Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU-Trojaner eingefangen

GVU-Trojaner eingefangen


Log-Analyse und Auswertung: GVU-Trojaner eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.12.2012, 15:58   #1
mithrandir31
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen


Hallo liebe Helfer,
ich habe mir heute auf meinem Lenovo ThinkPad Edge E530 den GVU-Trojaner eingefangen, in dem man aufgefordert wird 100€ zu zahlen, um den Laptop wieder zu entsperren (was ich natürlich nicht gemacht habe).
Auf meinem alten Laptop habe ich mich daraufhin etwas im Internet darüber informiert und habe bereits folgende Schritte unternommen:
1.) Internet ausgeschaltet, Laptop über Power-Knopf ausgeschaltet und (offline) neu gestartet. Ergebnis: Seither ist keine Sperre mehr zu sehen und Laptop ohne (sichtbare) Probleme zu verwenden
2.) mehrfaches Scannen mit einem AntiVir-Programm ergab keine Fehlermeldungen
3.) die zu erledigenden Schritte vor dem Erstellen eines Beitrags in diesem Forum unternommen. Hier sind die Ergebnisse:

OTL logfile created on: 28.12.2012 15:17:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Forrest\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,60 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 43,57% Memory free
7,21 Gb Paging File | 4,48 Gb Available in Paging File | 62,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,59 Gb Total Space | 613,84 Gb Free Space | 90,33% Space Free | Partition Type: NTFS
Drive E: | 14,42 Gb Total Space | 4,39 Gb Free Space | 30,41% Space Free | Partition Type: FAT32
Drive Q: | 17,58 Gb Total Space | 4,08 Gb Free Space | 23,23% Space Free | Partition Type: NTFS

Computer Name: FORREST-THINK | User Name: Forrest | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.28 15:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Forrest\Desktop\OTL.exe
PRC - [2012.12.24 19:28:48 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.09.07 08:10:38 | 000,604,048 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2012.09.07 08:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2012.09.07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.08.09 03:28:12 | 000,145,256 | ---- | M] (AuthenTec Inc.) -- C:\Programme\Lenovo Fingerprint Reader\x86\BioMonitor.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2012.05.16 06:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2012.05.15 16:26:56 | 001,528,120 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\SimpleTap\SimpleTap.exe
PRC - [2012.04.10 17:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2012.04.10 17:42:54 | 000,283,984 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012.04.10 17:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012.04.10 17:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2012.04.10 04:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2012.03.06 23:49:18 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.06 23:49:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.06 23:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.03.06 23:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.27 12:01:00 | 000,049,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
PRC - [2012.02.24 10:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
PRC - [2012.02.21 18:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.02.21 18:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012.02.21 18:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.02.21 18:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2012.01.25 08:44:56 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2012.01.17 07:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2012.01.04 20:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.29 11:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.12.24 16:19:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008.01.10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.24 19:28:30 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.17 17:34:28 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1352c3e5dd49f3bf8c2f8e106ceb79fb\WindowsFormsIntegration.ni.dll
MOD - [2012.11.17 17:33:47 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d0dc33658e23a6f960c46a5beab7ecf\System.Management.ni.dll
MOD - [2012.11.17 17:32:21 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
MOD - [2012.11.17 17:32:21 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
MOD - [2012.11.17 17:32:14 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
MOD - [2012.11.17 17:32:11 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012.11.17 17:32:11 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
MOD - [2012.11.17 17:31:35 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll
MOD - [2012.11.15 23:02:20 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012.11.15 23:02:07 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012.11.15 23:01:59 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012.11.15 23:01:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012.11.15 22:56:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012.11.15 22:56:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012.11.15 22:56:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.11.15 22:56:41 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.11.15 22:56:40 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012.11.15 22:56:39 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.11.15 22:56:34 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Services (SafeList) ==========

