 | 3219,574,784 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.27 17:47:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.27 17:47:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.27 17:47:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.27 17:47:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.27 17:47:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.27 17:29:45 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_172942.reg
[2010.06.27 13:55:57 | 000,027,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\cc_20100627_135544.reg
[2010.06.27 12:09:43 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\RSIT.exe
[2010.06.27 10:22:05 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\CCleaner.lnk
[2010.06.27 10:07:17 | 003,721,252 | R--- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\ComboFix.exe
[2010.06.27 09:52:44 | 000,001,705 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HijackThis.lnk
[2010.06.27 08:39:14 | 002,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\esetsmartinstaller_enu.exe
[2010.06.27 08:36:27 | 000,000,727 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Eusing Free Registry Cleaner.lnk
[2010.06.26 19:57:59 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.26 19:57:57 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010.06.26 15:33:11 | 000,000,683 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.24 20:28:21 | 000,018,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-338.pdf
[2010.06.23 19:01:08 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin-HEK.doc
[2010.06.23 18:56:33 | 000,026,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Ute Lepin23.doc
[2010.06.23 15:09:25 | 000,018,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-337.pdf
[2010.06.23 08:49:26 | 010,529,280 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.23 08:35:28 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\log.log
[2010.06.22 14:31:52 | 000,072,314 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Navi-z205.jpg
[2010.06.18 09:50:55 | 000,247,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Telefonbuch001.SPB
[2010.06.18 09:26:33 | 007,844,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\setup.msi
[2010.06.17 15:51:36 | 000,018,287 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-336.pdf
[2010.06.16 20:46:57 | 000,018,502 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Rechnung-HEBUX-335.pdf
[2010.06.12 00:28:06 | 000,070,995 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\1000-teile.jpg
[2010.06.04 10:06:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.05.28 12:07:28 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Home.LNK
[2010.05.27 23:05:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.05.27 23:05:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.05.27 23:03:40 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\$_hpcst$.hpc
[2010.05.27 22:53:27 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010.05.19 18:34:20 | 000,033,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Transfers PB.pdf
[2010.05.18 23:27:58 | 000,017,220 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Bestellung-Samsung-Wave.pdf
[2010.05.14 10:42:43 | 000,001,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\IBP starten.lnk
[2010.05.07 16:53:51 | 000,148,830 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Business-Viano.pdf
[2010.04.24 11:35:30 | 000,142,765 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - in....pdf
[2010.04.23 14:02:20 | 000,067,193 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Nachweis-Zustellung.pdf
[2010.04.23 11:12:11 | 029,312,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\contract - invoice-1.psd
[2010.04.20 21:44:43 | 000,361,459 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\HEBUX-Bestätigung.pdf
[2010.04.16 10:37:16 | 000,020,732 | ---- | C] () -- C:\Dokumente und Einstellungen\Norman\Desktop\Alfa-Romeo.pdf
[2010.04.05 08:10:53 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009.01.03 17:58:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.01.03 17:58:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009.01.03 17:58:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2008.07.04 10:02:26 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Backup.INI
[2008.02.09 20:16:29 | 000,000,246 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.02.04 21:30:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini
[2008.01.23 14:57:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.01.23 14:57:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.01.23 14:57:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.11.26 16:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.11.26 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2007.10.07 13:21:17 | 000,003,325 | ---- | C] () -- C:\WINDOWS\tm.ini
[2007.10.01 00:07:57 | 000,000,076 | ---- | C] () -- C:\WINDOWS\my.ini
[2007.09.30 09:47:10 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007.09.30 09:47:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007.09.30 09:46:41 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007.09.30 09:46:41 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007.09.30 09:46:40 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007.09.08 00:42:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll
[2007.09.08 00:33:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.09.08 00:08:57 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007.09.07 19:13:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.09.07 19:05:58 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007.09.07 18:55:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007.09.07 18:55:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007.09.07 18:55:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007.09.07 18:55:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007.09.07 18:47:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007.09.07 18:46:20 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007.09.07 18:44:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007.09.07 18:44:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007.09.07 18:43:56 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2006.08.17 10:00:13 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.06.12 12:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2005.05.04 14:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000.12.04 20:27:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[1999.05.14 15:05:22 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL
[1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008.07.31 20:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Backup
[2008.01.24 12:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2008.06.02 13:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eDocPrintPro
[2010.01.20 18:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009.05.19 22:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2008.07.31 21:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.07.31 20:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010.06.27 19:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2009.01.03 17:58:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software
[2010.05.27 23:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.06.26 19:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
[2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel
[2010.06.27 13:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.10.17 09:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
[2010.04.14 08:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\becker
[2008.07.31 20:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\DataDesign
[2008.07.31 20:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\digital publishing
[2008.06.02 13:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\eDocPrintPro
[2010.04.05 08:11:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\elsterformular
[2010.06.26 15:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\IBP
[2008.07.31 20:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\InterVideo
[2008.07.31 21:45:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Lenovo
[2008.07.31 20:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Lexware
[2010.06.17 09:34:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\LPC
[2007.09.08 16:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Opera
[2009.12.02 23:30:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Passware
[2010.05.27 23:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\PC Suite
[2010.06.18 10:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Samsung
[2008.07.31 20:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\ThinkVantage
[2010.04.02 11:12:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Thunderbird
[2010.06.13 14:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Norman\Anwendungsdaten\Update
[2010.06.28 09:07:21 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job
[2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2010.06.28 09:08:20 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2010.06.28 09:07:39 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2
< End of report >

