|
Log-Analyse und Auswertung: Iminent Start-Webbooster dauerhaft aktiviert!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.05.2013, 21:38 | #1 |
| Iminent Start-Webbooster dauerhaft aktiviert! Hallo liebes Forum, habe leider aus Eile Iminent installiert und bekomme es nicht wirklich weg von meinem PC. Nach dem ich es über die Systemsteuerung alles gelöscht habe, ist mir aufgefallen, das sich meine Startseite im IE immer wieder auf das von Iminent Suche ändert. Zusätzlich ist mir aufgefallen, dass einige Ordner von Iminent nicht gelöscht worden sind, die ich dann manuell löschte. OTL Log-Files habe ich schon erstellt und bereit sie zu verschicken. Ich hoffe ihr könnt mir Helfen. Danke! VG nöb |
22.05.2013, 22:11 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Iminent Start-Webbooster dauerhaft aktiviert! Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
22.05.2013, 22:40 | #3 |
| Iminent Start-Webbooster dauerhaft aktiviert! Hallo,
__________________vom Viren-Scan wurde nichts gefunden. Daher nur Log-Files von OTL und Rootkit-Scan von Gmer. OTL Code:
ATTFilter OTL logfile created on: 22.05.2013 21:52:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,92% Memory free 15,89 Gb Paging File | 14,17 Gb Available in Paging File | 89,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 654,69 Gb Total Space | 409,36 Gb Free Space | 62,53% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,58 Gb Free Space | 91,66% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.22 21:47:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL\OTL.exe PRC - [2013.05.15 20:10:54 | 002,833,448 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe PRC - [2012.11.28 18:34:08 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2012.11.28 18:24:16 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2012.04.24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2011.05.10 13:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.01.12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.12 20:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.12.24 13:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.08.25 06:07:40 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2013.05.15 19:34:51 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.15 19:34:37 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.15 19:34:32 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe MOD - [2013.04.07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll MOD - [2013.01.14 13:17:31 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll MOD - [2013.01.14 13:17:30 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll MOD - [2013.01.14 13:05:04 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.14 13:04:34 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.14 13:04:18 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.14 13:04:14 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.14 13:04:10 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.29 01:18:56 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.11.28 18:34:08 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2012.11.28 18:24:16 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.11 12:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2010.11.11 12:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.04.07 10:54:58 | 001,455,408 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService) SRV - [2013.05.15 20:10:54 | 002,833,448 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection) SRV - [2013.05.14 22:14:46 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.14 23:30:52 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3) SRV - [2012.12.28 14:14:40 | 000,277,640 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.04.24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011.05.10 13:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.01.12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.10.13 19:19:12 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_3A60B698) SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.26 20:17:25 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.13 17:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.12.12 17:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.28 18:31:18 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2012.11.28 18:31:17 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2012.11.28 18:30:00 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2012.11.28 18:30:00 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2012.11.28 18:24:36 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan) DRV:64bit: - [2012.11.28 18:24:36 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex) DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.05.10 13:00:18 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.06 00:46:36 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010.12.24 13:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.12.17 03:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.13 05:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.10.28 12:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://start.iminent.com/?appId=8F12A87A-9448-4699-A46C-45E0746116A8&ref=toolbox&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {151B4122-7806-4500-B0A3-3714509409FF} IE - HKCU\..\SearchScopes\{151B4122-7806-4500-B0A3-3714509409FF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://start.iminent.com/?appId=8F12A87A-9448-4699-A46C-45E0746116A8&ref=toolbox&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..browser.startup.homepage: "hxxp://start.iminent.com/?appId=8F12A87A-9448-4699-A46C-45E0746116A8" FF - prefs.js..browser.search.selectedEngine: "StartWeb" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.15 19:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.03.22 20:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.01.26 20:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.15 19:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.15 19:38:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121210144246.