SRV:64bit: - [2012.02.29 07:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.12.28 21:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2012.12.24 19:28:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.27 21:49:52 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2012.08.09 03:27:56 | 000,328,552 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\Lenovo Fingerprint Reader\TrueSuiteService.exe -- (FPLService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012.06.15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.05.16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2012.05.16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2012.04.10 17:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV - [2012.04.10 17:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2012.04.10 17:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2012.04.10 04:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2012.03.06 23:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.03.06 23:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.06 23:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.03.06 23:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.27 12:01:00 | 000,049,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (Intel(R)
SRV - [2012.02.26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.02.26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.02.26 04:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.02.26 04:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.02.21 18:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.02.21 18:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.02.21 18:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.02.09 08:10:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.02 13:28:32 | 000,145,472 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2012.01.17 15:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.01.17 07:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2012.01.09 11:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.29 11:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.12.24 16:19:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.11.09 19:11:05 | 008,447,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2011.07.12 08:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 08:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.07 10:09:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.07.23 22:48:02 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2012.07.06 20:16:55 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.05.16 06:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.04.02 05:40:50 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.28 13:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012.02.29 07:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.02.20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.02.14 11:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.02.01 21:52:02 | 014,659,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.01.31 06:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.01.04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.12.28 21:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.12.26 10:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.12.24 16:19:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.12.23 13:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.12.20 16:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.12.20 16:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.12.08 21:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.08 21:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.12.07 17:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
DRV:64bit: - [2011.12.06 12:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.30 10:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.30 10:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.11.10 10:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.27 03:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011.08.23 13:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011.05.29 11:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011.03.30 01:57:24 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2011.03.30 01:57:24 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.09.29 11:23:56 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\ex64.sys -- (NAVEX15)
DRV - [2012.09.29 11:23:56 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\eng64.sys -- (NAVENG)
DRV - [2012.09.15 12:09:45 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.09.08 09:33:34 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.31 23:32:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120928.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.31 23:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.01.30 19:40:02 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7098F934-FBBA-4044-98BA-71783D8873C2}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4812_5&babsrc=SP_ss&mntrId=de8ad114000000000000000000000000
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE500
IE - HKCU\..\SearchScopes\{7098F934-FBBA-4044-98BA-71783D8873C2}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=de&utid=de8ad114000000000000b888e3337514&q={searchTerms}&r=689
IE - HKCU\..\SearchScopes\{DC08E7DC-247A-4D2A-97CD-181540FA95E5}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{FB6910B8-C4B7-439A-A54A-AC700FCB5B10}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F8E3799B-5576-4476-9794-9923BD139CE4&apn_sauid=AC2BF075-C41B-4200-813F-D7CE52E7E1AC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=KW_ss&mntrId=de8ad114000000000000000000000000&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.09.07 09:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.12.28 13:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.07.06 10:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.11.27 18:17:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.24 19:28:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.24 19:28:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.09.06 19:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Forrest\AppData\Roaming\mozilla\Extensions
[2012.12.22 22:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Forrest\AppData\Roaming\mozilla\Firefox\Profiles\6pwtvhsn.default\extensions
[2012.12.22 22:36:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Forrest\AppData\Roaming\mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\ich@maltegoetz.de
[2012.11.24 10:56:30 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Forrest\AppData\Roaming\mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\toolbar@ask.com
[2012.11.24 10:56:30 | 000,002,308 | ---- | M] () -- C:\Users\Forrest\AppData\Roaming\mozilla\firefox\profiles\6pwtvhsn.default\searchplugins\askcom.xml
[2012.09.06 19:36:55 | 000,001,523 | ---- | M] () -- C:\Users\Forrest\AppData\Roaming\mozilla\firefox\profiles\6pwtvhsn.default\searchplugins\zonealarm.xml