Protokoll GMER Teil I:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-28 00:22:39
Windows 5.1.2600 Service Pack 3
Running: qbron9eb.exe; Driver: C:\DOKUME~1\Norman\LOKALE~1\Temp\ugtdipow.sys


---- System - GMER 1.0.15 ----

SSDT BA7B6B0E ZwCreateKey
SSDT BA7B6B04 ZwCreateThread
SSDT BA7B6B13 ZwDeleteKey
SSDT BA7B6B1D ZwDeleteValueKey
SSDT BA7B6B22 ZwLoadKey
SSDT BA7B6AF0 ZwOpenProcess
SSDT BA7B6AF5 ZwOpenThread
SSDT BA7B6B2C ZwReplaceKey
SSDT BA7B6B27 ZwRestoreKey
SSDT BA7B6B18 ZwSetValueKey
SSDT BA7B6AFF ZwTerminateProcess
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAcceptConnectPort [0x805A45F6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheck [0x805F0AD8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x805F430E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByType [0x805F0B0A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x805F4348]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x805F0B40]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x805F438C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x805F43D0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAddAtom [0x806153D4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAddBootEntry [0x80616108]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAdjustGroupsToken [0x805EBEBE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x805EBB16]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAlertResumeThread [0x805D4B1E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAlertThread [0x805D4ACE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x806159FA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x805B5F62]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateUuids [0x80615016]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAllocateVirtualMemory [0x805A8A80]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805B0576]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805D65E2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCallbackReturn [0x8050189C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x805C861C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCancelIoFile [0x80576AE6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCancelTimer [0x80538BEE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwClearEvent [0x8060E5E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwClose [0x805BC4DC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x805F4848]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompactKeys [0x80623398]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompareTokens [0x805F8D5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompleteConnectPort [0x805A4CE4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCompressKey [0x806235EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwConnectPort [0x805A4596]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwContinue [0x80544EA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateDebugObject [0x80642132]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateDirectoryObject [0x805BE48C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateEvent [0x8060E634]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateEventPair [0x8061697E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateFile [0x80579084]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateIoCompletion [0x80578A62]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateJobObject [0x805D55A6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateJobSet [0x805D52DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateMailslotFile [0x80579192]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateMutant [0x80616D76]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateNamedPipeFile [0x805790BE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreatePagingFile [0x805AB9B4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreatePort [0x805A50B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateProcess [0x805D11EA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateProcessEx [0x805D1134]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateProfile [0x80617196]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateSection [0x805AB38E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateSemaphore [0x80614734]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x805C39A6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateTimer [0x80616646]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateToken [0x805F9104]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateWaitablePort [0x805A50D6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDebugActiveProcess [0x8064320E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDebugContinue [0x8064335E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDelayExecution [0x80616058]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeleteAtom [0x8061588A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeleteFile [0x80576C2C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x805F4954]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDeviceIoControlFile [0x8057924A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDisplayString [0x806126B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDuplicateObject [0x805BDFB4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwDuplicateToken [0x805ECD6C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwEnumerateKey [0x80624014]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x806160FA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwEnumerateValueKey [0x8062427E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwExtendSection [0x805B3C82]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFilterToken [0x805ECF18]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFindAtom [0x8061563E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushBuffersFile [0x80576CF8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushInstructionCache [0x805B67F6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushKey [0x806244E8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushVirtualMemory [0x805AC6C8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFlushWriteBuffer [0x805B6798]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x805B6304]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFreeVirtualMemory [0x805B2F5E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwFsControlFile [0x8057927E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetContextThread [0x805D14E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetDevicePowerState [0x805C863E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetPlugPlayEvent [0x80599116]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwGetWriteWatch [0x80521196]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x805F8A50]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwImpersonateClientOfPort [0x805A5140]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwImpersonateThread [0x805D77A2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwInitializeRegistry [0x8062190A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwInitiatePowerAction [0x805C8416]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwIsProcessInJob [0x805D51A2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x805C862A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwListenPort [0x805A534C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLoadDriver [0x8058413A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLoadKey2 [0x806255F8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockFile [0x805792B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockProductActivationKeys [0x80612CA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockRegistryKey [0x80623698]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwLockVirtualMemory [0x805B68FE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMakePermanentObject [0x805BE282]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMakeTemporaryObject [0x805BC580]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMapUserPhysicalPages [0x805B53C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x805B5912]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwMapViewOfSection [0x805B1FE6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x80579ECA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwNotifyChangeKey [0x806259B6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x806245EA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenDirectoryObject [0x805BE55E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenEvent [0x8060E734]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenEventPair [0x80616A56]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenFile [0x8057A182]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenIoCompletion [0x80578B3A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenJobObject [0x805D572C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenKey [0x80624BA6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenMutant [0x80616E4E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x805F4416]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenProcessToken [0x805ED706]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenProcessTokenEx [0x805ED36A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenSection [0x805AA3B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenSemaphore [0x8061482E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x805C3B8C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenThreadToken [0x805ED724]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenThreadTokenEx [0x805ED4DA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenTimer [0x80616768]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPlugPlayControl [0x80645400]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPowerInformation [0x805C94AC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPrivilegeCheck [0x805F7B02]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805F3728]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805F3914]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwProtectVirtualMemory [0x805B83CA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwPulseEvent [0x8060E7EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryAttributesFile [0x80576ED6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDebugFilterState [0x8053FBD6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDefaultLocale [0x806103DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8061103E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDirectoryFile [0x80579E64]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryDirectoryObject [0x805BE5FE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryEaFile [0x8057A1B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryEvent [0x8060E8B4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryFullAttributesFile [0x8057702A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationAtom [0x806158B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationFile [0x8057AA1E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationJobObject [0x805D5BFE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationPort [0x805A53AA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationProcess [0x805CCF4E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationThread [0x805CBB7C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInformationToken [0x805ED804]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryInstallUILanguage [0x806107DC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryIntervalProfile [0x80617618]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryIoCompletion [0x80578BE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryKey [0x80624EE8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryMultipleValueKey [0x80622916]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryMutant [0x80616EF6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryObject [0x805C5278]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryOpenSubKeys [0x80622FC2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryPerformanceCounter [0x806176A6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x8057B800]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySection [0x805B858C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySecurityObject [0x805C0046]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySemaphore [0x806148E6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x805C3C2C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x80616124]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x806160EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemInformation [0x806110BE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQuerySystemTime [0x8061287E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryTimer [0x80616820]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryTimerResolution [0x80612910]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryValueKey [0x806219EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryVirtualMemory [0x805B8C1A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8057BCEA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwQueueApcThread [0x805D1230]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRaiseException [0x80544EEC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRaiseHardError [0x80614558]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadFile [0x8057C48A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadFileScatter [0x8057C9F4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadRequestData [0x805A5E32]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReadVirtualMemory [0x805B426E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x805D2738]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReleaseMutant [0x8061702E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReleaseSemaphore [0x80614A16]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRemoveIoCompletion [0x80578EDA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRemoveProcessDebug [0x806432DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRenameKey [0x806231EA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyPort [0x805A54B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyWaitReceivePort [0x805A647A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x805A5E82]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReplyWaitReplyPort [0x805A579C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestDeviceWakeup [0x805C85AE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestPort [0x805A2A10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestWaitReplyPort [0x805A2D3C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwRequestWakeupLatency [0x805C83BC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwResetEvent [0x8060E9C6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwResetWriteWatch [0x8052167E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwResumeProcess [0x805D4A78]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwResumeThread [0x805D495A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSaveKey [0x806252A4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSaveKeyEx [0x8062538A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSaveMergedKeys [0x806254B2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSecureConnectPort [0x805A3D2A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetContextThread [0x805D16F4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDebugFilterState [0x80645F96]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x80614402]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDefaultLocale [0x8061052E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetDefaultUILanguage [0x80610DA0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetEaFile [0x8057A6C6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetEvent [0x8060EA86]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetEventBoostPriority [0x8060EB50]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetHighEventPair [0x80616D12]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x80616C42]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationDebugObject [0x80642CA8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationFile [0x8057B010]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationJobObject [0x805D690C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationKey [0x806224E2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationObject [0x805C47EE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationProcess [0x805CDE44]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationThread [0x805CC0C8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetInformationToken [0x805F9E7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetIntervalProfile [0x8061717A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetIoCompletion [0x80578E78]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetLdtEntries [0x805D38A4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetLowEventPair [0x80616CAE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x80616BD6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetQuotaInformationFile [0x8057B7DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSecurityObject [0x805C05DA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x806163A8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemInformation [0x8060F3EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemPowerState [0x80652E18]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetSystemTime [0x80613B86]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetThreadExecutionState [0x805C82D0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetTimer [0x80538D7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetTimerResolution [0x80613058]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetUuidSeed [0x80614ECC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSetVolumeInformationFile [0x8057C0F4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwShutdownSystem [0x80612676]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x80526774]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwStartProfile [0x806173C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwStopProfile [0x8061756E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSuspendProcess [0x805D4A22]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSuspendThread [0x805D4894]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwSystemDebugControl [0x80617792]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTerminateJobObject [0x805D74A0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTerminateThread [0x805D2B7C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTestAlert [0x805D4BE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTraceEvent [0x80535114]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwTranslateFilePath [0x80616116]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnloadDriver [0x805842CE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnloadKey [0x80622064]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnloadKeyEx [0x80622286]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnlockFile [0x80579656]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnlockVirtualMemory [0x805B6E8C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwUnmapViewOfSection [0x805B2DF4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwVdmControl [0x805FB236]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForDebugEvent [0x80642A10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805C0790]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForSingleObject [0x805C06A6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitHighEventPair [0x80616B72]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitLowEventPair [0x80616B0E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteFile [0x8057CEF2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteFileGather [0x8057D4D6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteRequestData [0x805A5E5A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWriteVirtualMemory [0x805B4378]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwYieldExecution [0x80504AF4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwCreateKeyedEvent [0x80617BEA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwOpenKeyedEvent [0x80617CD4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwReleaseKeyedEvent [0x80617D86]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) ZwWaitForKeyedEvent [0x80617FE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

Protokoll GMER Teil II:

INT 0x00 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805421C0
INT 0x01 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054233C
INT 0x03 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80542750
INT 0x04 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805428D0
INT 0x05 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80542A30
INT 0x06 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80542BA4
INT 0x07 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054321C
INT 0x09 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543620
INT 0x0A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543740
INT 0x0B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543880
INT 0x0C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543AE0
INT 0x0D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80543DCC
INT 0x0E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805444E0
INT 0x0F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x10 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544938
INT 0x11 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544A74
INT 0x12 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x13 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544BDC
INT 0x14 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x15 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x16 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x17 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x18 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x19 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E710C
INT 0x2A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805419EE
INT 0x2B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541AF0
INT 0x2C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541CA0
INT 0x2D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054262C
INT 0x2E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541471
INT 0x2F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80544818
INT 0x30 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B30
INT 0x31 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B3A
INT 0x32 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B44
INT 0x33 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B4E
INT 0x34 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B58
INT 0x35 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B62
INT 0x36 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B6C
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E6864
INT 0x38 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B80
INT 0x39 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B8A
INT 0x3A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B94
INT 0x3B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540B9E
INT 0x3C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BA8
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E7E2C
INT 0x3E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BBC
INT 0x3F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BC6
INT 0x40 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BD0
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E7C88
INT 0x42 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BE4
INT 0x43 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BEE
INT 0x44 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540BF8
INT 0x45 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C02
INT 0x46 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C0C
INT 0x47 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C16
INT 0x48 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C20
INT 0x49 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C2A
INT 0x4A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C34
INT 0x4B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C3E
INT 0x4C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C48
INT 0x4D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C52
INT 0x4E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C5C
INT 0x4F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C66
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E693C
INT 0x51 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C7A
INT 0x52 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C84
INT 0x53 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C8E
INT 0x54 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540C98
INT 0x55 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CA2
INT 0x56 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CAC
INT 0x57 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CB6
INT 0x58 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CC0
INT 0x59 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CCA
INT 0x5A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CD4
INT 0x5B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CDE
INT 0x5C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CE8
INT 0x5D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CF2
INT 0x5E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540CFC
INT 0x5F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D06
INT 0x60 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D10
INT 0x61 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D1A
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9EF167E
INT 0x63 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D2E
INT 0x64 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D38
INT 0x65 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D42
INT 0x66 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D4C
INT 0x67 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D56
INT 0x68 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D60
INT 0x69 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D6A
INT 0x6A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D74
INT 0x6B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D7E
INT 0x6C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D88
INT 0x6D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D92
INT 0x6E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540D9C
INT 0x6F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DA6
INT 0x70 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DB0
INT 0x71 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DBA
INT 0x72 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DC4
INT 0x73 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DCE
INT 0x74 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B93F4E54
INT 0x75 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DE2
INT 0x76 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DEC
INT 0x77 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540DF6
INT 0x78 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E00
INT 0x79 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E0A
INT 0x7A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E14
INT 0x7B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E1E
INT 0x7C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E28
INT 0x7D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E32
INT 0x7E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E3C
INT 0x7F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E46
