| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner unter Windows VISTAWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.01.2013, 19:10
| #1 |
 |  GVU-Trojaner unter Windows VISTA Hallo, ich hab mir den GVU-Trojaner eingefangen. Nach einiger Suche zu dem Problem (anderer Rechner) hab ich mit einer Start-CD und Kaspersky WindowsUnlocker und manuellem Datei-Löschen schon das Gröbste bereinigt und konnte immerhin wieder Windows starten. Dann hab ich direkt Malwarebytes Anti-Malware ausgeführt und ordentlich gescannt. Aber nichts mehr gefunden. Trotzdem hab ich das Gefühl dass irgendwas nicht richtig am PC ist. Beim Start gibts jetzt jedesmal eine Fehlermeldung. Dabei gehts zwar um eine "Rescue und Recovery"-Programm das auf meinem Notebook vorinstalliert war, aber bisher hatte ich keine Fehlermeldung. Außerdem hieß der Autostart-Ordner in meinem Startmenü plötzlich "Startup". Jetzt hab ich die Programme "defogger", "OTL" und "Gmer" ausgeführt. Die Logs sind hier: Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 23.01.2013 17:39:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,18% Memory free
4,22 Gb Paging File | 3,38 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96,40 Gb Total Space | 4,95 Gb Free Space | 5,13% Space Free | Partition Type: NTFS
Drive D: | 47,30 Gb Total Space | 9,77 Gb Free Space | 20,65% Space Free | Partition Type: NTFS
Computer Name: TB-MOBIL | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2025591093-2054289321-3464103709-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1025BA7F-E65F-445A-8F0B-BB527380EEE0}" = lport=137 | protocol=17 | dir=in | app=system |
"{110F98CB-570C-4576-BC59-EA14E5EF8CE2}" = rport=138 | protocol=17 | dir=out | app=system |
"{409228E9-7407-4184-A3ED-247354B4C1FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56DED6A7-AAD0-4506-83BB-7D2F06B29FD1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{57FFD1AE-EA06-447F-A82C-5FA260655EF6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7E5B8CDA-2860-47D9-84F6-009642437F5A}" = lport=138 | protocol=17 | dir=in | app=system |
"{8BE6B0A8-1C75-45B5-9724-B10339A77230}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93917ED4-522D-4DC1-9B64-49C922B95475}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B207301-5F8B-4959-B036-ED274B281CA5}" = rport=139 | protocol=6 | dir=out | app=system |
"{ACEF2F67-2CD2-409F-AD56-A057E7D7B201}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B9A70F2D-CF28-4B22-BE63-DF611FF9C088}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3CE0CAD-5A92-4F46-81EE-4F6464178852}" = lport=445 | protocol=6 | dir=in | app=system |
"{E88D0E75-9841-4B89-8A81-9E7DB7A36007}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{EBBB5DCF-2886-45D0-A361-E0C21AF3A3E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ED42027E-EF1F-4A83-8413-1DAEB8268BBC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FCFFC7ED-3CB8-4964-B61F-DF9237AC8796}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0707D78E-7A3A-40AA-9C28-351DD4D86547}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{10ECBF8D-51D7-4CB3-9079-C984730DA38D}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{28CF06E1-B883-4C45-82DA-8D872AAF5421}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{2A8F4F8B-A013-4D8C-9D86-DA8C80C68684}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{4A816557-44F0-4258-B990-30399C808F65}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4AD823A7-87BF-4F74-B71C-50374D510BC7}" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{5C02C78F-1C6A-4863-A7E3-6A8120B50DC2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60F57D54-DCA4-41FE-B92D-7657A9EBA3E3}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{6ADECF92-38D5-4DF8-A029-ECDA82313C6F}" = protocol=6 | dir=in | app=c:\users\***\desktop\ida\ida pro advanced edition\idaq.exe |
"{6DB82D25-6BA6-433D-8BEC-67266E5C561E}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe |
"{918F9546-445D-42C0-96D6-AC3E95133990}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{98E13EF7-A5E3-4276-AFCC-444F528D0BC4}" = protocol=6 | dir=out | app=c:\program files\airvideoserver\airvideoserver.exe |
"{99344BF7-ADC1-419F-BFB0-C526A71AEAE8}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A955DCC3-C9A7-4A81-A73D-CFEA00C42BD8}" = protocol=17 | dir=in | app=c:\users\***\desktop\ida\ida pro advanced edition\idaq.exe |
"{AA46CFA1-DF29-4CB2-A003-65ADBFF51A1C}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{C173CA25-4085-4264-8B9C-EF8A08959F62}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3A817AC-A2DE-4D11-B416-CF417C8FF660}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{CE70920F-86E4-475B-BD44-43925A1FDE51}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D860027A-A72A-42BF-AD1C-19F6EA0E4CAB}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{D9FBD163-2FFF-4369-8FF1-360556129555}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DA1DF8BD-B041-400D-B579-42EBC4BCDD1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DDA096B0-0697-4E69-9361-860FCF9F9E29}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ED2B07BC-4B18-4059-AB8C-08F0DEFA4929}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F02DFF1C-5EED-4926-A8BF-13CA5623672F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2ADE5C7-FBBC-4FF1-BECC-971400E619C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0A47FD98-07F6-439A-830C-08D85B30CAFE}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{0D06D730-1FB5-49A1-B898-B7037385AC2E}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{0E4D7702-061B-471B-9BF9-B55156CEAD05}C:\program files\emule0.49b\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule0.49b\emule.exe |
"TCP Query User{168D50F2-909B-44E7-A817-DD8A801324FF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1D60A7A3-527E-424D-8CC0-DFC55D5D0C35}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{24D848DE-85B2-4028-A39C-667A7FD51A92}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{279F5BFA-EE07-471D-9C4B-3C3D091C539C}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{2A4E5A1F-5BE4-4562-9D75-752D34DD8E7F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2F634941-1993-4C82-AA58-8D46E1D05BDA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{336A2B4A-A90D-430A-9B68-D49F912F9CB5}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{3D513C41-266D-4765-8613-FCF782E94FFB}C:\program files\concept design\onlinetv 4\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe |
"TCP Query User{3DE706B9-905B-4CA3-9335-C5704B21D783}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3E4440F6-41ED-4D21-8B0C-97B157A0E907}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{48F0B438-50A9-4358-831B-65740B38245D}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{4F15F754-DB4F-4BD1-9809-E1E45BEC5793}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{516B0038-27E6-4F4F-A81D-BCB182806348}C:\program files\emule0.48a\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule0.48a\emule.exe |
"TCP Query User{567A53B4-D250-462F-8A15-FD6542C53730}C:\users\***\desktop\gta\gtawin\gtawin.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\gta\gtawin\gtawin.exe |
"TCP Query User{5A7D5166-CE16-47A8-8C28-1D1C85C8D4C9}C:\program files\emule0.48a\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule0.48a\emule.exe |
"TCP Query User{5AB97D84-BD63-462A-BB9F-BF6FB310A225}C:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"TCP Query User{85D0A82F-D304-43D6-BEA7-0BADB45D9753}I:\stuff\blobby\volley.exe" = protocol=6 | dir=in | app=i:\stuff\blobby\volley.exe |
"TCP Query User{89DC0A4A-9BEC-43C0-9948-FA818515F544}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9A97D0B4-2AE9-473F-8B5B-70AE17E535B6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A55D8537-91BD-49DF-AB11-9E397EE9BBAC}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"TCP Query User{A9E6CF63-3687-4DBA-81DA-5E1DAF4E7CDA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{B2C72289-7F41-45F0-A2C9-1EB56ABCDF08}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{C360CBAD-E2CC-4F6F-9B26-D53AD1D9D77D}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"TCP Query User{D8552CD8-7589-4F64-B672-2F051BFF247A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{D8EDD7D4-1298-45A5-9458-823C0D857F23}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{DE1BB17D-3542-46C0-9016-8BD03ACE3B85}C:\users\***\desktop\games\gta\gtawin\gtawin.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\games\gta\gtawin\gtawin.exe |
"TCP Query User{E96B3942-FE18-468F-8DB1-6EA90399873A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{F22FC8FF-11FC-40CB-A8D1-7D0C0389345B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{FD0A5A04-4ECA-4416-9A8E-1CF6BDFD2321}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{04058F6A-333D-40E5-B361-311CCEEA6EA6}C:\program files\emule0.48a\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule0.48a\emule.exe |
"UDP Query User{0441CEB9-F499-453A-8825-A2F6DDD87B9C}C:\program files\concept design\onlinetv 4\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe |
"UDP Query User{05E5A4FD-10BE-4619-9FCE-3F7B73633EA4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{156613AD-6EFA-4203-AE44-DDD39AAF889A}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"UDP Query User{1E5F338F-6FAA-4E2C-93CB-D39601DB3708}C:\users\***\desktop\gta\gtawin\gtawin.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\gta\gtawin\gtawin.exe |
"UDP Query User{20513F0C-BA0C-4C6D-874D-22D1A496D3D4}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{22B45105-2432-4373-83F4-AA54D71B9756}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{280070F5-D57A-4718-860D-35B3E461AF71}C:\program files\emule0.48a\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule0.48a\emule.exe |
"UDP Query User{290EC590-E521-424A-B4A0-C96911DCAEA0}I:\stuff\blobby\volley.exe" = protocol=17 | dir=in | app=i:\stuff\blobby\volley.exe |
"UDP Query User{36362BAC-49CB-4B55-AE11-F9FF4CC18C14}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{46BDD58D-26A9-4E64-9AC6-54562D8CCFDF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{495EE38D-86B4-4199-B62E-1E859AFC8A88}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4BFD8AB0-E9AE-4780-AC61-D215AFD4BB06}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{531C25F3-8AB9-4BFC-8C70-2C994649F339}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"UDP Query User{6DD64D81-4AF6-41F0-AF00-6E9325EBB574}C:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"UDP Query User{77FD7AD8-7F58-4D17-893D-A10C73657E80}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{7A9F7A81-0DA3-4FEB-AC68-EA4884C32C58}C:\program files\emule0.49b\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule0.49b\emule.exe |
"UDP Query User{82A8C488-607B-4437-9FB7-944A9FE6599C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{ABBE2CF1-AFC3-49AE-9600-EC720D0F1BFE}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{BE26C9EC-8698-4F25-AF3A-8408CBE4E4A1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{C54AADEE-1580-4612-88FA-9426A3F77D00}C:\users\***\desktop\games\gta\gtawin\gtawin.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\games\gta\gtawin\gtawin.exe |
"UDP Query User{CABFCD5E-26C7-4001-A9A9-FC82AFAFC177}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CF22CF37-D23B-4893-AEFA-0C6766C329F4}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{D05C1B57-2FB7-45E9-A52A-D6F01F4FF26C}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{D3FF2FE7-13E9-4D27-9E4E-3257B4FBEA45}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{DC48C01B-21BE-4437-83B1-03B85010FFDF}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{E8482BD2-BDFD-422D-98DA-838C4B005C36}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{EC55A03F-204D-4DED-941D-F9E4F686DCA6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EC85F72F-6CB1-48FF-8858-FCF2F4E6CFB8}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{ECB7203B-CC76-4A54-957C-0F885BE2D140}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{F008D385-E078-4172-B975-B5CDF2AFE143}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{FB57B8BA-6056-4F8B-BEA2-0465E7EE8D51}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{57F66B4D-C3C6-4CE2-AA9C-CDDE448F5DC1}" = ape@map
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7AE25201-3E12-4FA2-9E65-67CD475D9263}" = ACDSee 9 Foto-Manager
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{809B22DC-A386-4F22-0023-DE0000000001}" = EXAM 11.0