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121210144246.dll File not found O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" File not found O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe File not found O4 - HKLM..\RunOnce: [SPUpdSentinel] C:\Program Files (x86)\Common Files\Umbrella\umbrella_bkp.exe (Iminent) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99570B6D-ADD6-42B4-BF76-49AB0BC826BF}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1FC3ADE-985C-47E7-835E-7A3AFFCAD50E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE071901-064F-433F-89E5-D3CD5EF4C8E8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{220bc55c-6763-11e2-b41e-dc0ea1795853}\Shell - "" = AutoRun O33 - MountPoints2\{220bc55c-6763-11e2-b41e-dc0ea1795853}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 21:49:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\gmr [2013.05.22 21:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\OTL [2013.05.15 19:38:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla [2013.05.12 22:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.28 15:19:39 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\jmdp [2013.04.28 15:19:38 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\ARFC ========== Files - Modified Within 30 Days ========== [2013.05.22 21:25:57 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.05.22 21:25:57 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.05.22 21:25:57 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.05.22 21:25:57 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.05.22 21:25:57 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.05.22 21:24:06 | 000,022,240 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 21:24:06 | 000,022,240 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 21:19:24 | 000,560,166 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.05.22 21:19:06 | 000,000,266 | ---- | M] () -- C:\windows\tasks\AutoKMS.job [2013.05.22 21:18:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.05.22 21:18:22 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 02:14:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.15 20:06:14 | 000,428,824 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.15 19:38:36 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2013.05.15 19:38:36 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.15 19:38:36 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.19 21:04:45 | 000,000,153 | ---- | C] () -- C:\ProgramData\2895432.reg [2013.02.19 21:04:45 | 000,000,059 | ---- | C] () -- C:\ProgramData\2895432.bat [2013.02.19 21:04:44 | 095,023,320 | ---- | C] () -- C:\ProgramData\2895432.pad [2013.01.25 17:49:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\9yIjFC7.pad [2013.01.05 16:18:09 | 000,004,919 | ---- | C] () -- C:\ProgramData\rznaopga.sea [2012.12.12 17:41:24 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.12.12 17:38:16 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.12.12 17:38:14 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.12.08 17:01:33 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.11.29 10:42:04 | 000,003,072 | ---- | C] () -- C:\Users\User\AppData\Local\file__0.localstorage [2012.11.28 18:34:11 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2012.11.28 18:34:11 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2012.11.28 18:34:11 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2012.11.28 18:34:11 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2012.11.28 18:34:06 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2012.11.28 18:24:36 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll [2012.11.28 18:24:36 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll [2012.11.28 18:24:36 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll [2012.11.28 18:24:36 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll [2012.11.28 18:24:36 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll [2012.11.28 18:19:34 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe [2012.11.28 18:19:34 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe [2012.11.28 18:19:34 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini [2012.11.28 18:19:34 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini [2012.11.28 18:19:34 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini [2012.11.28 18:19:34 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini [2012.11.28 18:17:33 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2012.11.28 17:59:19 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.11.28 17:59:17 | 000,206,952 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.11.28 17:59:16 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.09 04:07:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ahihv [2012.12.05 01:45:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ArcSyncConfig [2013.01.05 16:17:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Carambis [2013.01.03 18:28:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2013.01.05 16:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\dll-files.com [2013.02.03 21:12:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations [2013.04.07 19:06:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DriverFinder [2013.01.05 16:51:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EasyCapture [2013.02.03 21:13:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileOpen [2013.02.19 19:26:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxoys [2013.02.18 05:12:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Izumab [2012.12.05 13:29:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lenovo [2013.01.03 18:56:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LucasArts [2013.02.18 05:12:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Moabr [2013.02.19 21:00:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Neefzi [2013.02.03 21:13:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro [2013.04.03 19:01:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF [2013.01.12 03:27:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++ [2013.01.26 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2013.02.18 05:12:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Utnoy [2013.01.05 18:00:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch ========== Purity Check ========== < End of report > Extras OTL Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 21:52:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,92% Memory free 15,89 Gb Paging File | 14,17 Gb Available in Paging File | 89,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 654,69 Gb Total Space | 409,36 Gb Free Space | 62,53% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,58 Gb Free Space | 91,66% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12080875-A778-4F47-9E86-33D520AED1EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{1547EFA0-1219-4E1B-83E8-07A285CE3297}" = rport=10243 | protocol=6 | dir=out | app=system | "{189D1603-1CDD-45DB-B1AD-878081189B31}" = rport=138 | protocol=17 | dir=out | app=system | "{246C262C-7075-465A-BDE6-70E9F681044C}" = lport=138 | protocol=17 | dir=in | app=system | "{2DB7B03F-D371-4C2C-8E7C-BE6CD94A8310}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{389FC97B-42E9-4658-9C81-EA32A450CEB4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{45A7ED61-4DB1-444E-8C0D-4276B44D3F5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{54340265-BA3F-4C4A-AC40-6FFD0DF24CE4}" = rport=139 | protocol=6 | dir=out | app=system | "{567B5A16-ACE9-4F63-9B94-2801DD2B80D1}" = lport=137 | protocol=17 | dir=in | app=system | "{587A8B0D-0504-4207-ADCB-B1CA6911BEA1}" = lport=445 | protocol=6 | dir=in | app=system | "{741623B5-3C63-4E9A-8E10-FDAC1EDDE605}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7D910E1A-44DF-4AF4-B63C-393A28FD78BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8F7EA15B-72DD-4384-A22B-0EDF55377797}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{900E7420-55DD-43DA-8996-C67C46AD01B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A1AC8513-F8D5-43DF-93B4-80756F83F90A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A33F7681-4016-4145-A663-D62D1EA2934D}" = rport=137 | protocol=17 | dir=out | app=system | "{A522DC6F-B9FC-4C44-B0E4-5776C3EBEF84}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{AFF06A5F-CA25-4535-85D0-09AAAE75B5A1}" = lport=139 | protocol=6 | dir=in | app=system | "{D84098D9-49CD-4B7A-8E8E-F344CC08FC13}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DF83433B-7F9F-4735-9981-D9D47CA70612}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E14F029B-9CC1-40CE-BF50-CDA3BF816881}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E654FAC0-AE65-45AE-8AEB-DEDE41BD6BB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E78401C3-BB56-4DF4-9024-0EB7508CB956}" = rport=445 | protocol=6 | dir=out | app=system | "{EE267527-9DE9-4866-A250-696B07B91ED2}" = lport=2869 | protocol=6 | dir=in | app=system | "{F0E17041-D049-490E-8D12-387FAD865FEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FAB6332C-116C-4AE5-813C-83EFFD1CCD25}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{043B1C85-3FE4-4215-AFB4-59007DC89E0E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{083BC57D-BCF2-4181-88AB-004FD22035F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{088E4FF8-D8BC-48A5-B859-0197ABE3A9A1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{0EBA96E5-4DD5-47CC-8CC9-2F09C890FB97}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{0F3C45B5-2706-40B8-A541-61BFFE3FCCB0}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{0FF4A3DA-6D8B-4534-BC94-0179C7661180}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{1E9D3095-5A0C-46A4-B21B-BD3D0F6BAB92}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{24838BCF-3FDA-4D8B-AB2A-155E57318978}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{26359430-76A5-46EB-96B2-783C57C45DB7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{2B14CB2A-E236-4C53-A552-998A9BA4A8A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{2CDA9127-3CCA-4FBC-A1F5-CB2C05771632}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2D146BA0-3C3A-4DB3-AF3C-2D67481E7C18}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{331338EE-F519-4A87-9DD8-A202E052C527}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{340C289C-2910-488D-AF75-7BA43A3EFAE2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{3733C063-4DB4-47DF-AA73-321F0EC26A93}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{388FBA24-81A6-4A24-A1D5-07FB49BBBA3D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{3A4C726E-4DD5-4722-BB4E-FCB820F16F33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3ECD5E8E-3EE6-4583-A9E5-1D5ABABBE559}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | "{3FF1B5C3-0C41-47D0-AC38-89664DB0D594}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{422AF11A-9B96-4CFE-97B7-56340B513748}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{44AA8117-342D-491A-86C4-95E712D025B3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{4610E22A-F0B2-47B8-A88F-21359CC8BD7C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{46A07633-2A6B-4793-85F0-292E7B648575}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{537D682F-016C-42E5-8A56-9E2FB08CD49A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{5625EFF8-C80E-4D08-9C39-20BFCE45F36C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5C9627BD-2339-4579-80CC-4740384E4A32}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{674DFF40-2A23-4D15-B5FC-8527E8A5A22C}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | "{68724D93-EBB7-42BB-BDD4-48A98B7B7F76}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{7012B06F-CF02-4684-A598-616B950440AA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{703C7C03-543C-471E-96DC-817B26AFC731}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{773988FC-2A4D-45B1-B2C6-8402087C1DD2}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd9.exe | "{7746B03B-5EDC-4FF7-9690-5A7868C4B8BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7A0F8F6C-4C12-4BD8-B9E0-0FE3506FAAA6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{87F1315E-C8CB-48C5-A993-56AF46F2733C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{890395D3-85FE-4F4E-B3F2-04FF6D5246B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B26F5A5-95E8-4C75-A3CB-0D9BE494D00E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8B65B9BE-ADC6-464E-8011-7861D74514D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8D0F9DAD-693D-4631-91CE-F5055BF4B2ED}" = protocol=6 | dir=out | app=system | "{92D33FD0-084C-4155-8BC3-F95C6A2EB8E6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{94218D28-A3A3-4486-BB92-10208E61E611}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{99D9E99C-0C44-4CDA-AA9A-4ECAAEBF5BBC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9CA2CD37-4074-4244-A370-488ECB062748}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{9D7F5426-135C-477B-A05A-C6A957626CAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{A3D72CD4-68CC-45A1-9A96-657063FD4D53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A84F9F96-5095-4EF1-97D9-74DCB4B9E218}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A9D8922A-1402-4B39-AC20-A10D0702551E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{ADF0528D-A486-43D0-8880-1DA7A67911B6}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{AEDE721F-DDDD-4144-BE48-247EC9E1B1A1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B787FC1A-0661-450A-A027-ACE13A843F83}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{B800E858-039E-4B8E-B977-6F18B3203125}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CF2E441E-7488-4C63-8EF2-67D436341D50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D98091DA-6DBD-48AB-81A8-BA932F974920}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E1AC1925-6202-4F1D-9CEF-4002414D5016}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{E4400728-23D3-48FA-B711-402528C8B81F}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{ED21013D-4706-4696-BB07-2C1BE3CB448E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{EE5D0ED2-DD82-41B0-A5E8-7E96CF992E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{F12E569D-AAF4-4363-8567-E4C9853CCDF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{09E1A218-8F44-4AF2-9CBE-E721E92A6A73}C:\users\user\appdata\roaming\neefzi\koum.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\neefzi\koum.exe | "TCP Query User{7600AF18-4F9F-47C0-A9B0-01C6CF3FE59D}C:\program files (x86)\lenovo\lenovo directshare\directshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\lenovo directshare\directshare.exe | "UDP Query User{53F3EC84-A48C-4025-985A-DDBCE3BA4142}C:\users\user\appdata\roaming\neefzi\koum.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\neefzi\koum.exe | "UDP Query User{E9ACB49A-0D76-4E17-BD0A-31F54519D76F}C:\program files (x86)\lenovo\lenovo directshare\directshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\lenovo directshare\directshare.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{029A4933-3F36-4E4F-AEC3-2207AB26463D}" = Broadcom Gigabit NetLink Controller "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{19DA64EF-B234-4AC0-BA1A-B64E338913C9}" = Nitro Reader 3 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{53267D72-6C02-1014-AA47-7BB98049ACF7}" = Strawberry Perl (64-bit) "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.44 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.44 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 266.34 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) "Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer "Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{118D6CE9-5F18-42F9-958A-14676A629FDE}" = Iminent "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera "{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013 "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012 "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "1ClickDownload" = Movie2KDownloader "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "DAEMON Tools Lite" = DAEMON Tools Lite "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10 "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "VeriFace" = VeriFace "VLC media player" = VLC media player 2.0.5 "WinLiveSuite" = Windows Live Essentials "WNLT" = IB Updater Service ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.04.2013 09:03:23 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4976 Error - 21.04.2013 08:47:04 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 21.04.2013 08:47:04 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 85425758 Error - 21.04.2013 08:47:04 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 85425758 Error - 21.04.2013 10:22:35 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 21.04.2013 10:22:35 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5008 Error - 21.04.2013 10:22:35 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5008 Error - 21.04.2013 10:22:40 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 21.04.2013 10:22:40 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10000 Error - 21.04.2013 10:22:40 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10000 [ System Events ] Error - 22.03.2013 15:00:37 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: HWiNFO32 Error - 22.03.2013 15:01:36 | Computer Name = User-PC | Source = DCOM | ID = 10016 Description = Error - 22.03.2013 15:03:54 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: HWiNFO32 Error - 22.03.2013 15:04:53 | Computer Name = User-PC | Source = DCOM | ID = 10016 Description = Error - 22.03.2013 15:13:31 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: HWiNFO32 Error - 22.03.2013 15:14:31 | Computer Name = User-PC | Source = DCOM | ID = 10016 Description = Error - 24.03.2013 09:57:05 | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.147.267.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9302.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 29.03.2013 13:07:54 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: HWiNFO32 Error - 29.03.2013 13:08:54 | Computer Name = User-PC | Source = DCOM | ID = 10016 Description = Error - 31.03.2013 18:38:08 | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.147.718.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9302.