INT 0x80 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E50
INT 0x81 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E5A
INT 0x82 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E64
INT 0x83 pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation) B9F4A046
INT 0x83 iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) B9E55264
INT 0x83 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B9680CB8
INT 0x83 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9CFDE10
INT 0x83 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B93F4E54
INT 0x83 pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation) B9F4A046
INT 0x84 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B93F4E54
INT 0x85 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E82
INT 0x86 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E8C
INT 0x87 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540E96
INT 0x88 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EA0
INT 0x89 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EAA
INT 0x8A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EB4
INT 0x8B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EBE
INT 0x8C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EC8
INT 0x8D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540ED2
INT 0x8E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EDC
INT 0x8F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EE6
INT 0x90 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EF0
INT 0x91 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540EFA
INT 0x92 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F04
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation) BA248495
INT 0x94 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9659DFC
INT 0x94 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9CFDE10
INT 0x94 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B93F4E54
INT 0x94 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9659DFC
INT 0x95 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F22
INT 0x96 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F2C
INT 0x97 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F36
INT 0x98 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F40
INT 0x99 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F4A
INT 0x9A \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F54
INT 0x9B \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F5E
INT 0x9C \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F68
INT 0x9D \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F72
INT 0x9E \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F7C
INT 0x9F \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F86
INT 0xA0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F90
INT 0xA1 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540F9A
INT 0xA2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FA4
INT 0xA3 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation) BA24FC90
INT 0xA4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FB8
INT 0xA5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FC2
INT 0xA6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FCC
INT 0xA7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FD6
INT 0xA8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FE0
INT 0xA9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FEA
INT 0xAA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FF4
INT 0xAB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80540FFE
INT 0xAC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541008
INT 0xAD \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541012
INT 0xAE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054101C
INT 0xAF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541026
INT 0xB0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541030
INT 0xB1 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation) B9F8331E
INT 0xB2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541044
INT 0xB3 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054104E
INT 0xB4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541058
INT 0xB5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541062
INT 0xB6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054106C
INT 0xB7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541076
INT 0xB8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541080
INT 0xB9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054108A
INT 0xBA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541094
INT 0xBB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054109E
INT 0xBC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410A8
INT 0xBD \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410B2
INT 0xBE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410BC
INT 0xBF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410C6
INT 0xC0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410D0
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E6AC0
INT 0xC2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410E4
INT 0xC3 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410EE
INT 0xC4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805410F8
INT 0xC5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541102
INT 0xC6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054110C
INT 0xC7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541116
INT 0xC8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541120
INT 0xC9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054112A
INT 0xCA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541134
INT 0xCB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054113E
INT 0xCC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541148
INT 0xCD \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541152
INT 0xCE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054115C
INT 0xCF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541166
INT 0xD0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541170
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E5E54
INT 0xD2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541184
INT 0xD3 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054118E
INT 0xD4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541198
INT 0xD5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411A2
INT 0xD6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411AC
INT 0xD7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411B6
INT 0xD8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411C0
INT 0xD9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411CA
INT 0xDA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411D4
INT 0xDB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411DE
INT 0xDC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411E8
INT 0xDD \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411F2
INT 0xDE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805411FC
INT 0xDF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541206
INT 0xE0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541210
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E7048
INT 0xE2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541224
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E6DAC
INT 0xE4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541238
INT 0xE5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541242
INT 0xE6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054124C
INT 0xE7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541256
INT 0xE8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541260
INT 0xE9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054126A
INT 0xEA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541274
INT 0xEB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 8054127E
INT 0xEC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541288
INT 0xED \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541292
INT 0xEE \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541299
INT 0xEF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412A0
INT 0xF0 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412A7
INT 0xF1 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412AE
INT 0xF2 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412B5
INT 0xF3 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412BC
INT 0xF4 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412C3
INT 0xF5 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412CA
INT 0xF6 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412D1
INT 0xF7 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412D8
INT 0xF8 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412DF
INT 0xF9 \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412E6
INT 0xFA \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412ED
INT 0xFB \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412F4
INT 0xFC \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 805412FB
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E75A8
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E7748
INT 0xFF \WINDOWS\system32\ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation) 80541310

SYSENTER \WINDOWS\system32\ntkrnlpa.exe

Braucht nichts peinlich zu sein.