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{83B0CE83-BE3C-464B-851B-19555F6A8633}" = Vista Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F9BE2A8-2FA2-438E-934B-6F237B641167}" = Cooliris for Internet Explorer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148E192-F289-4297-85BF-70E2A422EB25}_is1" = Android-Sync (PRE-ALPHA) ver0.192a
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4278936-73B8-4250-AF88-21E26249D5F8}" = REFPROP
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{ECE355F2-E477-47db-83DA-6311841ABC23}}_is1" = Sceneo Vcopy Version 1.5
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2705192-1C10-4FD9-A10F-47D9D9706287}" = PowerArchiver 2007 German
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Air Video Server" = Air Video Server 2.4.3
"Allway Sync_is1" = Allway Sync version 12.0.12
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AwayTask" = Maintenance Manager
"Blender" = Blender (remove only)
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CD/DVD Diagnostic" = CD/DVD Diagnostic
"CloneCD" = CloneCD
"Contour Storyteller 3.0.1" = Contour Storyteller
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.6
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.7.7 (09/10/2012)
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.2.1
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FreePDF_XP" = FreePDF (Remove only)
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"Grand Theft Auto" = Grand Theft Auto
"HandBrake" = HandBrake 0.9.5
"IDA Pro Free_is1" = IDA Pro Free v4.9
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"IsoBuster_is1" = IsoBuster 2.3
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"LastFM_is1" = Last.fm 1.5.4.24567
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManyCam" = ManyCam 3.0.80 (remove only)
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mp3tag" = Mp3tag v2.44
"NetLimiter 2 Pro" = NetLimiter 2 Pro (remove only)
"NfoDiz 6.0 Setup" = NfoDiz 6.0 Setup
"NSchach3a_is1" = N Schach 3 beta
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = Anzeige am Bildschirm
"Orbit_is1" = Orbit Downloader
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCFriendly" = PCFriendly
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SecondLife" = SecondLife (remove only)
"sevMail ActiveX_is1" = sevMail ActiveX 1.3.0.121
"ST6UNST #1" = List Maker
"Stellarium_is1" = Stellarium 0.11.1
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.5
"Update Engine" = Sony Ericsson Update Engine
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"Videoload Manager" = Videoload Manager 2.0.2200
"Videora iPod nano Converter" = Videora iPod nano Converter 5.03
"Visual Studio 6.0 Professional Edition (deu)" = Microsoft Visual Studio 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 2.0.3
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Weight Watchers FlexPoints" = Weight Watchers FlexPoints
"Winamp" = Winamp
"Windows Password Recovery Lastic_is1" = Windows Password Recovery Lastic 1.0
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.93
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bb91a114638258b8" = Google Contact Sync
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webGAMET" = webGAMET
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2013 11:52:02 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rrservice.exe, Version 4.10.314.0, Zeitstempel
0x4693e5ea, fehlerhaftes Modul rrservice.exe, Version 4.10.314.0, Zeitstempel 0x4693e5ea,
Ausnahmecode 0xc0000005, Fehleroffset 0x000018ff, Prozess-ID 0xb90, Anwendungsstartzeit
01cdf981434e0b13.
Error - 23.01.2013 12:14:27 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spmtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059,
fehlerhaftes Modul spmtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059, Ausnahmecode
0xc0000005, Fehleroffset 0x00005a57, Prozess-ID 0x16ec, Anwendungsstartzeit 01cdf9849b6d8de3.
Error - 23.01.2013 12:15:25 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SPMtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059,
fehlerhaftes Modul SPMtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059, Ausnahmecode
0xc0000005, Fehleroffset 0x00005a57, Prozess-ID 0x1114, Anwendungsstartzeit 01cdf984c67a8513.
Error - 23.01.2013 12:16:25 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x11a0, Anwendungsstartzeit
01cdf984debdc333.
Error - 23.01.2013 12:17:26 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x145c, Anwendungsstartzeit
01cdf98502994c23.
Error - 23.01.2013 12:18:25 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x1688, Anwendungsstartzeit
01cdf98526639703.
Error - 23.01.2013 12:19:26 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x824, Anwendungsstartzeit
01cdf985472ab403.
Error - 23.01.2013 12:20:25 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x1690, Anwendungsstartzeit
01cdf9856aeff5d3.
Error - 23.01.2013 12:22:28 | Computer Name = TB-Mobil | Source = MsiInstaller | ID = 11500
Description =
Error - 23.01.2013 12:30:10 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rrservice.exe, Version 4.10.314.0, Zeitstempel
0x4693e5ea, fehlerhaftes Modul rrservice.exe, Version 4.10.314.0, Zeitstempel 0x4693e5ea,
Ausnahmecode 0xc0000005, Fehleroffset 0x000018ff, Prozess-ID 0xcd0, Anwendungsstartzeit
01cdf9869b418148.
[ NetLimiter Events ]
Error - 24.02.2008 14:52:50 | Computer Name = TB-Mobil | Source = NetLimiter 2 | ID = 1000
Description = NetLimiter trial expired.
[ OSession Events ]
Error - 17.12.2007 13:26:38 | Computer Name = TB-Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3507
seconds with 120 seconds of active time. This session ended with a crash.
Error - 25.02.2010 12:54:48 | Computer Name = TB-Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 202
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.01.2013 17:11:56 | Computer Name = TB-Mobil | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 21.01.2013 17:12:03 | Computer Name = TB-Mobil | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 21.01.2013 17:12:10 | Computer Name = TB-Mobil | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 21.01.2013 17:12:18 | Computer Name = TB-Mobil | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 23.01.2013 01:42:19 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description =
Error - 23.01.2013 01:42:49 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description =
Error - 23.01.2013 11:50:52 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description =
Error - 23.01.2013 11:51:52 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description =
Error - 23.01.2013 12:29:35 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description =
Error - 23.01.2013 12:31:05 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 23.01.2013 17:39:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,18% Memory free 4,22 Gb Paging File | 3,38 Gb Available in Paging File | 80,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 96,40 Gb Total Space | 4,95 Gb Free Space | 5,13% Space Free | Partition Type: NTFS Drive D: | 47,30 Gb Total Space | 9,77 Gb Free Space | 20,65% Space Free | Partition Type: NTFS Computer Name: TB-MOBIL | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.23 17:34:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.17 18:05:23 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.17 18:05:08 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.12.17 18:05:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.17 18:05:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.07 19:10:20 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2012.10.19 23:23:13 | 000,197,344 | ---- | M] () -- C:\Programme\ContourStoryteller\ContourAutoplay.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2010.06.17 20:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2009.05.21 19:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.03.14 09:08:38 | 000,054,560 | ---- | M] (Lenovo.) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe PRC - [2008.03.11 12:33:02 | 000,054,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.03 13:27:44 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007.07.10 20:56:04 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2007.07.10 20:48:20 | 000,022,016 | ---- | M] () -- C:\Programme\Common Files\Lenovo\Logger\logmon.exe PRC - [2007.06.05 16:11:28 | 000,034,352 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMHandler.exe PRC - [2007.04.09 19:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2007.03.16 04:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe PRC - [2007.02.28 18:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\LenovoCare\LPMGR.EXE PRC - [2007.02.12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 12:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.01.30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE PRC - [2006.11.15 15:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe PRC - [2006.11.15 15:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2006.11.07 11:51:20 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE PRC - [2006.10.05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.10.19 23:23:13 | 000,197,344 | ---- | M] () -- C:\Programme\ContourStoryteller\ContourAutoplay.exe MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007.04.14 14:30:56 | 000,139,264 | ---- | M] () -- C:\Programme\Common Files\Lenovo\CDRecord.dll MOD - [2007.04.09 19:03:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll MOD - [2007.02.28 18:02:00 | 000,063,024 | ---- | M] () -- C:\Programme\Lenovo\LenovoCare\GR\LPRESMGR.DLL MOD - [2006.05.24 12:33:32 | 000,024,576 | ---- | M] () -- C:\Programme\Lenovo\PM Driver\PMHlerIO.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Users\***\wgsdgsdgdsgsd.exe -- (Winmgmt) SRV - [2012.12.17 18:05:23 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.17 18:05:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.07 19:10:20 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum) SRV - [2009.05.21 19:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.02.06 19:32:08 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.03.14 09:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.10.03 13:27:44 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.10.02 09:38:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007.07.10 20:56:04 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2007.03.21 19:57:56 | 000,516,096 | ---- | M] (Locktime Software) [Disabled | Stopped] -- C:\Programme\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc) SRV - [2007.03.16 04:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\PM Driver\PMSveH.exe -- (PMSveH) SRV - [2007.02.12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.01.30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC) SRV - [2006.11.15 15:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\NSNDIS5.SYS -- (NSNDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nixsrkw.sys -- (nixsrkw) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.12.17 18:05:30 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.12.17 18:05:30 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.16 18:48:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.02.22 11:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012.01.11 07:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2011.08.15 14:51:40 | 000,054,144 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.08.08 20:07:38 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.08.08 20:07:38 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2010.02.23 10:51:14 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2010.02.23 10:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.07.11 07:20:49 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2009.05.29 06:41:27 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.07.30 06:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.05.12 17:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2008.03.04 18:59:28 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.10.03 13:26:54 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.10.02 09:23:34 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) DRV - [2007.09.12 16:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5) DRV - [2007.05.22 20:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2007.04.23 12:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\nltdi.sys -- (nltdi) DRV - [2007.04.10 14:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2007.01.13 01:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.01.09 01:25:53 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.12.26 13:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.12.19 01:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.09 13:34:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2006.11.08 08:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.06 09:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2003.10.28 16:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Programme\InfinaDyne\Shared\CDRPDACC.SYS -- (CDRPDACC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6091C9F7-19C2-42AD-B8D3-A44DA4CDC733} IE - HKLM\..