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". < End of report > und Rootkit-Scan gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-22 22:13:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF4Z 698,64GB Running: i3jl5ghx.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2264] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c11465 2 bytes [C1, 77] .text C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2264] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c114bb 2 bytes [C1, 77] .text ... * 2 .text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8 .text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038 .text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdf60138 .text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\WINMM.dll!waveOutReset 000007fefac9a38c 5 bytes JMP 000007fefdf602b8 .text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\WINMM.dll!waveOutPause 000007fefacb4b60 5 bytes JMP 000007fefdf60238 .text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefacb4ba0 5 bytes JMP 000007fefdf601b8 .text C:\Windows\SysWOW64\jmdp\stij.exe[3548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c11465 2 bytes [C1, 77] .text C:\Windows\SysWOW64\jmdp\stij.exe[3548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c114bb 2 bytes [C1, 77] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\WINMM.dll!waveOutReset 000007fefac9a38c 5 bytes JMP 000007fefdf602b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\WINMM.dll!waveOutPause 000007fefacb4b60 5 bytes JMP 000007fefdf60238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefacb4ba0 5 bytes JMP 000007fefdf601b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdf60138 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3672] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3672] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3672] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038 .text C:\Windows\System32\hkcmd.exe[3704] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038 .text C:\Windows\System32\hkcmd.exe[3704] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdfa00b8 .text C:\Windows\System32\hkcmd.exe[3704] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdfa0038 .text C:\Windows\System32\hkcmd.exe[3704] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdfa0138 .text C:\Windows\System32\igfxpers.exe[3720] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038 .text C:\Windows\System32\igfxpers.exe[3720] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8 .text C:\Windows\System32\igfxpers.exe[3720] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038 .text C:\Windows\System32\igfxpers.exe[3720] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdf60138 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdf60138 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\WINMM.dll!waveOutReset 000007fefac9a38c 5 bytes JMP 000007fefdf602b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\WINMM.dll!waveOutPause 000007fefacb4b60 5 bytes JMP 000007fefdf60238 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefacb4ba0 5 bytes JMP 000007fefdf601b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef3456944 5 bytes JMP 000007fefdf604b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\DSOUND.dll!DirectSoundCreate 000007fef3475a84 5 bytes JMP 000007fefdf60438 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\DDRAW.dll!DirectDrawCreate 000007fef34e815c 5 bytes JMP 000007fefdf60338 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef34e8968 5 bytes JMP 000007fefdf603b8 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000735fadf9 5 bytes JMP 0000000110003390 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\Windows\SysWOW64\WINMM.dll!waveOutPause 0000000073615484 5 bytes JMP 0000000110003430 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\Windows\SysWOW64\WINMM.dll!waveOutRestart 00000000736154b8 5 bytes JMP 00000001100034d0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000100462710 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001004627f0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000100462780 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c11465 2 bytes [C1, 77] .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c114bb 2 bytes [C1, 77] .text ... * 2 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000100462850 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3100] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000100352710 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3100] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001003527f0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3100] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000100352780 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3100] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000100352850 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[2008] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[2008] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[2008] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1860] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1860] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1860] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1860] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c11465 2 bytes [C1, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c114bb 2 bytes [C1, 77] .text ... * 2 .text c:\PROGRA~1\MICROS~2\msseces.exe[5308] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038 .text c:\PROGRA~1\MICROS~2\msseces.exe[5308] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdfa00b8 .text c:\PROGRA~1\MICROS~2\msseces.exe[5308] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdfa0038 .text c:\PROGRA~1\MICROS~2\msseces.exe[5308] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdfa0138 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) ---- EOF - GMER 2.1 ---- Gruß nöb |
22.05.2013, 22:49 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Iminent Start-Webbooster dauerhaft aktiviert! Aus welcher Quelle bitte stammt dein MS-Office?