Zwischenfrage. Kommt die Virenmeldung mit den verschiedenen .tmp Ordnern noch ?

Protokoll GMER Teil 3:
ZwQueryPortInformationProcess [0x805CB8FC]

80541540
---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)

Device \FileSystem\Fastfat \FatCdrom Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Mup \Dfs Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\DLAIFS_M \TfsCd DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\DLAIFS_M \TfsCd ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\DLAIFS_M \TfsCd ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\WudfPf \Device\WUDFLpcDevice WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009b usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009b ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \Driver\smi2 \Device\SMI2Services smi2.sys (SMI BIOS driver/IBM Corp.)
Device \Driver\smi2 \Device\SMI2Services ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios netbios.sys (NetBIOS interface driver/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\AFS2K \Device\OAKAFSUI AFS2K.SYS (Audio File System/Oak Technology Inc.)
Device \Driver\AFS2K \Device\OAKAFSUI ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000009c ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000008f ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Device\00000033
Device \Device\00000026
Device \Driver\IBMPMDRV \Device\PMDRV ibmpmdrv.sys (ThinkPad Power Management Driver/Lenovo.)
Device \Driver\IBMPMDRV \Device\PMDRV ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009d usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009d ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\psadd \Device\PsaDD0 psadd.sys (SMBIOS Driver/Lenovo (United States) Inc.)
Device \Driver\psadd \Device\PsaDD0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE0 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000040
Device \Device\00000034
Device \Device\00000027
Device \Driver\Tcpip \Device\Ip tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000002 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000002 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Fips \Device\Fips Fips.SYS (FIPS-Verschlüsselungstreiber/Microsoft Corporation)
Device \Driver\Fips \Device\Fips ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Video0
Device \Driver\avgio \Device\avgio avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)
Device \Driver\ACPI \Device\0000009e ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE1 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000041
Device \Device\00000035
Device \Device\00000028
Device \Driver\WudfPf \Device\ProcessManagement WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Device\Video1
Device \Driver\usbhub \Device\0000009f usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000009f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\00000042
Device \Device\00000036
Device \Device\00000029
Device \Driver\NDProxy \Device\NDProxy NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Device\0000000a
Device \Device\00000037
Device \Device\00000043
Device \Device\00000050
Device \Device\RdpDrDvMgr
Device \Driver\Mouclass \Device\PointerClass0 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Video2
Device \Device\0000000b
Device \Device\00000038
Device \Device\00000044
Device \Device\00000051
Device \Driver\Mouclass \Device\PointerClass1 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Processor
Device \Driver\Compbatt \Device\CompositeBattery compbatt.sys (Composite Battery Driver/Microsoft Corporation)
Device \Driver\Compbatt \Device\CompositeBattery ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Video3
Device \Driver\PROCDD \Device\ProcDD PROCDD.SYS (IPS Helper Driver/Lenovo Group Limited)
Device \Driver\PROCDD \Device\ProcDD ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\0000000c
Device \Device\00000039
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\00000045
Device \Driver\usbuhci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Video4
Device \Driver\dmio \Device\DmControl\DmIoDaemon dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmIoDaemon ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmConfig dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmConfig ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmPnP dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmPnP ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmInfo dmio.sys (E/A-Treiber für NT Datenträgerverwaltung/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmInfo ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\i
Device \Driver\ACPI_HAL \Device\00000053 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000053 hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDrPort rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\BTKRNL \Device\BTKRNL btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.)
Device \Driver\BTKRNL \Device\BTKRNL ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\BTKRNL \Device\BTKRNL btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.)
Device \Driver\PnpManager \Device\00000047 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000047 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{9253803D-A826-462C-95FB-54E6608C3F1A} netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{9253803D-A826-462C-95FB-54E6608C3F1A} ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0002 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0002 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000048 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000048 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbhub \Device\000000a0 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\000000a0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\DLACDBHM \Device\sscdbhook1 DLACDBHM.SYS (Shared Driver Component/Sonic Solutions)
Device \Driver\IpNat \Device\IPNAT ipnat.sys (IP Network Address Translator/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Tcpip \Device\Tcp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000049 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000049 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0010 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0010 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\i2omgmt \Device\I2OExec i2omgmt.SYS (I2O Utility Filter/Microsoft Corporation)
Device \Driver\i2omgmt \Device\I2OExec ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TcUsb \Device\000000a1 tcusb.sys (TouchChip USB Kernel Driver/UPEK Inc.)