\SearchScopes\{6091C9F7-19C2-42AD-B8D3-A44DA4CDC733}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&source=iglk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {847B4734-CA42-4B30-83B1-10C89310A4F8} IE - HKCU\..\SearchScopes\{847B4734-CA42-4B30-83B1-10C89310A4F8}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3 FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.9.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( ) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.22 17:57:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.04 18:54:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.04 18:54:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.11 11:30:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.23 17:23:27 | 000,000,000 | ---D | M] [2010.02.23 17:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.09.01 08:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions [2010.05.16 15:26:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.21 19:31:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.26 11:46:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.06.14 21:37:21 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\facepad@lazyrussian.com [2012.02.22 14:24:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.03 16:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.03.27 10:30:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 20:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.02.22 14:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2010.03.31 18:53:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.03 16:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.03.27 10:30:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 20:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.02.22 14:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.06.27 19:41:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011.06.14 21:53:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.14 21:53:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.06.14 21:53:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.14 21:53:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.14 21:53:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.14 21:53:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ig?hl=de&source=iglk CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ig?hl=de&source=iglk CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files\Common Files\mpDRM\NPMPDRM.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: fluxDVD Placeholder Plugin (Enabled) = C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: DivX HiQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (Reg Error: Value error.) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (Lenovo) O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited) O4 - HKCU..\Run: [ContourCameraFinder] C:\Program Files\ContourStoryteller\ContourAutoplay.exe () O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: apemap.com ([]http in Trusted sites) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22A7612-A91E-4D35-96D2-16A05D5F388F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD98FF75-9315-4485-81B0-7FED0807963F}: NameServer = 192.168.2.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{132ec8fc-ea15-11dc-a0fb-00197efec164}\Shell - "" = AutoRun O33 - MountPoints2\{132ec8fc-ea15-11dc-a0fb-00197efec164}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.23 17:34:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.21 21:06:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.01.21 21:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.21 21:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.21 21:05:30 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.21 21:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.06 02:54:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{99B320C2-3D70-4476-962C-233A4A4783EC} [2013.01.05 14:53:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{992A9D7C-9BCB-4975-8CA1-F7064550786A} [2013.01.05 12:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux_2.6.1 [2013.01.03 19:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2013.01.03 10:07:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity [2013.01.03 10:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity_2.0.2 [2009.12.06 17:21:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA988.dll [2008.04.04 21:08:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys [4 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.23 17:34:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.23 17:29:51 | 000,044,528 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2013.01.23 17:28:56 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI [2013.01.23 17:27:50 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2013.01.23 17:27:50 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll [2013.01.23 17:27:48 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003UA.job [2013.01.23 17:27:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.23 17:26:54 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 17:26:54 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 17:26:51 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI [2013.01.23 17:26:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.23 17:26:35 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2013.01.23 17:25:34 | 000,004,796 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.01.23 17:25:01 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.23 17:22:03 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.23 17:01:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.23 16:49:54 | 000,044,528 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2013.01.21 21:05:31 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.20 16:04:11 | 000,001,356 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2013.01.13 18:27:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003Core.job [2013.01.13 18:10:02 | 000,003,180 | ---- | M] () -- C:\Windows\cdplayer.ini [2013.01.13 13:37:49 | 000,652,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.13 13:37:49 | 000,135,860 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.13 13:37:49 | 000,009,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.13 13:37:49 | 000,006,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.12 10:31:06 | 000,002,097 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk [2013.01.06 12:08:31 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013.01.06 12:08:30 | 000,123,904 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [4 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.23 17:24:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.23 17:22:33 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.21 21:05:31 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.05 18:54:55 | 000,000,080 | ---- | C] () -- C:\Users\***\AppData\Local\X-Plane Installer.prf [2012.02.23 19:21:58 | 000,004,529 | ---- | C] () -- C:\Users\***\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.pdf [2012.02.23 19:19:58 | 000,010,231 | ---- | C] () -- C:\Users\***\******_t***_elster_2048 - ALT.pfx [2012.02.01 18:34:29 | 000,000,216 | ---- | C] () -- C:\Windows\w32dasm8.ini [2011.11.11 16:55:32 | 000,000,186 | ---- | C] () -- C:\Windows\KLETT.INI [2011.11.11 16:52:04 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE [2011.02.16 21:19:09 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.02.16 21:19:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.08.25 20:04:45 | 000,038,434 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2010.04.15 17:04:42 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.04.02 19:32:23 | 000,610,304 | ---- | C] () -- C:\Users\***\AppData\Local\filesync.metadata [2010.04.02 18:57:43 | 000,027,503 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2010.02.09 17:58:28 | 103,082,663 | ---- | C] () -- C:\Users\***\Archiv.CTF [2009.05.12 18:25:11 | 000,010,599 | ---- | C] () -- C:\Users\***\******_t***_elster_2048.pfx [2008.11.27 11:37:16 | 002,327,552 | ---- | C] () -- C:\Users\***\AppData\Local\cooliris-win-ie-release-1.9.0.16396.msi [2008.05.14 16:16:33 | 000,000,016 | ---- | C] () -- C:\Users\***\persistent_state [2008.04.04 21:08:36 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2008.04.04 21:08:36 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2008.04.04 21:08:36 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2007.12.01 21:49:34 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib [2007.12.01 18:15:12 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini [2007.12.01 18:15:11 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc [2007.10.05 12:30:14 | 000,009,327 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML [2007.10.02 08:25:20 | 000,021,858 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2007.10.01 16:52:53 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.27 16:26:47 | 000,123,904 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.27 15:17:33 | 000,044,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2007.09.27 15:17:33 | 000,044,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2007.09.27 15:01:17 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2007.08.14 06:30:52 | 001,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty < End of report > Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-23 18:46:23
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.SB4I 149,05GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\***\AppData\Local\Temp\fwliipob.sys
---- Kernel code sections - GMER 2.0 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C807340, 0x2941C7, 0xE8000020]
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xA0928600, 0x25B0C, 0xE0000060]
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efec164
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efec164@001ca44d8cf8 0x21 0x8F 0x28 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efec164@001963e05807 0x7D 0x32 0x8C 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efec164@402ba1fc3e30 0x1A 0x3C 0x8E 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x91 0xE1 0x33 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8A 0xD9 0xDF 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD7 0x78 0xCC 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5C 0x5B 0xDE 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197efec164 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197efec164@001ca44d8cf8 0x21 0x8F 0x28 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197efec164@001963e05807 0x7D 0x32 0x8C 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197efec164@402ba1fc3e30 0x1A 0x3C 0x8E 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x91 0xE1 0x33 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8A 0xD9 0xDF 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD7 0x78 0xCC 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5C 0x5B 0xDE 0xEA ...
---- EOF - GMER 2.0 ----
Schonmal vielen Dank und einen schönen Abend. Beste Grüße, Torben |
|
24.01.2013, 10:48
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU-Trojaner unter Windows VISTA Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ |
|
24.01.2013, 11:28
| #3 |
| | GVU-Trojaner unter Windows VISTA Hallo,
__________________also der PC ist mein Privat-PC. Beim Kauf war das Betriebssystem aber vorinstalliert. Eine Auswahl ob ich lieber "Home" oder "Business" haben möchte gab es nicht. War mir auch ehrlich gesagt egal. Also es gibt daher keinen bestimmten Grund warum ich eine Business-Version hab. Die war einfach dabei  Viele Grüße, Torben |
|
24.01.2013, 11:45
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner unter Windows VISTA Ok, danke für die Erklärung Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 15:41
| #5 |
| | GVU-Trojaner unter Windows VISTA Malwarebytes hat keine Funde mehr angezeigt. Avira Anti-Virus kann ich heute Nacht mal durchlaufen lassen und bei Funden dann das Log-File posten. Sonst hab ich keine Logs von irgendwelchen Programmen. Nur die, die ich schon gepostet hab. Wenn du sonst noch Programme hast, die ich laufen lassen soll, dann immer her damit Viele Grüße, Torben |