[2012.12.24 19:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.24 19:28:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.12.01 17:45:30 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.25 03:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.13 19:50:22 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.12.24 19:28:29 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4812_5&babsrc=SP_ss&mntrId=de8ad114000000000000000000000000
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: TrueSuite (Enabled) = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombkllfdikmoepjdpmdaiinfbjpnkboa\2.0_0\npwebsitelogon.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ask Toolbar = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.33308_0\
CHR - Extension: Website Logon = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\
CHR - Extension: SiteAdvisor = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\Lenovo Fingerprint Reader\IEBHO.dll (AuthenTec Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\Lenovo Fingerprint Reader\IEBHO.dll (AuthenTec Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - Startup: C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Forrest\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66A4E558-1577-4C88-8C72-94F0E341C0D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A8E848F-F561-4816-B1A8-B218ADF09978}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BF20AEC-2AC9-42DB-9016-F9982AB1877E}: NameServer = 213.191.74.12 62.109.123.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.15 04:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{a0fb3d99-c74b-11e1-a9dc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a0fb3d99-c74b-11e1-a9dc-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 04:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.28 15:16:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Forrest\Desktop\OTL.exe
[2012.12.28 12:55:46 | 000,204,712 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Forrest\wgsdgsdgdsgsd.dll
[2012.12.24 19:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.23 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Local\Macromedia
[2012.12.22 22:40:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.12.15 17:41:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.01 17:47:28 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012.12.01 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012.12.01 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012.12.01 17:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012.12.01 17:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012.12.01 17:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012.12.01 17:45:52 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\NCH Software
[2012.12.01 17:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.12.01 17:45:17 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Babylon
[2012.12.01 17:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.09.09 08:19:20 | 006,233,848 | ---- | C] (Absolute Software Corp.) -- C:\Users\Forrest\AppData\Roaming\LoJackSetup.exe
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.28 15:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Forrest\Desktop\OTL.exe
[2012.12.28 15:16:27 | 000,000,000 | ---- | M] () -- C:\Users\Forrest\defogger_reenable
[2012.12.28 15:11:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.28 14:49:46 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.28 14:49:46 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.28 14:49:46 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.28 14:49:46 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.28 14:49:46 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.28 13:42:31 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 13:42:31 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 13:35:30 | 629,696,000 | -HS- | M] () -- C:\Windows\lenovo_fastboot.img
[2012.12.28 13:35:15 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.12.28 13:35:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.28 13:34:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 13:34:27 | 2901,872,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.28 12:57:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.28 12:55:50 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 12:55:46 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Forrest\wgsdgsdgdsgsd.dll
[2012.12.23 11:37:37 | 000,037,986 | ---- | M] () -- C:\Users\Forrest\AppData\Roaming\AbsoluteReminder.xml
[2012.12.22 13:59:43 | 000,434,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.18 09:23:17 | 004,094,249 | ---- | M] () -- C:\Users\Forrest\Desktop\chem. Garten.jpeg
[2012.12.15 17:41:30 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.12.01 17:46:53 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.28 15:16:27 | 000,000,000 | ---- | C] () -- C:\Users\Forrest\defogger_reenable
[2012.12.28 12:55:50 | 000,002,940 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 12:55:46 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.15 17:41:30 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.12.01 17:47:32 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2012.12.01 17:47:26 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad.lnk
[2012.12.01 17:47:12 | 000,001,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
[2012.12.01 17:47:03 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2012.12.01 17:46:53 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
[2012.12.01 17:46:53 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2012.11.21 17:43:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.09.07 10:42:36 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.06 18:55:20 | 000,037,986 | ---- | C] () -- C:\Users\Forrest\AppData\Roaming\AbsoluteReminder.xml
[2012.09.06 18:54:54 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.09.06 15:08:20 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.06 10:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.07.06 10:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012.07.06 10:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.07.06 10:29:23 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.07.06 10:29:23 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.07.06 10:29:21 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.07.06 10:29:19 | 013,007,360 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.12.01 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Babylon
[2012.09.06 19:38:45 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\CheckPoint
[2012.12.28 14:28:17 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Dropbox
[2012.09.15 15:05:03 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\klett
[2012.09.06 19:01:18 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Leadertech
[2012.12.15 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Lenovo
[2012.09.06 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\LSC
[2012.11.27 19:05:04 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\mathegrafix
[2012.09.06 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\PwrMgr