Device \Driver\TcUsb \Device\000000a1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-5 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-5 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TVTPktFilter \Device\{B536963E-0DF4-41DD-985D-60FC12384228} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\tvtfilter \Device\TVTFilter tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)
Device \Driver\ACPI \Device\00000057 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDr rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0011 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0011 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\ugtdipow \Device\ugtdipow ugtdipow.sys
Device \Driver\ugtdipow \Device\ugtdipow ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\mdmxsdk \Device\ConexantDiagnosticsServer mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant)
Device \Driver\mdmxsdk \Device\ConexantDiagnosticsServer ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000058 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\CmBatt \Device\AcAdapter0 CmBatt.sys (Control Method Battery Driver/Microsoft Corporation)
Device \Driver\CmBatt \Device\AcAdapter0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Http\Filter
Device \Device\Http\AppPool
Device \Device\Http\Control
Device \Driver\Ftdisk \Device\HarddiskVolume2 ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0013 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0013 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000065 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ks.sys (Kernel CSA Library/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio sysaudio.sys (System Audio WDM Filter/Microsoft Corporation)
Device \Driver\TVTPktFilter \Device\TVTPktFilter NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0020 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0020 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0007 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0007 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume3 ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume3 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0

Die Anti Vir Meldung war zwischendurch mal wieder da!

Protokoll GMER Teil 4:

Device \Device\Ide\PciIde0
Device \Driver\atmeltpm \Device\TPM0 atmeltpm.sys (Atmel TPM Driver/Atmel, Inc.)
Device \Driver\atmeltpm \Device\TPM0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000067 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPIEC \Device\ACPIEC ACPIEC.sys (ACPI Embedded Controllertreiber/Microsoft Corporation)
Device \Driver\ACPIEC \Device\ACPIEC ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0015 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0015 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\PptpMiniport \Device\{AD96B222-A779-47A1-A146-0DC129E2E8A8} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\00000068 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\Pcmcia \Device\Pcmcia0 pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation)
Device \Driver\Pcmcia \Device\Pcmcia0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PxHelp20 \Device\PxHelperDevice0 PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)
Device \Driver\CmBatt \Device\ControlMethodBattery0 CmBatt.sys (Control Method Battery Driver/Microsoft Corporation)
Device \Driver\CmBatt \Device\ControlMethodBattery0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0009 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0009 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \FileSystem\DRVNDDM \Device\drvnddm DRVNDDM.SYS (Device Driver Manager/Sonic Solutions)
Device \FileSystem\DRVNDDM \Device\drvnddm ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000069 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0017 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0017 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000077 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000090 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0018 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0018 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\HSF_DPV \Device\HSF_MDMDevice0 HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.)
Device \Driver\HSF_DPV \Device\HSF_MDMDevice0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003e ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003e ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TSMAPIP \Device\TSMAPIP TSMAPIP.SYS
Device \Driver\TSMAPIP \Device\TSMAPIP ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\RasPppoe \Device\{9EB255F7-2D72-47A6-AB33-CC1AA0618E35} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\adfs \Device\ADVirtualDisk\Volume adfs.SYS (Adobe Drive File System Driver/Adobe Systems, Inc.)
Device \Driver\adfs \Device\ADVirtualDisk\Volume ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\adfs \Device\ADVirtualDisk\Volume ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\adfs \Device\ADVirtualDisk\Control adfs.SYS (Adobe Drive File System Driver/Adobe Systems, Inc.)
Device \Driver\adfs \Device\ADVirtualDisk\Control ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\adfs \Device\ADVirtualDisk\Control ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000091 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\TVTPktFilter \Device\{BDF03991-86F2-4481-A746-86A45DCDE557} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TDSMAPI \Device\TDSMAPI TDSMAPI.SYS
Device \Driver\TDSMAPI \Device\TDSMAPI ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000078 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0019 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0019 pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
Device \Driver\NETw4x32 \Device\{9253803D-A826-462C-95FB-54E6608C3F1A} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\00000092 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000079 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004c ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004c ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\AEAudioService \Device\DsdaFilter AEAudio.sys (Audio Noise Filtering Driver (32-bit)/Andrea Electronics Corporation)
Device \Driver\ACPI \Device\0000005a ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000093 ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\Shockprf \Device\Shockpf0 Apsx86.sys (Shockproof Disk Driver/Lenovo.)
Device \Driver\PnpManager \Device\0000004d ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004d ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TPPWRIF \Device\TPPWRIF Tppwrif.sys
Device \Driver\TPPWRIF \Device\TPPWRIF ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager MountMgr.sys (Mount Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004e ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004e ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005b ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\BTKRNL \Device\00000094 btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.)