__________________ Logfiles bitte immer in CODE-Tags posten |
22.05.2013, 22:58 | #5 |
| Iminent Start-Webbooster dauerhaft aktiviert! Gute Frage, dass kann ich dir so genau nicht sagen, hatte mir ein Arbeitskollege irgendwann mal gemacht gehabt. Oder was ist genau mit Quelle gemeint? |
22.05.2013, 23:13 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Iminent Start-Webbooster dauerhaft aktiviert! Ich hab leider einen Hinweis gefunden, dass es eine illegale Version sein könnte. Sicher bin ich mir aber nicht, deswegen frag ich dich, ob du vllt weißt woher diese Version stammt. Wohlgemerkt nur ein Hinweis, ich unterstelle dir ausdrücklich nicht, dass diese Office-Installation illegal ist. Ich muss das nachfragen, da du diverse Nachteile bei gecrackten Varianten hast und ein enormes Risiko ausgesetzt bist. Gerade Software aus "unsauberen" Quellen v.a. Raubkopien sind so häufig mit Schadsoftware versetzt....
__________________ --> Iminent Start-Webbooster dauerhaft aktiviert! |
23.05.2013, 09:05 | #7 |
| Iminent Start-Webbooster dauerhaft aktiviert! Das kann gut sein, da ich selbst keine cd habe so viel ich weiß. Heißt am besten Löschen. Habe ich das Problem also davon? Weil Office habe ich so viel ich weiß seit einem Jahr und das Problem mit Iminent seit paar Wochen? Oder lieber alles neu Insallieren? |
23.05.2013, 10:04 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Iminent Start-Webbooster dauerhaft aktiviert! Frag bitte bei Gelegenheit deinen Arbeitskollegen was für ein Office er dir da angedreht hat! Ich hab nicht gesagt, dass das Problem von Office stammt, hab doch erwähnt, dass ich noch ncihtmal genau weiß, ob deine Office-Installation schwarz ist oder nicht! Ich hab nur einen Hinweis gefunden, der aber nicht als echter Beweis dienen kann. Im Log sieht man noch einigen anderen Schrott, bist du sicher, dass niemals ein Virenscanner bei dir fündig geworden ist?
__________________ Logfiles bitte immer in CODE-Tags posten |
23.05.2013, 10:17 | #9 |
| Iminent Start-Webbooster dauerhaft aktiviert! Also deine befürchtung stimmt. Er meint er hat ein Keygen oder sowas benutzt. Ich habe nur das von Microsoft Essentials. Gefunden hat er schon mal was aber länger her und wurde alles entfernt so viel ich weiß. Was mir noch einfällt. Ich musste einmal mein Laptop wegen der Festplatte einschicken. Anscheinend wurde nur der Fehler ausgelesen und wieder richtig gestellt, da ich nämlich weiterhin Probleme hatte und ein bis zweimal ein Bluescreen erschien (danach nicht mehr). Denn Ich hatte mir mal von Toshiba ein USB 3.0-Dockingstation geholt und konnte aber nicht den Treiber installieren, da irgendwas im System fehlte und er den Treiber nicht installieren konnte. |
23.05.2013, 11:18 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Iminent Start-Webbooster dauerhaft aktiviert! Auman...wieso drückt der dir so einen Scheiß aus Auge Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
23.05.2013, 11:54 | #11 |
| Iminent Start-Webbooster dauerhaft aktiviert! Genau, kann den Treiber nicht installieren und das Gerät nicht nutzen. Vorallem günstig war es nicht |
23.05.2013, 11:58 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Iminent Start-Webbooster dauerhaft aktiviert! Dann kann ich dir nur eine saubere Neuinstallation vorschlagen, ist hinsichtlich der gecrackten Officeinstallation allemal sinnvoll.
__________________ Logfiles bitte immer in CODE-Tags posten |
23.05.2013, 12:01 | #13 |
| Iminent Start-Webbooster dauerhaft aktiviert! hmm ok dachte ich mir schon das heißt alles sichern und dann wieder alles neu-insallieren ein ganzer Tag wieder futsch Aber trotzdem vielen Dank!!! |
Themen zu Iminent Start-Webbooster dauerhaft aktiviert! |
aktiviert, alles gelöscht, bereit, dauerhaft, erstell, erstellt, forum, gelöscht, hoffe, iminent, immer wieder, installier, installiert, log-files, manuell, ordner, seite, startseite, startseite internet explorer, suche, systems, systemsteuerung, verschicke, wirklich, zusätzlich |