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Forrest\Desktop\chem. Garten.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Forrest\Desktop\chem. Garten 2.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

OTL Extras logfile created on: 28.12.2012 15:17:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Forrest\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,60 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 43,57% Memory free
7,21 Gb Paging File | 4,48 Gb Available in Paging File | 62,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,59 Gb Total Space | 613,84 Gb Free Space | 90,33% Space Free | Partition Type: NTFS
Drive E: | 14,42 Gb Total Space | 4,39 Gb Free Space | 30,41% Space Free | Partition Type: FAT32
Drive Q: | 17,58 Gb Total Space | 4,08 Gb Free Space | 23,23% Space Free | Partition Type: NTFS

Computer Name: FORREST-THINK | User Name: Forrest | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6DAA28-A70F-42F5-9971-27F6F1A23841}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B750B9D-0494-4ECE-899B-DF365155E38D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{21E2F099-0E3C-4A70-AE4E-F7F00CFDE06E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B458400-3D61-4C09-AFB0-65996CFC4332}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E5632CF-17E8-4979-9F73-7E61FC91BF73}" = rport=139 | protocol=6 | dir=out | app=system |
"{308D4A52-B2D4-4E6D-A310-B424DD4CEA72}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41154DD5-3869-4E67-8934-0275BF39FD0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A3785C8-0C72-435F-B6E3-70102CC3A35B}" = rport=138 | protocol=17 | dir=out | app=system |
"{4FCDCA92-13E4-4055-8ED2-7467DDDFFED1}" = lport=138 | protocol=17 | dir=in | app=system |
"{5199756C-EB26-42A8-A398-AE171EAC3FB0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E6B3D44-AEF7-47C5-A79E-2D65BB393B40}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69B7CA96-3997-40BD-BAB6-BDF0CED366BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C1BA950-8FCA-46BE-8E53-085F244CE538}" = lport=139 | protocol=6 | dir=in | app=system |
"{75CEE9BF-1F1A-48D4-8C78-038FC0AE3994}" = lport=137 | protocol=17 | dir=in | app=system |
"{7897F525-A875-4DCF-AAC7-E4F881D22522}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94D44A15-E91C-438C-837A-70619E761B68}" = lport=445 | protocol=6 | dir=in | app=system |
"{95AB703A-A0D3-4477-8315-EF691873F20C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5A89717-1370-4AEB-88A8-65D3B789BAEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0804DE3-EA16-4731-A056-3E7E6DC0FEC0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B6186C08-D97E-4378-BE90-245CABC48E00}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C979429A-2926-441A-8B45-911FFC709C9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D61BB4CC-0F80-46B9-ACF8-9F6B717DAE4B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DDCAE531-DEBD-4B03-8C66-0591F6FC010B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E37E391F-6E50-4C70-816C-245C5597C43C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2DB4F6B-A6D7-40F2-AC0F-C52CB09E9DB3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6342BCE-D362-41C1-B61D-FD0F31A9720D}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{173F00A9-9D45-4764-955D-86DACF35453E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AC77A11-3F1C-49EC-91AB-50F4B7E9DB3A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32EB15DE-CCAD-4406-8733-496E1DC6C5FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{453D66A5-3E76-4E45-AF15-1AE7EF252F25}" = protocol=6 | dir=in | app=d:\alicesetup.exe |
"{4885C6CE-0349-4103-BEE1-1D7D3669724B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{561CEC8D-946E-4B66-AB73-CD8B532A99EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{57F3E05F-2850-420D-84DB-4834728C239E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{683B9C66-6DEA-465D-8239-2FA0A13C29B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68922BD4-A025-44B9-87A5-C39562E48185}" = protocol=6 | dir=out | app=system |
"{6A30B5D2-DBF1-4236-B52D-80719CDDE522}" = protocol=17 | dir=in | app=d:\alicesetup.exe |
"{6E7AED19-BFD6-460D-B955-A6003CB5EAD7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{707E71F6-CBC5-48B4-9FDC-98520E799946}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{7168C68D-249D-4C44-AA04-EAB93A3302FD}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{79DF38B0-ABA8-4922-9D91-98DA811530E5}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{91BA5BD4-0CFC-43F0-BE99-99E7329F9D18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9B00668A-A914-46C5-ADE3-0CEF44C04302}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9FF1F201-BFCB-4DEC-BBC4-DBC8767BEC9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0C2F6CE-1490-40E1-876C-899ABD2ED0D3}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{A529A452-924F-4524-93AE-45B12DBF7A77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB2613CE-FF64-433F-9598-E6B5D4AA7DF3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AC24A7E2-9E6C-4A48-9170-E1CA9DDB18BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF6FDE44-C3CD-4CE8-968B-1CD3C69822C0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{C3096404-9932-407C-AE89-7ADB74251431}" = protocol=58 | dir=in | app=system |
"{C31DB8BD-4AA2-4948-8CC0-6E4C0C0F58A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7C1D5E4-A0B4-4161-B550-05D39418D1CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCEC526E-F42A-4E3A-9DCD-749F92F9C3A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D2716BEB-FAB9-40C5-A9E7-A112FA16FB48}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D86844F6-D811-4879-B384-DBA2A44199AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAFF418D-3798-4543-AB07-0CD5E5E14675}" = protocol=17 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe |
"{E1DADAF2-0A2B-4399-8B37-1C3D04A58553}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{E5F54905-463E-4911-903A-08D02B42356F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E647F674-677B-48D6-B6CE-02B50521D531}" = protocol=6 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe |
"{E92CFB06-6094-493F-8B81-A7A00BE25242}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED751172-7B97-404D-8984-6D675910B3E4}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{EDE96B4E-3B66-4465-858A-7E6043AC9364}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F90F0252-9FF8-45D4-B7E4-2BB9516B294F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9A9BDE4-410A-415A-96C8-FC9D81F4D064}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FF3ACCEF-E57C-4E89-B89B-75DFD69BF4E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{326E22DA-E5A4-453E-BB68-68A3C499DD53}C:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F1BD778E-A4DA-42FF-A9FE-93746ED9129E}C:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{79AB31DF-83A6-4D49-A70E-C4CA114B0605}" = Lenovo Solution Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8CAC260-092D-41DA-A38F-73AF4226B021}" = Lenovo Graphics Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 290.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 290.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B57D4097-F2FE-4222-BA02-46C6EC8B7944}" = DisplayLink Core Software
"{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap
"{C5BB9380-D729-410A-A440-061EBCADCCB9}" = Fingerprint Reader
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032)
"76052A6680822C2132A1EB4E64568F3C9591560E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"E3535F123E7F666D573665142F90D3E5004DC326" = Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235E938E-ACDF-4646-ADAF-38F8D403EDAF}_is1" = Elemente Chemie Arbeitsblätter 1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5B5DEF99-85E9-423D-A1A3-B83202697B09}" = Lenovo Solutions for Small Business Customizations
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}" = Message Center Plus
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99DBFE8E-8143-4311-816B-AC3FE200B933}" = Rund um ... Chemie heute SI (Teil 1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EAB00-6FAE-417B-8A4E-9578E2215F63}_is1" = Elemente Chemie Arbeitsblätter 2 deinstallieren
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar
"Fastboot" = RapidBoot HDD Accelerator
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Klett Service-CD Lambacher Schweizer" = Klett Service-CD Lambacher Schweizer
"McAfee Security Scan" = McAfee Security Scan Plus
"MixPad" = MixPad
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStage" = PhotoStage Slideshow Producer
"Prism" = Prism Video File Converter
"SugarSync" = SugarSync Manager
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.3
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.12.2012 18:16:25 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 10.12.2012 13:03:17 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 11.12.2012 12:28:49 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 09:38:20 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 11:02:52 | Computer Name = Forrest-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 23.0.1271.95,
Zeitstempel: 0x50b5708f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x72d94f0d ID des fehlerhaften
Prozesses: 0x26b0 Startzeit der fehlerhaften Anwendung: 0x01cdd874530dff3e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: ffdbc091-446c-11e2-942c-b888e3337514

Error - 13.12.2012 12:27:29 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 13.12.2012 17:12:22 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 14.12.2012 12:13:25 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 15.12.2012 12:26:08 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 15.12.2012 12:29:57 | Computer Name = Forrest-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 23.0.1271.97,
Zeitstempel: 0x50be88d8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x73224f0d ID des fehlerhaften
Prozesses: 0x1eec Startzeit der fehlerhaften Anwendung: 0x01cddae143a277a6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a942d990-46d4-11e2-8cbc-685d43930278

[ Lenovo-Message Center Plus/Admin Events ]
Error - 06.12.2012 17:24:59 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 11.12.2012 17:03:49 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 11.12.2012 17:03:49 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 11.12.2012 17:03:49 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 13.12.2012 18:05:43 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 13.12.2012 18:05:45 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 13.12.2012 18:05:47 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 19.12.2012 12:33:08 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 19.12.2012 12:33:10 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 19.12.2012 12:33:13 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

[ System Events ]
Error - 18.12.2012 03:43:41 | Computer Name = Forrest-THINK | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.1938.0 Update Source: %%859 Update Stage:
%%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 18.12.2012 05:56:57 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 18.12.2012 05:56:58 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 18.12.2012 05:56:59 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 18.12.2012 06:06:43 | Computer Name = Forrest-THINK | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.1938.0 Update Source: %%859 Update Stage:
%%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 18.12.2012 18:10:05 | Computer Name = Forrest-THINK | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.

Error - 19.12.2012 12:41:41 | Computer Name = Forrest-THINK | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.2135.0 Update Source: %%859 Update Stage:
%%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 19.12.2012 18:10:49 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 21.12.2012 09:06:31 | Computer Name = Forrest-THINK | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 21.12.2012 09:06:31 | Computer Name = Forrest-THINK | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >

da bei den anderen posts die Sperre nicht wegging bzw. immer darauf hingewiesen wurde, dass das nicht für jeden PC 1:1 zu übernehmen ist, hoffe ich, dass mir jemand von euch weiterhelfen kann und mir sagt, wie ich weiter vorzugehen hab...

Schon mal vielen Dank im Vorraus

 

Themen zu GVU-Trojaner eingefangen
autorun, babylontoolbar, bho, browser, error, festplatte, firefox, flash player, format, home, install.exe, internet, lenovo, logfile, mozilla, nvidia update, nvpciflt.sys, object, plug-in, pwmtr64v.dll, realtek, registry, rundll, scan, search the web, security, senden, siteadvisor, software, svchost.exe, symantec, usb, windows


« tr/attraps gen hat den lapi erwischt | GVU Trojaner »


Ähnliche Themen: GVU-Trojaner eingefangen


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU-Trojaner eingefangen - Hallo liebe Helfer, ich habe mir heute auf meinem Lenovo ThinkPad Edge E530 den GVU-Trojaner eingefangen, in dem man aufgefordert wird 100€ zu zahlen, um den Laptop wieder zu entsperren - GVU-Trojaner eingefangen...
Archiv
Du betrachtest: GVU-Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131