|
24.01.2013, 15:50
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner unter Windows VISTAZitat:
__________________ --> GVU-Trojaner unter Windows VISTA |
|
24.01.2013, 19:05
| #7 |
| | GVU-Trojaner unter Windows VISTA Hallo, nein, Malwarebytes hat bei mir nie etwas angezeigt. Ich hab jedoch vorher mit der Kaspersky Rescue Disk (unter Linux) nen Scan laufen lassen und dabei wurde ein paar Dateien gefunden. Die wurden gelöscht. An die Logs zu speichern hab ich da noch nicht gedacht. Und da von der Kaspersky Rescue Disk gebootet wurde und die ganze System nur "temporär" vorhanden war, gibts leider auch keine automatisch gespeicherten Logs. Da sich mein PC aber immer noch "merkwürdig" verhält (extrem viele svchost-Dienste gestartet, Windows-Fehlermeldungen beim Start "Server ausgelastet"), bin ich mir nicht sicher ob wirklich alles weg ist. Beste Grüße, Torben Kleines Update: Avira Anti-Virus hat nix gefunden. Hab grad eine vollständige Systemprüfung durchgeführt. |
|
24.01.2013, 22:29
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner unter Windows VISTA Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2013, 07:27
| #9 |
| | GVU-Trojaner unter Windows VISTA Guten Morgen, ich bin erst heute Abend wieder an dem betroffenen PC. Werde die Logs dann aber so schnell wie möglich posten. Vielen Dank schonmal und viele Grüße, Torben |
|
25.01.2013, 12:21
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner unter Windows VISTA Ok, dann bis heute Abend
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2013, 18:20
| #11 |
| | GVU-Trojaner unter Windows VISTA Hallo, ich hab das System grad wie beschrieben gescannt. Keine Funde. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.25.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: TB-MOBIL [administrator]
25.01.2013 17:53:28
mbar-log-2013-01-25 (17-53-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31229
Time elapsed: 27 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Torben |
|
26.01.2013, 19:16
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner unter Windows VISTA 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2013, 13:31
| #13 |
| | GVU-Trojaner unter Windows VISTA Hallo und wünsche einen schönen Sonntag, also die beiden Logs sind hier: aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-27 11:36:34
-----------------------------
11:36:34.811 OS Version: Windows 6.0.6002 Service Pack 2
11:36:34.811 Number of processors: 2 586 0xF0D
11:36:34.811 ComputerName: TB-MOBIL UserName: ***
11:37:12.704 Initialize success
11:39:37.688 AVAST engine defs: 13012700
11:40:10.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:40:10.089 Disk 0 Vendor: HITACHI_ SB4I Size: 152627MB BusType: 3
11:40:10.105 Disk 0 MBR read successfully
11:40:10.120 Disk 0 MBR scan
11:40:10.136 Disk 0 unknown MBR code
11:40:10.152 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5476 MB offset 2048
11:40:10.167 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 98712 MB offset 11216896
11:40:10.198 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 48437 MB offset 213379072
11:40:10.198 Disk 0 scanning sectors +312578048
11:40:10.276 Disk 0 scanning C:\Windows\system32\drivers
11:40:23.536 Service scanning
11:40:57.638 Modules scanning
11:41:05.594 Disk 0 trace - called modules:
11:41:05.625 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
11:41:05.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8625f710]
11:41:05.625 3 CLASSPNP.SYS[88aa28b3] -> nt!IofCallDriver -> [0x8521f818]
11:41:05.641 5 acpi.sys[82e486bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85717030]
11:41:06.405 AVAST engine scan C:\Windows
11:41:13.020 AVAST engine scan C:\Windows\system32
11:45:33.278 AVAST engine scan C:\Windows\system32\drivers
11:45:49.096 AVAST engine scan C:\Users\***
12:22:03.499 AVAST engine scan C:\ProgramData
12:26:09.880 Scan finished successfully
12:55:02.089 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
12:55:02.089 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 13:18:15.0155 1648 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:18:15.0419 1648 ============================================================
13:18:15.0419 1648 Current date / time: 2013/01/27 13:18:15.0419
13:18:15.0419 1648 SystemInfo:
13:18:15.0419 1648
13:18:15.0419 1648 OS Version: 6.0.6002 ServicePack: 2.0
13:18:15.0419 1648 Product type: Workstation
13:18:15.0419 1648 ComputerName: TB-MOBIL
13:18:15.0420 1648 UserName: ***
13:18:15.0420 1648 Windows directory: C:\Windows
13:18:15.0420 1648 System windows directory: C:\Windows
13:18:15.0420 1648 Processor architecture: Intel x86
13:18:15.0420 1648 Number of processors: 2
13:18:15.0420 1648 Page size: 0x1000
13:18:15.0420 1648 Boot type: Normal boot
13:18:15.0420 1648 ============================================================
13:18:16.0094 1648 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:18:16.0096 1648 ============================================================
13:18:16.0096 1648 \Device\Harddisk0\DR0:
13:18:16.0098 1648 MBR partitions:
13:18:16.0098 1648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAB2800, BlocksNum 0xC0CC000
13:18:16.0098 1648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCB7E800, BlocksNum 0x5E9A800
13:18:16.0098 1648 ============================================================
13:18:16.0237 1648 C: <-> \Device\Harddisk0\DR0\Partition1
13:18:16.0276 1648 D: <-> \Device\Harddisk0\DR0\Partition2
13:18:16.0276 1648 ============================================================
13:18:16.0277 1648 Initialize success
13:18:16.0277 1648 ============================================================
13:19:37.0671 2224 ============================================================
13:19:37.0671 2224 Scan started
13:19:37.0671 2224 Mode: Manual; SigCheck; TDLFS;
13:19:37.0671 2224 ============================================================
13:19:38.0171 2224 ================ Scan system memory ========================
13:19:38.0171 2224 System memory - ok
13:19:38.0171 2224 ================ Scan services =============================
13:19:38.0935 2224 [ 27F954120BABB8A00F8745D8F5BC9B82 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
13:19:39.0138 2224 acedrv11 - ok
13:19:39.0185 2224 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:19:39.0216 2224 ACPI - ok
13:19:39.0325 2224 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:19:39.0356 2224 adp94xx - ok
13:19:39.0387 2224 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:19:39.0403 2224 adpahci - ok
13:19:39.0434 2224 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:19:39.0465 2224 adpu160m - ok
13:19:39.0497 2224 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:19:39.0528 2224 adpu320 - ok
13:19:39.0559 2224 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:19:39.0668 2224 AeLookupSvc - ok
13:19:39.0762 2224 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
13:19:39.0809 2224 AFD - ok
13:19:39.0871 2224 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
13:19:39.0933 2224 AgereModemAudio - ok
13:19:40.0136 2224 [ A19871AE65A769C65034B4DC44C29023 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
13:19:40.0230 2224 AgereSoftModem - ok
13:19:40.0261 2224 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:19:40.0277 2224 agp440 - ok
13:19:40.0323 2224 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:19:40.0339 2224 aic78xx - ok
13:19:40.0401 2224 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:19:40.0526 2224 ALG - ok
13:19:40.0557 2224 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
13:19:40.0573 2224 aliide - ok
13:19:40.0604 2224 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:19:40.0620 2224 amdagp - ok
13:19:40.0635 2224 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
13:19:40.0651 2224 amdide - ok
13:19:40.0667 2224 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:19:40.0854 2224 AmdK7 - ok
13:19:40.0869 2224 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:19:40.0963 2224 AmdK8 - ok
13:19:41.0462 2224 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:19:41.0478 2224 AntiVirSchedulerService - ok
13:19:41.0525 2224 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:19:41.0540 2224 AntiVirService - ok
13:19:41.0571 2224 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:19:41.0618 2224 Appinfo - ok
13:19:41.0805 2224 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:19:41.0837 2224 Apple Mobile Device - ok
13:19:41.0868 2224 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
13:19:41.0930 2224 AppMgmt - ok
13:19:41.0961 2224 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
13:19:41.0977 2224 arc - ok
13:19:41.0977 2224 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:19:41.0993 2224 arcsas - ok
13:19:42.0461 2224 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:19:42.0523 2224 aspnet_state - ok
13:19:42.0570 2224 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:42.0617 2224 AsyncMac - ok
13:19:42.0663 2224 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:19:42.0679 2224 atapi - ok
13:19:42.0757 2224 [ 293E8CC3C246A89F4CCA75B024AD757F ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
13:19:42.0788 2224 ATSWPDRV - ok
13:19:42.0851 2224 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:19:42.0913 2224 AudioEndpointBuilder - ok
13:19:42.0913 2224 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:19:42.0944 2224 Audiosrv - ok
13:19:43.0022 2224 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:19:43.0038 2224 avgntflt - ok
13:19:43.0100 2224 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:19:43.0116 2224 avipbb - ok
13:19:43.0163 2224 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:19:43.0178 2224 avkmgr - ok
13:19:43.0209 2224 [ 0B92CCF7BFCBE2B33838434F2F50CB61 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:19:43.0272 2224 b57nd60x - ok
13:19:43.0365 2224 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:19:43.0412 2224 BBSvc - ok
13:19:43.0428 2224 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:19:43.0475 2224 Beep - ok
13:19:43.0537 2224 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
13:19:43.0599 2224 BFE - ok
13:19:43.0693 2224 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
13:19:43.0771 2224 BITS - ok
13:19:43.0771 2224 blbdrive - ok
13:19:43.0865 2224 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:19:43.0880 2224 Bonjour Service - ok
13:19:43.0927 2224 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:19:43.0974 2224 bowser - ok
13:19:44.0005 2224 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:19:44.0052 2224 BrFiltLo - ok
13:19:44.0083 2224 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:19:44.0145 2224 BrFiltUp - ok
13:19:44.0192 2224 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:19:44.0255 2224 Browser - ok
13:19:44.0270 2224 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:19:44.0348 2224 Brserid - ok
13:19:44.0364 2224 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:19:44.0442 2224 BrSerWdm - ok
13:19:44.0473 2224 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:19:44.0567 2224 BrUsbMdm - ok
13:19:44.0582 2224 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:19:44.0660 2224 BrUsbSer - ok
13:19:44.0723 2224 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
13:19:44.0769 2224 BthEnum - ok
13:19:44.0801 2224 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:19:44.0863 2224 BTHMODEM - ok
13:19:44.0925 2224 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:19:44.0988 2224 BthPan - ok
13:19:45.0097 2224 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:19:45.0159 2224 BTHPORT - ok
13:19:45.0206 2224 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
13:19:45.0253 2224 BthServ - ok
13:19:45.0300 2224 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:19:45.0331 2224 BTHUSB - ok
13:19:45.0378 2224 [ 636F45A8500C1438CFA7DEE15FC5C184 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
13:19:45.0393 2224 btwaudio - ok
13:19:45.0425 2224 [ BF9256FF01B093A5D90BB7A35EC90410 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
13:19:45.0440 2224 btwavdt - ok
13:19:45.0471 2224 [ 0AB8C1AC177AFB27309E1072FAF34A37 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
13:19:45.0487 2224 btwrchid - ok
13:19:45.0549 2224 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:19:45.0612 2224 cdfs - ok
13:19:45.0659 2224 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:19:45.0705 2224 cdrom - ok
13:19:45.0830 2224 [ 30B37C18E1725EB9F25039E9A1FB9B7E ] CDRPDACC C:\Program Files\InfinaDyne\Shared\CDRPDACC.SYS
13:19:45.0877 2224 CDRPDACC ( UnsignedFile.Multi.Generic ) - warning
13:19:45.0877 2224 CDRPDACC - detected UnsignedFile.Multi.Generic (1)
13:19:45.0893 2224 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:19:45.0939 2224 CertPropSvc - ok
13:19:45.0971 2224 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
13:19:46.0033 2224 circlass - ok
13:19:46.0111 2224 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:19:46.0142 2224 CLFS - ok
13:19:46.0173 2224 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:46.0189 2224 clr_optimization_v2.0.50727_32 - ok
13:19:46.0236 2224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:19:46.0283 2224 clr_optimization_v4.0.30319_32 - ok
13:19:46.0329 2224 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:19:46.0392 2224 CmBatt - ok
13:19:46.0423 2224 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:19:46.0454 2224 cmdide - ok
13:19:46.0485 2224 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:19:46.0501 2224 Compbatt - ok
13:19:46.0501 2224 COMSysApp - ok
13:19:46.0548 2224 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:19:46.0563 2224 crcdisk - ok
13:19:46.0579 2224 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:19:46.0657 2224 Crusoe - ok
13:19:46.0688 2224 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:19:46.0735 2224 CryptSvc - ok
13:19:46.0766 2224 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
13:19:46.0813 2224 CSC - ok
13:19:46.0875 2224 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
13:19:46.0953 2224 CscService - ok
13:19:47.0000 2224 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
13:19:47.0031 2224 CVirtA ( UnsignedFile.Multi.Generic ) - warning
13:19:47.0031 2224 CVirtA - detected UnsignedFile.Multi.Generic (1)
13:19:47.0375 2224 [ E43B83A7629ABCD8D8AFFAF22319AA3A ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
13:19:47.0437 2224 CVPND - ok
13:19:47.0562 2224 [ 36C4244E4FC28ED94F2668D995ECA400 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
13:19:47.0577 2224 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
13:19:47.0577 2224 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
13:19:47.0655 2224 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:19:47.0733 2224 DcomLaunch - ok
13:19:47.0765 2224 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:19:47.0811 2224 DfsC - ok
13:19:47.0921 2224 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:19:48.0061 2224 DFSR - ok
13:19:48.0092 2224 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:19:48.0139 2224 Dhcp - ok
13:19:48.0186 2224 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:19:48.0201 2224 disk - ok
13:19:48.0420 2224 [ 5F4944CFB8E60F2B02B7CD7419B3C314 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
13:19:48.0482 2224 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
13:19:48.0482 2224 Diskeeper - detected UnsignedFile.Multi.Generic (1)
13:19:48.0513 2224 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
13:19:48.0545 2224 DNE - ok
13:19:48.0576 2224 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:19:48.0638 2224 Dnscache - ok
13:19:48.0685 2224 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:19:48.0732 2224 dot3svc - ok
13:19:48.0763 2224 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:19:48.0810 2224 DPS - ok
13:19:48.0841 2224 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:19:48.0888 2224 drmkaud - ok
13:19:48.0935 2224 [ C6B2E10CFE79169C72F0269087B9A603 ] dsltestSp5 C:\Windows\system32\Drivers\dsltestSp5.sys
13:19:48.0950 2224 dsltestSp5 - ok
13:19:48.0981 2224 [ 12986452237021FD48B08F8E23F6A7AB ] dvdfab C:\Windows\system32\drivers\dvdfab.sys
13:19:48.0997 2224 dvdfab - ok
13:19:49.0122 2224 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:19:49.0184 2224 DXGKrnl - ok
13:19:49.0247 2224 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:19:49.0356 2224 E1G60 - ok
13:19:49.0371 2224 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:19:49.0418 2224 EapHost - ok
13:19:49.0465 2224 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:19:49.0481 2224 Ecache - ok
13:19:49.0527 2224 [ 075D91E4DE09A6F1EDE77C341803D454 ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
13:19:49.0543 2224 ElbyCDFL - ok
13:19:49.0559 2224 [ AAA8999A169E39FB8B48AE49CD6AC30A ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
13:19:49.0574 2224 ElbyCDIO - ok
13:19:49.0590 2224 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:19:49.0605 2224 elxstor - ok
13:19:49.0699 2224 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:19:49.0761 2224 EMDMgmt - ok
13:19:49.0824 2224 [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv C:\Windows\system32\epmntdrv.sys
13:19:49.0855 2224 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
13:19:49.0855 2224 epmntdrv - detected UnsignedFile.Multi.Generic (1)
13:19:49.0886 2224 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
13:19:49.0917 2224 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
13:19:49.0917 2224 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
13:19:49.0980 2224 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:19:50.0027 2224 EventSystem - ok
13:19:50.0073 2224 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:19:50.0136 2224 exfat - ok
13:19:50.0229 2224 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:19:50.0276 2224 fastfat - ok
13:19:50.0385 2224 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
13:19:50.0479 2224 Fax - ok
13:19:50.0510 2224 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:19:50.0588 2224 fdc - ok
13:19:50.0635 2224 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:19:50.0682 2224 fdPHost - ok
13:19:50.0729 2224 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:19:50.0807 2224 FDResPub - ok
13:19:50.0822 2224 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:19:50.0838 2224 FileInfo - ok
13:19:50.0869 2224 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:19:50.0931 2224 Filetrace - ok
13:19:51.0165 2224 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:19:51.0228 2224 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:19:51.0228 2224 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:19:51.0259 2224 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:19:51.0337 2224 flpydisk - ok
13:19:51.0384 2224 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:19:51.0415 2224 FltMgr - ok
13:19:51.0493 2224 [ C4C9A48C3339B6335F8F0DB1F47BB668 ] FNF5SVC C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
13:19:51.0509 2224 FNF5SVC - ok
13:19:51.0571 2224 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
13:19:51.0649 2224 FontCache - ok
13:19:51.0758 2224 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:19:51.0805 2224 FontCache3.0.0.0 - ok
13:19:51.0836 2224 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:19:51.0899 2224 Fs_Rec - ok
13:19:51.0930 2224 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:19:51.0945 2224 gagp30kx - ok
13:19:51.0977 2224 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:19:52.0008 2224 GEARAspiWDM - ok
13:19:52.0055 2224 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
13:19:52.0070 2224 ggflt - ok
13:19:52.0086 2224 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
13:19:52.0086 2224 ggsemc - ok
13:19:52.0164 2224 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:19:52.0211 2224 gpsvc - ok
13:19:52.0304 2224 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:19:52.0320 2224 gupdate - ok
13:19:52.0335 2224 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:19:52.0351 2224 gupdatem - ok
13:19:52.0445 2224 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:19:52.0507 2224 HdAudAddService - ok
13:19:52.0647 2224 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:19:52.0710 2224 HDAudBus - ok
13:19:52.0757 2224 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:19:52.0803 2224 HidBth - ok
13:19:52.0866 2224 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:19:52.0944 2224 HidIr - ok
13:19:53.0006 2224 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
13:19:53.0053 2224 hidserv - ok
13:19:53.0115 2224 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:19:53.0162 2224 HidUsb - ok
13:19:53.0209 2224 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:19:53.0271 2224 hkmsvc - ok
13:19:53.0318 2224 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:19:53.0365 2224 HpCISSs - ok
13:19:53.0412 2224 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:19:53.0505 2224 HTTP - ok
13:19:53.0552 2224 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:19:53.0583 2224 i2omp - ok
13:19:53.0630 2224 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:53.0677 2224 i8042prt - ok
13:19:53.0771 2224 [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
13:19:53.0802 2224 IAANTMON - ok
13:19:53.0864 2224 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
13:19:53.0973 2224 ialm - ok
13:19:54.0067 2224 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:19:54.0083 2224 iaStor - ok
13:19:54.0145 2224 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:19:54.0176 2224 iaStorV - ok
13:19:54.0317 2224 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:19:54.0348 2224 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:19:54.0348 2224 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:19:54.0473 2224 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:19:54.0629 2224 idsvc - ok
13:19:54.0675 2224 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:19:54.0707 2224 iirsp - ok
13:19:54.0753 2224 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:19:54.0831 2224 IKEEXT - ok
13:19:54.0956 2224 [ 2BD6633DB50A98534AA3262E0F9F5A14 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:19:55.0034 2224 IntcAzAudAddService - ok
13:19:55.0112 2224 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
13:19:55.0128 2224 intelide - ok
13:19:55.0143 2224 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:19:55.0190 2224 intelppm - ok
13:19:55.0221 2224 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:19:55.0284 2224 IPBusEnum - ok
13:19:55.0362 2224 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:55.0409 2224 IpFilterDriver - ok
13:19:55.0502 2224 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:19:55.0580 2224 iphlpsvc - ok
13:19:55.0580 2224 IpInIp - ok
13:19:55.0611 2224 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:19:55.0674 2224 IPMIDRV - ok
13:19:55.0736 2224 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:19:55.0799 2224 IPNAT - ok
13:19:55.0908 2224 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:19:55.0955 2224 iPod Service - ok
13:19:55.0986 2224 [ AC76F0667A2798033F7401F95B163BC7 ] IPSSVC C:\Windows\system32\IPSSVC.EXE
13:19:56.0001 2224 IPSSVC - ok
13:19:56.0064 2224 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:19:56.0111 2224 IRENUM - ok
13:19:56.0142 2224 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:19:56.0173 2224 isapnp - ok
13:19:56.0204 2224 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:19:56.0251 2224 iScsiPrt - ok
13:19:56.0282 2224 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:19:56.0298 2224 iteatapi - ok
13:19:56.0313 2224 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:19:56.0329 2224 iteraid - ok
13:19:56.0360 2224 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:56.0391 2224 kbdclass - ok
13:19:56.0454 2224 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:56.0469 2224 kbdhid - ok
13:19:56.0516 2224 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
13:19:56.0579 2224 KeyIso - ok
13:19:56.0641 2224 [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:19:56.0688 2224 KSecDD - ok
13:19:56.0797 2224 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:19:56.0859 2224 KtmRm - ok
13:19:56.0922 2224 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
13:19:56.0953 2224 LanmanServer - ok
13:19:57.0047 2224 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:19:57.0093 2224 LanmanWorkstation - ok
13:19:57.0171 2224 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:19:57.0203 2224 lltdio - ok
13:19:57.0281 2224 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:19:57.0343 2224 lltdsvc - ok
13:19:57.0374 2224 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:19:57.0452 2224 lmhosts - ok
13:19:57.0530 2224 [ 515FC18CABEE0158A324B08B1C2667CF ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
13:19:57.0593 2224 LPCFilter - ok
13:19:57.0639 2224 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:19:57.0671 2224 LSI_FC - ok
13:19:57.0686 2224 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:19:57.0702 2224 LSI_SAS - ok
13:19:57.0717 2224 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:19:57.0749 2224 LSI_SCSI - ok
13:19:57.0780 2224 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:19:57.0827 2224 luafv - ok
13:19:57.0905 2224 [ 8E17D513D8011B0EE03C355EAAB0E0CC ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
13:19:57.0951 2224 ManyCam - ok
13:19:58.0014 2224 [ 562D95E00E14A944DEBE655DECBD3F5B ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys
13:19:58.0061 2224 mcaudrv_simple - ok
13:19:58.0092 2224 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
13:19:58.0107 2224 megasas - ok
13:19:58.0139 2224 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:19:58.0201 2224 MMCSS - ok
13:19:58.0248 2224 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:19:58.0310 2224 Modem - ok
13:19:58.0341 2224 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:19:58.0404 2224 monitor - ok
13:19:58.0435 2224 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:19:58.0435 2224 mouclass - ok
13:19:58.0451 2224 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:19:58.0529 2224 mouhid - ok
13:19:58.0560 2224 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:19:58.0575 2224 MountMgr - ok
13:19:58.0607 2224 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
13:19:58.0622 2224 mpio - ok
13:19:58.0669 2224 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:19:58.0716 2224 mpsdrv - ok
13:19:58.0825 2224 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
13:19:58.0887 2224 MpsSvc - ok
13:19:58.0903 2224 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:19:58.0919 2224 Mraid35x - ok
13:19:58.0981 2224 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:19:59.0028 2224 MRxDAV - ok
13:19:59.0075 2224 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:59.0106 2224 mrxsmb - ok
13:19:59.0168 2224 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:59.0215 2224 mrxsmb10 - ok
13:19:59.0246 2224 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:59.0293 2224 mrxsmb20 - ok
13:19:59.0324 2224 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
13:19:59.0340 2224 msahci - ok
13:19:59.0355 2224 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:19:59.0387 2224 msdsm - ok
13:19:59.0418 2224 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:19:59.0480 2224 MSDTC - ok
13:19:59.0543 2224 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:19:59.0589 2224 Msfs - ok
13:19:59.0605 2224 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:19:59.0621 2224 msisadrv - ok
13:19:59.0652 2224 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:19:59.0699 2224 MSiSCSI - ok
13:19:59.0714 2224 msiserver - ok
13:19:59.0777 2224 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:19:59.0839 2224 MSKSSRV - ok
13:19:59.0886 2224 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:59.0917 2224 MSPCLOCK - ok
13:19:59.0917 2224 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:19:59.0979 2224 MSPQM - ok
13:20:00.0011 2224 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:20:00.0042 2224 MsRPC - ok
13:20:00.0073 2224 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:20:00.0089 2224 mssmbios - ok
13:20:00.0089 2224 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:20:00.0151 2224 MSTEE - ok
13:20:00.0182 2224 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:20:00.0198 2224 Mup - ok
13:20:00.0229 2224 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:20:00.0276 2224 napagent - ok
13:20:00.0354 2224 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:20:00.0401 2224 NativeWifiP - ok
13:20:00.0463 2224 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:20:00.0494 2224 NDIS - ok
13:20:00.0525 2224 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:20:00.0541 2224 NdisTapi - ok
13:20:00.0588 2224 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:20:00.0635 2224 Ndisuio - ok
13:20:00.0681 2224 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:20:00.0744 2224 NdisWan - ok
13:20:00.0791 2224 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:20:00.0822 2224 NDProxy - ok
13:20:00.0884 2224 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:20:00.0915 2224 NetBIOS - ok
13:20:00.0993 2224 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:20:01.0040 2224 netbt - ok
13:20:01.0071 2224 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
13:20:01.0087 2224 Netlogon - ok
13:20:01.0149 2224 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:20:01.0212 2224 Netman - ok
13:20:01.0243 2224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:20:01.0274 2224 NetMsmqActivator - ok
13:20:01.0290 2224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:20:01.0305 2224 NetPipeActivator - ok
13:20:01.0383 2224 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:20:01.0430 2224 netprofm - ok
13:20:01.0446 2224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:20:01.0446 2224 NetTcpActivator - ok
13:20:01.0461 2224 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:20:01.0477 2224 NetTcpPortSharing - ok
13:20:01.0555 2224 [ EA30BD026A7D1B745A37516880C4AC1B ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
13:20:01.0634 2224 NETw3v32 - ok
13:20:02.0040 2224 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
13:20:02.0383 2224 NETw5v32 ( UnsignedFile.Multi.Generic ) - warning
13:20:02.0383 2224 NETw5v32 - detected UnsignedFile.Multi.Generic (1)
13:20:02.0445 2224 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:20:02.0461 2224 nfrd960 - ok
13:20:02.0508 2224 nixsrkw - ok
13:20:02.0554 2224 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:20:02.0601 2224 NlaSvc - ok
13:20:02.0648 2224 [ C8F536FB328AFE64A7F18BBFC00B10EE ] nlsvc C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
13:20:02.0679 2224 nlsvc ( UnsignedFile.Multi.Generic ) - warning
13:20:02.0679 2224 nlsvc - detected UnsignedFile.Multi.Generic (1)
13:20:02.0710 2224 [ 3EE27BCFF781F07A12DF75E8BE852B0E ] nltdi C:\Windows\system32\drivers\nltdi.sys
13:20:02.0742 2224 nltdi ( UnsignedFile.Multi.Generic ) - warning
13:20:02.0742 2224 nltdi - detected UnsignedFile.Multi.Generic (1)
13:20:02.0820 2224 [ 1BEF5464C06F4AF0C704378824C52ADB ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:20:02.0835 2224 NMIndexingService - ok
13:20:02.0882 2224 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:20:02.0913 2224 Npfs - ok
13:20:02.0976 2224 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:20:03.0022 2224 nsi - ok
13:20:03.0069 2224 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:20:03.0132 2224 nsiproxy - ok
13:20:03.0178 2224 NSNDIS5 - ok
13:20:03.0288 2224 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:20:03.0350 2224 Ntfs - ok
13:20:03.0381 2224 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:20:03.0444 2224 ntrigdigi - ok
13:20:03.0490 2224 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:20:03.0537 2224 Null - ok
13:20:03.0912 2224 [ E70D10238E1C7463728D56920D1EB186 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:20:04.0302 2224 nvlddmkm - ok
13:20:04.0333 2224 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:20:04.0348 2224 nvraid - ok
13:20:04.0364 2224 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:20:04.0380 2224 nvstor - ok
13:20:04.0395 2224 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:20:04.0411 2224 nv_agp - ok
13:20:04.0426 2224 NwlnkFlt - ok
13:20:04.0426 2224 NwlnkFwd - ok
13:20:04.0567 2224 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:20:04.0598 2224 odserv - ok
13:20:04.0645 2224 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:20:04.0692 2224 ohci1394 - ok
13:20:04.0754 2224 [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
13:20:04.0754 2224 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
13:20:04.0754 2224 OMSI download service - detected UnsignedFile.Multi.Generic (1)
13:20:04.0816 2224 [ EAE6208900E2986F66F68B30AEF86E4D ] OpcEnum C:\Windows\system32\OpcEnum.exe
13:20:04.0848 2224 OpcEnum ( UnsignedFile.Multi.Generic ) - warning
13:20:04.0848 2224 OpcEnum - detected UnsignedFile.Multi.Generic (1)
13:20:04.0879 2224 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:04.0894 2224 ose - ok
13:20:04.0972 2224 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:20:05.0050 2224 p2pimsvc - ok
13:20:05.0066 2224 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:20:05.0097 2224 p2psvc - ok
13:20:05.0144 2224 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:20:05.0191 2224 Parport - ok
13:20:05.0253 2224 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:20:05.0269 2224 partmgr - ok
13:20:05.0300 2224 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:20:05.0362 2224 Parvdm - ok
13:20:05.0425 2224 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:20:05.0472 2224 PcaSvc - ok
13:20:05.0534 2224 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:20:05.0550 2224 pci - ok
13:20:05.0565 2224 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
13:20:05.0581 2224 pciide - ok
13:20:05.0612 2224 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:20:05.0628 2224 pcmcia - ok
13:20:05.0659 2224 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
13:20:05.0706 2224 pcouffin - ok
13:20:05.0768 2224 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:20:05.0862 2224 PEAUTH - ok
13:20:05.0924 2224 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\Windows\system32\drivers\pfc.sys
13:20:05.0940 2224 pfc ( UnsignedFile.Multi.Generic ) - warning
13:20:05.0940 2224 pfc - detected UnsignedFile.Multi.Generic (1)
13:20:06.0080 2224 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:20:06.0142 2224 pla - ok
13:20:06.0236 2224 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:20:06.0298 2224 PlugPlay - ok
13:20:06.0345 2224 [ 29A26236447E5B5E3FCE5E33168C43E0 ] PMSveH C:\Program Files\Lenovo\PM Driver\PMSveH.exe
13:20:06.0345 2224 PMSveH ( UnsignedFile.Multi.Generic ) - warning
13:20:06.0345 2224 PMSveH - detected UnsignedFile.Multi.Generic (1)
13:20:06.0392 2224 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:20:06.0423 2224 PNRPAutoReg - ok
13:20:06.0439 2224 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:20:06.0486 2224 PNRPsvc - ok
13:20:06.0548 2224 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:20:06.0595 2224 PolicyAgent - ok
13:20:06.0642 2224 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:20:06.0688 2224 PptpMiniport - ok
13:20:06.0751 2224 [ C9CA089787AA4CA892F2173A8E15C1B0 ] PROCDD C:\Windows\system32\DRIVERS\PROCDD.SYS
13:20:06.0782 2224 PROCDD - ok
13:20:06.0813 2224 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
13:20:06.0891 2224 Processor - ok
13:20:07.0000 2224 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:20:07.0016 2224 ProfSvc - ok
13:20:07.0047 2224 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:20:07.0063 2224 ProtectedStorage - ok
13:20:07.0110 2224 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
13:20:07.0156 2224 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
13:20:07.0156 2224 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
13:20:07.0188 2224 [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
13:20:07.0219 2224 psadd - ok
13:20:07.0281 2224 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:20:07.0328 2224 PSched - ok
13:20:07.0422 2224 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:20:07.0468 2224 ql2300 - ok
13:20:07.0484 2224 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:20:07.0500 2224 ql40xx - ok
13:20:07.0546 2224 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:20:07.0578 2224 QWAVE - ok
13:20:07.0624 2224 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:20:07.0671 2224 QWAVEdrv - ok
13:20:07.0734 2224 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:20:07.0812 2224 RasAcd - ok
13:20:07.0890 2224 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:20:07.0968 2224 RasAuto - ok
13:20:08.0030 2224 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:20:08.0077 2224 Rasl2tp - ok
13:20:08.0170 2224 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:20:08.0233 2224 RasMan - ok
13:20:08.0264 2224 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:20:08.0295 2224 RasPppoe - ok
13:20:08.0326 2224 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:20:08.0373 2224 RasSstp - ok
13:20:08.0451 2224 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:20:08.0482 2224 rdbss - ok
13:20:08.0529 2224 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:20:08.0576 2224 RDPCDD - ok
13:20:08.0623 2224 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
13:20:08.0670 2224 rdpdr - ok
13:20:08.0670 2224 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:20:08.0701 2224 RDPENCDD - ok
13:20:08.0763 2224 [ 79C6DF8477250F5C54F7C5AE1D6B814E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:20:08.0810 2224 RDPWD - ok
13:20:08.0857 2224 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:20:08.0919 2224 RemoteAccess - ok
13:20:08.0982 2224 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:20:09.0044 2224 RemoteRegistry - ok
13:20:09.0075 2224 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:20:09.0138 2224 RFCOMM - ok
13:20:09.0309 2224 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
13:20:09.0356 2224 RichVideo - ok
13:20:09.0387 2224 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
13:20:09.0434 2224 rimmptsk - ok
13:20:09.0481 2224 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
13:20:09.0512 2224 rimsptsk - ok
13:20:09.0543 2224 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
13:20:09.0574 2224 rismxdp - ok
13:20:09.0606 2224 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:20:09.0637 2224 RpcLocator - ok
13:20:09.0699 2224 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\system32\rpcnet.exe
13:20:09.0715 2224 rpcnet - ok
13:20:09.0855 2224 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:20:09.0933 2224 RpcSs - ok
13:20:09.0980 2224 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:20:10.0011 2224 rspndr - ok
13:20:10.0058 2224 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
13:20:10.0089 2224 s0016bus - ok
13:20:10.0136 2224 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
13:20:10.0152 2224 s0016mdfl - ok
13:20:10.0183 2224 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
13:20:10.0198 2224 s0016mdm - ok
13:20:10.0230 2224 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
13:20:10.0245 2224 s0016mgmt - ok
13:20:10.0276 2224 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
13:20:10.0292 2224 s0016nd5 - ok
13:20:10.0323 2224 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
13:20:10.0339 2224 s0016obex - ok
13:20:10.0370 2224 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
13:20:10.0386 2224 s0016unic - ok
13:20:10.0401 2224 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
13:20:10.0417 2224 SamSs - ok
13:20:10.0464 2224 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:20:10.0495 2224 sbp2port - ok
13:20:10.0526 2224 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:20:10.0573 2224 SCardSvr - ok
13:20:10.0729 2224 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
13:20:10.0776 2224 Schedule - ok
13:20:10.0807 2224 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:20:10.0822 2224 SCPolicySvc - ok
13:20:10.0885 2224 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:20:10.0932 2224 sdbus - ok
13:20:10.0963 2224 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:20:11.0025 2224 SDRSVC - ok
13:20:11.0166 2224 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:20:11.0197 2224 SeaPort - ok
13:20:11.0228 2224 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:20:11.0306 2224 secdrv - ok
13:20:11.0353 2224 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:20:11.0400 2224 seclogon - ok
13:20:11.0446 2224 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
13:20:11.0493 2224 seehcri - ok
13:20:11.0524 2224 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
13:20:11.0587 2224 SENS - ok
13:20:11.0602 2224 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:20:11.0696 2224 Serenum - ok
13:20:11.0727 2224 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:20:11.0774 2224 Serial - ok
13:20:11.0805 2224 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:20:11.0852 2224 sermouse - ok
13:20:11.0930 2224 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:20:11.0977 2224 SessionEnv - ok
13:20:12.0024 2224 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:20:12.0070 2224 sffdisk - ok
13:20:12.0070 2224 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:20:12.0117 2224 sffp_mmc - ok
13:20:12.0148 2224 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:20:12.0180 2224 sffp_sd - ok
13:20:12.0211 2224 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:20:12.0242 2224 sfloppy - ok
13:20:12.0289 2224 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:20:12.0336 2224 SharedAccess - ok
13:20:12.0414 2224 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:20:12.0429 2224 ShellHWDetection - ok
13:20:12.0460 2224 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:20:12.0476 2224 sisagp - ok
13:20:12.0492 2224 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:20:12.0492 2224 SiSRaid2 - ok
13:20:12.0523 2224 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:20:12.0538 2224 SiSRaid4 - ok
13:20:13.0724 2224 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:20:14.0005 2224 slsvc - ok
13:20:14.0052 2224 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:20:14.0098 2224 SLUINotify - ok
13:20:14.0145 2224 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:20:14.0192 2224 Smb - ok
13:20:14.0270 2224 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:20:14.0286 2224 SNMPTRAP - ok
13:20:14.0348 2224 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
13:20:14.0364 2224 Sony Ericsson PCCompanion - ok
13:20:14.0395 2224 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:20:14.0410 2224 spldr - ok
13:20:14.0457 2224 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
13:20:14.0504 2224 Spooler - ok
13:20:14.0629 2224 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\Windows\System32\Drivers\sptd.sys
13:20:14.0676 2224 sptd - ok
13:20:14.0816 2224 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:20:14.0847 2224 SQLWriter - ok
13:20:14.0925 2224 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:20:15.0003 2224 srv - ok
13:20:15.0066 2224 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:20:15.0112 2224 srv2 - ok
13:20:15.0159 2224 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:20:15.0175 2224 srvnet - ok
13:20:15.0222 2224 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:20:15.0253 2224 SSDPSRV - ok
13:20:15.0331 2224 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:20:15.0346 2224 ssmdrv - ok
13:20:15.0409 2224 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:20:15.0440 2224 SstpSvc - ok
13:20:15.0565 2224 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:20:15.0643 2224 stisvc - ok
13:20:15.0752 2224 [ 0A7B73E9C30A7F8F4E54DB638611DA39 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
13:20:15.0768 2224 SUService ( UnsignedFile.Multi.Generic ) - warning
13:20:15.0768 2224 SUService - detected UnsignedFile.Multi.Generic (1)
13:20:15.0799 2224 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:20:15.0814 2224 swenum - ok
13:20:15.0877 2224 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:20:15.0939 2224 swprv - ok
13:20:15.0986 2224 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:20:16.0002 2224 Symc8xx - ok
13:20:16.0002 2224 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:20:16.0017 2224 Sym_hi - ok
13:20:16.0048 2224 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:20:16.0064 2224 Sym_u3 - ok
13:20:16.0111 2224 [ F7A4250BB3E3AFCD4AF100E551509352 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:20:16.0126 2224 SynTP - ok
13:20:16.0189 2224 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:20:16.0251 2224 SysMain - ok
13:20:16.0314 2224 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:20:16.0345 2224 TabletInputService - ok
13:20:16.0376 2224 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:20:16.0407 2224 TapiSrv - ok
13:20:16.0470 2224 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:20:16.0516 2224 TBS - ok
13:20:16.0594 2224 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:20:16.0641 2224 Tcpip - ok
13:20:16.0672 2224 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:20:16.0735 2224 Tcpip6 - ok
13:20:16.0766 2224 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:20:16.0797 2224 tcpipreg - ok
13:20:16.0860 2224 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:20:16.0891 2224 TDPIPE - ok
13:20:16.0922 2224 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:20:16.0969 2224 TDTCP - ok
13:20:17.0016 2224 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:20:17.0062 2224 tdx - ok
13:20:17.0078 2224 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:20:17.0109 2224 TermDD - ok
13:20:17.0140 2224 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:20:17.0187 2224 TermService - ok
13:20:17.0218 2224 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
13:20:17.0234 2224 Themes - ok
13:20:17.0499 2224 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
13:20:17.0546 2224 ThinkVantage Registry Monitor Service - ok
13:20:17.0577 2224 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:20:17.0608 2224 THREADORDER - ok
13:20:17.0733 2224 [ A2080872EFB7582B43762141AE8D61B9 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
13:20:17.0749 2224 TPHKSVC - ok
13:20:17.0811 2224 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:20:17.0842 2224 TrkWks - ok
13:20:17.0952 2224 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:20:17.0998 2224 TrustedInstaller - ok
13:20:18.0092 2224 [ EE5DCB6F4EDE5D0B85C4996462A4E133 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
13:20:18.0123 2224 TSSCoreService - ok
13:20:18.0170 2224 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:20:18.0201 2224 tssecsrv - ok
13:20:18.0248 2224 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:20:18.0295 2224 tunmp - ok
13:20:18.0342 2224 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:20:18.0404 2224 tunnel - ok
13:20:18.0716 2224 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
13:20:18.0810 2224 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
13:20:18.0810 2224 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
13:20:18.0903 2224 [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
13:20:18.0950 2224 TVTI2C - ok
13:20:18.0981 2224 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:20:18.0997 2224 uagp35 - ok
13:20:19.0044 2224 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:20:19.0090 2224 udfs - ok
13:20:19.0137 2224 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:20:19.0184 2224 UI0Detect - ok
13:20:19.0215 2224 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:20:19.0246 2224 uliagpkx - ok
13:20:19.0262 2224 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:20:19.0293 2224 uliahci - ok
13:20:19.0324 2224 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:20:19.0356 2224 UlSata - ok
13:20:19.0387 2224 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:20:19.0402 2224 ulsata2 - ok
13:20:19.0465 2224 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:20:19.0512 2224 umbus - ok
13:20:19.0605 2224 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
13:20:19.0652 2224 UmRdpService - ok
13:20:19.0699 2224 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:20:19.0746 2224 upnphost - ok
13:20:19.0808 2224 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:20:19.0839 2224 USBAAPL - ok
13:20:19.0886 2224 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:20:19.0917 2224 usbccgp - ok
13:20:19.0995 2224 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:20:20.0073 2224 usbcir - ok
13:20:20.0120 2224 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:20:20.0167 2224 usbehci - ok
13:20:20.0214 2224 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:20:20.0260 2224 usbhub - ok
13:20:20.0323 2224 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:20:20.0385 2224 usbohci - ok
13:20:20.0416 2224 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:20:20.0479 2224 usbprint - ok
13:20:20.0510 2224 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:20:20.0572 2224 USBSTOR - ok
13:20:20.0619 2224 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:20:20.0666 2224 usbuhci - ok
13:20:20.0744 2224 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:20:20.0806 2224 usbvideo - ok
13:20:20.0869 2224 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:20:20.0931 2224 UxSms - ok
13:20:21.0025 2224 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:20:21.0103 2224 vds - ok
13:20:21.0150 2224 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:20:21.0243 2224 vga - ok
13:20:21.0306 2224 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:20:21.0352 2224 VgaSave - ok
13:20:21.0384 2224 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:20:21.0399 2224 viaagp - ok
13:20:21.0415 2224 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:20:21.0462 2224 ViaC7 - ok
13:20:21.0493 2224 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
13:20:21.0508 2224 viaide - ok
13:20:21.0524 2224 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:20:21.0540 2224 volmgr - ok
13:20:21.0742 2224 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:20:21.0789 2224 volmgrx - ok
13:20:21.0836 2224 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:20:21.0867 2224 volsnap - ok
13:20:21.0898 2224 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:20:21.0914 2224 vsmraid - ok
13:20:22.0242 2224 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:20:22.0320 2224 VSS - ok
13:20:22.0460 2224 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:20:22.0522 2224 W32Time - ok
13:20:22.0569 2224 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:20:22.0616 2224 WacomPen - ok
13:20:22.0647 2224 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:20:22.0694 2224 Wanarp - ok
13:20:22.0710 2224 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:20:22.0725 2224 Wanarpv6 - ok
13:20:22.0975 2224 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
13:20:23.0068 2224 wbengine - ok
13:20:23.0178 2224 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:20:23.0224 2224 wcncsvc - ok
13:20:23.0287 2224 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:20:23.0334 2224 WcsPlugInService - ok
13:20:23.0380 2224 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
13:20:23.0380 2224 Wd - ok
13:20:23.0443 2224 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:20:23.0490 2224 Wdf01000 - ok
13:20:23.0521 2224 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:20:23.0583 2224 WdiServiceHost - ok
13:20:23.0614 2224 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:20:23.0646 2224 WdiSystemHost - ok
13:20:23.0724 2224 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:20:23.0770 2224 WebClient - ok
13:20:23.0817 2224 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:20:23.0880 2224 Wecsvc - ok
13:20:23.0911 2224 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:20:23.0958 2224 wercplsupport - ok
13:20:24.0020 2224 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:20:24.0067 2224 WerSvc - ok
13:20:24.0098 2224 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:20:24.0114 2224 WimFltr - ok
13:20:24.0270 2224 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:20:24.0301 2224 WinDefend - ok
13:20:24.0332 2224 WinHttpAutoProxySvc - ok
13:20:24.0426 2224 Winmgmt - ok
13:20:24.0706 2224 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
13:20:24.0769 2224 WinRM - ok
13:20:24.0862 2224 [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
13:20:24.0909 2224 WinUSB - ok
13:20:24.0972 2224 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:20:25.0034 2224 Wlansvc - ok
13:20:25.0564 2224 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:20:25.0720 2224 wlidsvc - ok
13:20:25.0783 2224 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:20:25.0845 2224 WmiAcpi - ok
13:20:26.0157 2224 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:20:26.0188 2224 wmiApSrv - ok
13:20:26.0688 2224 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:20:26.0828 2224 WMPNetworkSvc - ok
13:20:26.0890 2224 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:20:26.0922 2224 WPDBusEnum - ok
13:20:27.0000 2224 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:20:27.0015 2224 WpdUsb - ok
13:20:28.0092 2224 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:20:28.0154 2224 WPFFontCache_v0400 - ok
13:20:28.0185 2224 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:20:28.0216 2224 ws2ifsl - ok
13:20:28.0263 2224 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
13:20:28.0310 2224 wscsvc - ok
13:20:28.0310 2224 WSearch - ok
13:20:28.0560 2224 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
13:20:28.0653 2224 wuauserv - ok
13:20:28.0809 2224 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:20:28.0872 2224 WUDFRd - ok
13:20:28.0918 2224 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:20:28.0981 2224 wudfsvc - ok
13:20:29.0028 2224 ================ Scan global ===============================
13:20:29.0090 2224 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:20:29.0230 2224 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:20:29.0262 2224 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:20:29.0308 2224 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:20:29.0324 2224 [Global] - ok
13:20:29.0324 2224 ================ Scan MBR ==================================
13:20:29.0355 2224 [ 1909C09C4A15FD3374690C377F770846 ] \Device\Harddisk0\DR0
13:20:30.0619 2224 \Device\Harddisk0\DR0 - ok
13:20:30.0619 2224 ================ Scan VBR ==================================
13:20:30.0650 2224 [ 23541C72E49FFB011FAFD8E022F5A49D ] \Device\Harddisk0\DR0\Partition1
13:20:30.0650 2224 \Device\Harddisk0\DR0\Partition1 - ok
13:20:30.0666 2224 [ EAA4163EB36EE8BEC489DFB93E5004B2 ] \Device\Harddisk0\DR0\Partition2
13:20:30.0666 2224 \Device\Harddisk0\DR0\Partition2 - ok
13:20:30.0666 2224 ============================================================
13:20:30.0666 2224 Scan finished
13:20:30.0666 2224 ============================================================
13:20:30.0697 3124 Detected object count: 18
13:20:30.0697 3124 Actual detected object count: 18
13:26:05.0176 3124 CDRPDACC ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0176 3124 CDRPDACC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0176 3124 CVirtA ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0176 3124 CVirtA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0176 3124 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0176 3124 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0192 3124 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0192 3124 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0192 3124 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0192 3124 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0192 3124 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0192 3124 NETw5v32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124 NETw5v32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0192 3124 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0192 3124 nltdi ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124 nltdi ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0208 3124 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0208 3124 OpcEnum ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124 OpcEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0208 3124 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0208 3124 PMSveH ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124 PMSveH ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0208 3124 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0208 3124 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:05.0208 3124 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
Torben |
|
27.01.2013, 14:08
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner unter Windows VISTA Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2013, 15:05
| #15 |
| | GVU-Trojaner unter Windows VISTA Sooo, Combofix ausgeführt. Log ist hier: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-27.03 - *** 27.01.2013 14:20:57.1.2 - x86
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeA988.dll
c:\programdata\pswi_preloaded.exe
c:\programdata\Taskmgr
c:\programdata\Taskmgr\SP01.int
c:\programdata\Taskmgr\WPO13.int
c:\users\***\AppData\Roaming\inst.exe
c:\users\***\AppData\Roaming\Microsoft\AddIns\CET-Program\CET93.exe
c:\users\***\AppData\Roaming\Microsoft\AddIns\CET-Source\Debug\CET93.exe
c:\users\***\ia_remove.sh1472.tmp
c:\users\***\ia_remove.sh2265.tmp
c:\users\***\ia_remove.sh7038.tmp
c:\users\***\ia_remove.sh8503.tmp
c:\windows\w32dasm8.ini
.
Infizierte Kopie von c:\windows\System32\autochk.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-27 bis 2013-01-27 ))))))))))))))))))))))))))))))
.
.
2013-01-27 13:34 . 2013-01-27 13:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 16:23 . 2013-01-23 16:22 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-23 16:22 . 2013-01-23 16:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-21 20:06 . 2013-01-21 20:06 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-01-21 20:05 . 2013-01-21 20:05 -------- d-----w- c:\programdata\Malwarebytes
2013-01-21 20:05 . 2013-01-21 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-21 20:05 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-05 11:59 . 2013-01-05 12:23 -------- d-----w- c:\program files\Avidemux_2.6.1
2013-01-03 18:28 . 2013-01-03 18:28 -------- d-----w- c:\program files\Dropbox
2013-01-03 09:07 . 2013-01-03 09:42 -------- d-----w- c:\users\***\AppData\Roaming\Audacity
2013-01-03 09:07 . 2013-01-03 09:16 -------- d-----w- c:\program files\Audacity_2.0.2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-27 13:46 . 2010-12-01 10:24 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-01-27 13:46 . 2010-12-01 10:28 58288 ----a-w- c:\windows\system32\rpcnet.dll
2013-01-27 10:05 . 2010-12-01 10:24 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2013-01-23 16:22 . 2010-05-03 15:12 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-20 14:57 . 2012-08-06 15:55 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-20 14:57 . 2011-05-31 15:44 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-15 01:49 . 2013-01-25 18:22 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17CBB778-17CC-462C-A445-D7033AD6A859}\mpengine.dll
2012-12-17 17:05 . 2012-11-15 17:13 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-17 17:05 . 2012-11-15 17:13 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-07 18:10 . 2010-12-01 10:28 58288 ------w- c:\windows\system32\rpcnet.exe
2012-11-16 17:48 . 2012-11-15 17:13 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-06-27 18:41 . 2011-06-14 20:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-17 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2025591093-2054289321-3464103709-1003]
"EnableNotificationsRef"=dword:00000001
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 16:32]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 16:32]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-29 15:02]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-29 15:02]
.
2010-02-02 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2010-02-02 10:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de&source=iglk
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: apemap.com
TCP: Interfaces\{AD98FF75-9315-4485-81B0-7FED0807963F}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0geh3hg9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - ExtSQL: !HIDDEN! 2009-06-24 17:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-27 14:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2025591093-2054289321-3464103709-1003\Software\Buhl Data Service\On4u2\nanoPEG-MPEG2\ExtData*]
"OfflineKey"="f2il02yz+PoZfjShe/bLtuIDuYUBXeXUSWODhqNUumuillSxrfUfT0bxarmfYtLp4zQvX/frLlkGRzjW8wFj1YIjNQTkcipaGHiRsqxfWeML3zNdlQAR2qpUclY4tqG7hrq0toHzSqNvyr03dnd293CDD57I+nETnlnnu4AKgI3ULnXKu/K2ZzeRLfLPDBgAPUy1D3ancm3tlUij0+XCew==XkW7KTUw4/ERXZYHib2UcoL0C2ZB96ivDmVp8Hxoud4WhbS+FPwy3zwTLhtuwow5VXDxMiadgorR9F/GSnOdBg=="
"InitTime"=dword:00009cbd
"LastTime"=dword:00009cbd
"Keyindex"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
"MtuAdjustment"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mpDRM\LicenseStore*]
"CheckValue"=dword:c178516b
"37C0668E"="EC05217F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2336)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\IPSSVC.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\LENOVO\HOTKEY\FNF5SVC.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-27 14:56:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-27 13:56
.
Vor Suchlauf: 5.081.128.960 Bytes frei
Nach Suchlauf: 5.658.505.216 Bytes frei
.
- - End Of File - - C3A220F1A5DAB74A28F32AA50B26DC29
Viele Grüße, Torben |
|
| Themen zu GVU-Trojaner unter Windows VISTA |
| audacity, audiograbber, avira, bho, bingbar, bonjour, canon, downloader, dsl, error, excel, firefox, flash player, google, grand theft auto, ida pro, iexplore.exe, install.exe, jdownloader, kaspersky, lenovo, logfile, microsoft office 2003, mozilla, mp3, msiinstaller, object, office 2007, problem, realtek, recuva, registry, registry cleaner, rundll, schach, security, software, svchost.exe, vista, visual studio, windows |
Linear-Darstellung