Device \Driver\BTKRNL \Device\00000094 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\BTKRNL \Device\00000094 btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.)
Device \Driver\ssmdrv \Device\ssmctl ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\ssmdrv \Device\ssmctl ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\EGATHDRV \Device\egathdrv EGATHDRV.SYS (IBM eGatherer Kernel Module/IBM Corporation)
Device \Driver\EGATHDRV \Device\egathdrv ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000004f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\e1express \Device\{08D58BAD-64B7-468C-97BD-67603609B453} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005c ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\Srv \Device\LanmanServer srv.sys (Server driver/Microsoft Corporation)
Device \Driver\Wanarp \Device\WANARP wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)
Device \Driver\Shockprf \Device\ShockMgr Apsx86.sys (Shockproof Disk Driver/Lenovo.)
Device \Driver\ACPI \Device\0000005d ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\HDAudBus \Device\00000096 HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider)
Device \Driver\e1express \Device\INTELPRO_{08D58BAD-64B7-468C-97BD-67603609B453} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Smapint \Device\Smapi0 Smapint.sys (SMAPI I/O/Microsoft Corporation)
Device \Driver\Smapint \Device\Smapi0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Device\Harddisk0\DP(1)0x7e00-0x1bf267a200+2
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006a ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWanIp NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\irda \Device\IrDA irda.sys (IRDA Protocol Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\RawIp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Device\Harddisk1\DP(1)0x7e00-0x118b0e2200+3
Device \Driver\Disk \Device\Harddisk1\DR1 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk1\DR1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Device\Harddisk1\DP(2)0x118b0ea000-0x116b38000+4
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006b ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\Modem \Device\00000098 Modem.SYS (Modemgerätetreiber/Microsoft Corporation)
Device \Driver\Modem \Device\00000098 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006c ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\usbhub \Device\00000099 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000099 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\pmem \Device\PMEM pmemnt.sys (Physical Memory Driver/Microsoft Corporation)
Device \Driver\pmem \Device\PMEM ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006d ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ANC \Device\{9253803D-A826-462C-95FB-54E6608C3F1A}_ANC83Monitor ANC.SYS (IBM Access Connections - ANC/IBM Corp.)
Device \Driver\ANC \Device\{9253803D-A826-462C-95FB-54E6608C3F1A}_ANC83Monitor ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ipsec.sys (IPSec Driver/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006e ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000007b ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\dmload \Device\DmLoader dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.)
Device \Driver\dmload \Device\DmLoader ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000005 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000005 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\BTDriver \Device\BtPort0 btport.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation.)
Device \Driver\BTDriver \Device\BtPort0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\HSFHWAZL \Device\MICH_AZ0 HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.)
Device \Driver\HSFHWAZL \Device\MICH_AZ0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWan NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\isapnp \Device\0000006f isapnp.sys (PNP-ISA-Bustreiber/Microsoft Corporation)
Device \Driver\isapnp \Device\0000006f ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000007c ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\lenovo.smi \Device\lenovo.smi smiif32.sys (SMI Driver for Lenovo system/Lenovo Group Limited)
Device \Driver\lenovo.smi \Device\lenovo.smi ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\DRVMCDB \Device\drvmcdb DRVMCDB.SYS (Device Driver/Sonic Solutions)
Device \Driver\DRVMCDB \Device\drvmcdb ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \Driver\Gpc \Device\Gpc msgpc.sys (MS General Packet Classifier/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000007d ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ftdisk.sys (FT-Datenträgertreiber/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-4 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\PrivateDisk \Device\PrivateDisk PrivateDiskM.sys (SafeGuard® PrivateDisk Driver/Utimaco Safeware AG)
Device \Driver\PrivateDisk \Device\PrivateDisk ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\TPHKDRV \Device\TPHKDRV TPHKDRV.sys (ThinkPad Hotkey Driver/Lenovo Group Limited)
Device \Driver\TPHKDRV \Device\TPHKDRV ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\winachsf \Device\Winachsf0 HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.)
Device \Driver\winachsf \Device\Winachsf0 ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \Driver\IBMTPCHK \Device\IBMBLDID IBMBLDID.sys
Device \Driver\IBMTPCHK \Device\IBMBLDID ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Mup \Device\WinDfs\Root Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000009a ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation)
Device \Driver\avipbb \Device\avipbb avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)
Device \Driver\avipbb \Device\avipbb ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \
Device \FileSystem\Fastfat \Fat Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat ntkrnlpa.exe (NT-Kernel und -System/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat