Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.12.2012, 14:58   #1
mithrandir31
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo liebe Helfer,
ich habe mir heute auf meinem Lenovo ThinkPad Edge E530 den GVU-Trojaner eingefangen, in dem man aufgefordert wird 100€ zu zahlen, um den Laptop wieder zu entsperren (was ich natürlich nicht gemacht habe).
Auf meinem alten Laptop habe ich mich daraufhin etwas im Internet darüber informiert und habe bereits folgende Schritte unternommen:
1.) Internet ausgeschaltet, Laptop über Power-Knopf ausgeschaltet und (offline) neu gestartet. Ergebnis: Seither ist keine Sperre mehr zu sehen und Laptop ohne (sichtbare) Probleme zu verwenden
2.) mehrfaches Scannen mit einem AntiVir-Programm ergab keine Fehlermeldungen
3.) die zu erledigenden Schritte vor dem Erstellen eines Beitrags in diesem Forum unternommen. Hier sind die Ergebnisse:

OTL logfile created on: 28.12.2012 15:17:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Forrest\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,60 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 43,57% Memory free
7,21 Gb Paging File | 4,48 Gb Available in Paging File | 62,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,59 Gb Total Space | 613,84 Gb Free Space | 90,33% Space Free | Partition Type: NTFS
Drive E: | 14,42 Gb Total Space | 4,39 Gb Free Space | 30,41% Space Free | Partition Type: FAT32
Drive Q: | 17,58 Gb Total Space | 4,08 Gb Free Space | 23,23% Space Free | Partition Type: NTFS

Computer Name: FORREST-THINK | User Name: Forrest | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.28 15:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Forrest\Desktop\OTL.exe
PRC - [2012.12.24 19:28:48 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.09.07 08:10:38 | 000,604,048 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2012.09.07 08:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2012.09.07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.08.09 03:28:12 | 000,145,256 | ---- | M] (AuthenTec Inc.) -- C:\Programme\Lenovo Fingerprint Reader\x86\BioMonitor.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2012.05.16 06:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2012.05.15 16:26:56 | 001,528,120 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\SimpleTap\SimpleTap.exe
PRC - [2012.04.10 17:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe
PRC - [2012.04.10 17:42:54 | 000,283,984 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2012.04.10 17:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2012.04.10 17:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2012.04.10 04:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2012.03.06 23:49:18 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.06 23:49:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.06 23:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.03.06 23:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.27 12:01:00 | 000,049,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
PRC - [2012.02.24 10:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
PRC - [2012.02.21 18:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.02.21 18:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012.02.21 18:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.02.21 18:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2012.01.25 08:44:56 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2012.01.17 07:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
PRC - [2012.01.04 20:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.29 11:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.12.24 16:19:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008.01.10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.24 19:28:30 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.17 17:34:28 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1352c3e5dd49f3bf8c2f8e106ceb79fb\WindowsFormsIntegration.ni.dll
MOD - [2012.11.17 17:33:47 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d0dc33658e23a6f960c46a5beab7ecf\System.Management.ni.dll
MOD - [2012.11.17 17:32:21 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
MOD - [2012.11.17 17:32:21 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
MOD - [2012.11.17 17:32:14 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
MOD - [2012.11.17 17:32:11 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012.11.17 17:32:11 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
MOD - [2012.11.17 17:31:35 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll
MOD - [2012.11.15 23:02:20 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012.11.15 23:02:07 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012.11.15 23:01:59 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012.11.15 23:01:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012.11.15 22:56:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012.11.15 22:56:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012.11.15 22:56:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.11.15 22:56:41 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.11.15 22:56:40 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012.11.15 22:56:39 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.11.15 22:56:34 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Services (SafeList) ==========

SRV:64bit: - [2012.02.29 07:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.12.28 21:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2012.12.24 19:28:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.27 21:49:52 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2012.09.07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2012.08.09 03:27:56 | 000,328,552 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\Lenovo Fingerprint Reader\TrueSuiteService.exe -- (FPLService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012.06.15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.05.16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2012.05.16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2012.04.10 17:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)
SRV - [2012.04.10 17:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2012.04.10 17:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2012.04.10 04:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2012.03.06 23:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.03.06 23:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.06 23:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.03.06 23:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.27 12:01:00 | 000,049,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (Intel(R)
SRV - [2012.02.26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.02.26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.02.26 04:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.02.26 04:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.02.21 18:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.02.21 18:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.02.21 18:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.02.09 08:10:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.02 13:28:32 | 000,145,472 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2012.01.17 15:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.01.17 07:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)
SRV - [2012.01.09 11:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.29 11:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.12.24 16:19:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.11.09 19:11:05 | 008,447,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2011.07.12 08:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 08:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.07 10:09:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.07.23 22:48:02 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2012.07.06 20:16:55 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.05.16 06:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.04.02 05:40:50 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.28 13:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2012.02.29 07:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2012.02.20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.02.14 11:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.02.01 21:52:02 | 014,659,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.01.31 06:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.01.04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.12.28 21:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.12.26 10:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.12.24 16:19:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.12.23 13:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.12.20 16:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.12.20 16:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.12.08 21:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.08 21:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.12.07 17:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)
DRV:64bit: - [2011.12.06 12:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.30 10:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.30 10:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.11.10 10:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.27 03:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011.08.23 13:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011.05.29 11:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2011.03.30 01:57:24 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2011.03.30 01:57:24 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.09.29 11:23:56 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\ex64.sys -- (NAVEX15)
DRV - [2012.09.29 11:23:56 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\eng64.sys -- (NAVENG)
DRV - [2012.09.15 12:09:45 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.09.08 09:33:34 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.31 23:32:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120928.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.31 23:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.01.30 19:40:02 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7098F934-FBBA-4044-98BA-71783D8873C2}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4812_5&babsrc=SP_ss&mntrId=de8ad114000000000000000000000000
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE500
IE - HKCU\..\SearchScopes\{7098F934-FBBA-4044-98BA-71783D8873C2}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=de&utid=de8ad114000000000000b888e3337514&q={searchTerms}&r=689
IE - HKCU\..\SearchScopes\{DC08E7DC-247A-4D2A-97CD-181540FA95E5}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{FB6910B8-C4B7-439A-A54A-AC700FCB5B10}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F8E3799B-5576-4476-9794-9923BD139CE4&apn_sauid=AC2BF075-C41B-4200-813F-D7CE52E7E1AC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=KW_ss&mntrId=de8ad114000000000000000000000000&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.09.07 09:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.12.28 13:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.07.06 10:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.11.27 18:17:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.24 19:28:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.24 19:28:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.09.06 19:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Forrest\AppData\Roaming\mozilla\Extensions
[2012.12.22 22:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Forrest\AppData\Roaming\mozilla\Firefox\Profiles\6pwtvhsn.default\extensions
[2012.12.22 22:36:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Forrest\AppData\Roaming\mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\ich@maltegoetz.de
[2012.11.24 10:56:30 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Forrest\AppData\Roaming\mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\toolbar@ask.com
[2012.11.24 10:56:30 | 000,002,308 | ---- | M] () -- C:\Users\Forrest\AppData\Roaming\mozilla\firefox\profiles\6pwtvhsn.default\searchplugins\askcom.xml
[2012.09.06 19:36:55 | 000,001,523 | ---- | M] () -- C:\Users\Forrest\AppData\Roaming\mozilla\firefox\profiles\6pwtvhsn.default\searchplugins\zonealarm.xml
[2012.12.24 19:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.24 19:28:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.12.01 17:45:30 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.25 03:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.13 19:50:22 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.12.24 19:28:29 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4812_5&babsrc=SP_ss&mntrId=de8ad114000000000000000000000000
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: TrueSuite (Enabled) = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombkllfdikmoepjdpmdaiinfbjpnkboa\2.0_0\npwebsitelogon.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ask Toolbar = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.33308_0\
CHR - Extension: Website Logon = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\
CHR - Extension: SiteAdvisor = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\Lenovo Fingerprint Reader\IEBHO.dll (AuthenTec Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\Lenovo Fingerprint Reader\IEBHO.dll (AuthenTec Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - Startup: C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Forrest\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66A4E558-1577-4C88-8C72-94F0E341C0D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A8E848F-F561-4816-B1A8-B218ADF09978}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BF20AEC-2AC9-42DB-9016-F9982AB1877E}: NameServer = 213.191.74.12 62.109.123.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.15 04:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{a0fb3d99-c74b-11e1-a9dc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a0fb3d99-c74b-11e1-a9dc-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 04:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.28 15:16:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Forrest\Desktop\OTL.exe
[2012.12.28 12:55:46 | 000,204,712 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Forrest\wgsdgsdgdsgsd.dll
[2012.12.24 19:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.23 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Local\Macromedia
[2012.12.22 22:40:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.12.15 17:41:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.01 17:47:28 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012.12.01 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012.12.01 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012.12.01 17:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012.12.01 17:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012.12.01 17:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012.12.01 17:45:52 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\NCH Software
[2012.12.01 17:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.12.01 17:45:17 | 000,000,000 | ---D | C] -- C:\Users\Forrest\AppData\Roaming\Babylon
[2012.12.01 17:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.09.09 08:19:20 | 006,233,848 | ---- | C] (Absolute Software Corp.) -- C:\Users\Forrest\AppData\Roaming\LoJackSetup.exe
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.28 15:16:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Forrest\Desktop\OTL.exe
[2012.12.28 15:16:27 | 000,000,000 | ---- | M] () -- C:\Users\Forrest\defogger_reenable
[2012.12.28 15:11:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.28 14:49:46 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.28 14:49:46 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.28 14:49:46 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.28 14:49:46 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.28 14:49:46 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.28 13:42:31 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 13:42:31 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 13:35:30 | 629,696,000 | -HS- | M] () -- C:\Windows\lenovo_fastboot.img
[2012.12.28 13:35:15 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.12.28 13:35:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.28 13:34:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 13:34:27 | 2901,872,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.28 12:57:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.28 12:55:50 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 12:55:46 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Forrest\wgsdgsdgdsgsd.dll
[2012.12.23 11:37:37 | 000,037,986 | ---- | M] () -- C:\Users\Forrest\AppData\Roaming\AbsoluteReminder.xml
[2012.12.22 13:59:43 | 000,434,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.18 09:23:17 | 004,094,249 | ---- | M] () -- C:\Users\Forrest\Desktop\chem. Garten.jpeg
[2012.12.15 17:41:30 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.12.01 17:46:53 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.28 15:16:27 | 000,000,000 | ---- | C] () -- C:\Users\Forrest\defogger_reenable
[2012.12.28 12:55:50 | 000,002,940 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 12:55:46 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.15 17:41:30 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.12.01 17:47:32 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2012.12.01 17:47:26 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad.lnk
[2012.12.01 17:47:12 | 000,001,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
[2012.12.01 17:47:03 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2012.12.01 17:46:53 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
[2012.12.01 17:46:53 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2012.11.21 17:43:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.09.07 10:42:36 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.06 18:55:20 | 000,037,986 | ---- | C] () -- C:\Users\Forrest\AppData\Roaming\AbsoluteReminder.xml
[2012.09.06 18:54:54 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.09.06 15:08:20 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.06 10:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.07.06 10:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012.07.06 10:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.07.06 10:29:23 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.07.06 10:29:23 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.07.06 10:29:21 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.07.06 10:29:19 | 013,007,360 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.12.01 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Babylon
[2012.09.06 19:38:45 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\CheckPoint
[2012.12.28 14:28:17 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Dropbox
[2012.09.15 15:05:03 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\klett
[2012.09.06 19:01:18 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Leadertech
[2012.12.15 21:07:32 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\Lenovo
[2012.09.06 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\LSC
[2012.11.27 19:05:04 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\mathegrafix
[2012.09.06 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\Forrest\AppData\Roaming\PwrMgr

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Forrest\Desktop\chem. Garten.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Forrest\Desktop\chem. Garten 2.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

OTL Extras logfile created on: 28.12.2012 15:17:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Forrest\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,60 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 43,57% Memory free
7,21 Gb Paging File | 4,48 Gb Available in Paging File | 62,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679,59 Gb Total Space | 613,84 Gb Free Space | 90,33% Space Free | Partition Type: NTFS
Drive E: | 14,42 Gb Total Space | 4,39 Gb Free Space | 30,41% Space Free | Partition Type: FAT32
Drive Q: | 17,58 Gb Total Space | 4,08 Gb Free Space | 23,23% Space Free | Partition Type: NTFS

Computer Name: FORREST-THINK | User Name: Forrest | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6DAA28-A70F-42F5-9971-27F6F1A23841}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B750B9D-0494-4ECE-899B-DF365155E38D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{21E2F099-0E3C-4A70-AE4E-F7F00CFDE06E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B458400-3D61-4C09-AFB0-65996CFC4332}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E5632CF-17E8-4979-9F73-7E61FC91BF73}" = rport=139 | protocol=6 | dir=out | app=system |
"{308D4A52-B2D4-4E6D-A310-B424DD4CEA72}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41154DD5-3869-4E67-8934-0275BF39FD0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A3785C8-0C72-435F-B6E3-70102CC3A35B}" = rport=138 | protocol=17 | dir=out | app=system |
"{4FCDCA92-13E4-4055-8ED2-7467DDDFFED1}" = lport=138 | protocol=17 | dir=in | app=system |
"{5199756C-EB26-42A8-A398-AE171EAC3FB0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E6B3D44-AEF7-47C5-A79E-2D65BB393B40}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69B7CA96-3997-40BD-BAB6-BDF0CED366BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C1BA950-8FCA-46BE-8E53-085F244CE538}" = lport=139 | protocol=6 | dir=in | app=system |
"{75CEE9BF-1F1A-48D4-8C78-038FC0AE3994}" = lport=137 | protocol=17 | dir=in | app=system |
"{7897F525-A875-4DCF-AAC7-E4F881D22522}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94D44A15-E91C-438C-837A-70619E761B68}" = lport=445 | protocol=6 | dir=in | app=system |
"{95AB703A-A0D3-4477-8315-EF691873F20C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5A89717-1370-4AEB-88A8-65D3B789BAEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0804DE3-EA16-4731-A056-3E7E6DC0FEC0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B6186C08-D97E-4378-BE90-245CABC48E00}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C979429A-2926-441A-8B45-911FFC709C9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D61BB4CC-0F80-46B9-ACF8-9F6B717DAE4B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DDCAE531-DEBD-4B03-8C66-0591F6FC010B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E37E391F-6E50-4C70-816C-245C5597C43C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2DB4F6B-A6D7-40F2-AC0F-C52CB09E9DB3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6342BCE-D362-41C1-B61D-FD0F31A9720D}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{173F00A9-9D45-4764-955D-86DACF35453E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AC77A11-3F1C-49EC-91AB-50F4B7E9DB3A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32EB15DE-CCAD-4406-8733-496E1DC6C5FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{453D66A5-3E76-4E45-AF15-1AE7EF252F25}" = protocol=6 | dir=in | app=d:\alicesetup.exe |
"{4885C6CE-0349-4103-BEE1-1D7D3669724B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{561CEC8D-946E-4B66-AB73-CD8B532A99EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{57F3E05F-2850-420D-84DB-4834728C239E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{683B9C66-6DEA-465D-8239-2FA0A13C29B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68922BD4-A025-44B9-87A5-C39562E48185}" = protocol=6 | dir=out | app=system |
"{6A30B5D2-DBF1-4236-B52D-80719CDDE522}" = protocol=17 | dir=in | app=d:\alicesetup.exe |
"{6E7AED19-BFD6-460D-B955-A6003CB5EAD7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{707E71F6-CBC5-48B4-9FDC-98520E799946}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{7168C68D-249D-4C44-AA04-EAB93A3302FD}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{79DF38B0-ABA8-4922-9D91-98DA811530E5}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{91BA5BD4-0CFC-43F0-BE99-99E7329F9D18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9B00668A-A914-46C5-ADE3-0CEF44C04302}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9FF1F201-BFCB-4DEC-BBC4-DBC8767BEC9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0C2F6CE-1490-40E1-876C-899ABD2ED0D3}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{A529A452-924F-4524-93AE-45B12DBF7A77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB2613CE-FF64-433F-9598-E6B5D4AA7DF3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AC24A7E2-9E6C-4A48-9170-E1CA9DDB18BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF6FDE44-C3CD-4CE8-968B-1CD3C69822C0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{C3096404-9932-407C-AE89-7ADB74251431}" = protocol=58 | dir=in | app=system |
"{C31DB8BD-4AA2-4948-8CC0-6E4C0C0F58A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7C1D5E4-A0B4-4161-B550-05D39418D1CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCEC526E-F42A-4E3A-9DCD-749F92F9C3A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D2716BEB-FAB9-40C5-A9E7-A112FA16FB48}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D86844F6-D811-4879-B384-DBA2A44199AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAFF418D-3798-4543-AB07-0CD5E5E14675}" = protocol=17 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe |
"{E1DADAF2-0A2B-4399-8B37-1C3D04A58553}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{E5F54905-463E-4911-903A-08D02B42356F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E647F674-677B-48D6-B6CE-02B50521D531}" = protocol=6 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe |
"{E92CFB06-6094-493F-8B81-A7A00BE25242}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED751172-7B97-404D-8984-6D675910B3E4}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{EDE96B4E-3B66-4465-858A-7E6043AC9364}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F90F0252-9FF8-45D4-B7E4-2BB9516B294F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9A9BDE4-410A-415A-96C8-FC9D81F4D064}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FF3ACCEF-E57C-4E89-B89B-75DFD69BF4E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{326E22DA-E5A4-453E-BB68-68A3C499DD53}C:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F1BD778E-A4DA-42FF-A9FE-93746ED9129E}C:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\forrest\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{79AB31DF-83A6-4D49-A70E-C4CA114B0605}" = Lenovo Solution Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8CAC260-092D-41DA-A38F-73AF4226B021}" = Lenovo Graphics Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 290.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 290.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B57D4097-F2FE-4222-BA02-46C6EC8B7944}" = DisplayLink Core Software
"{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap
"{C5BB9380-D729-410A-A440-061EBCADCCB9}" = Fingerprint Reader
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032)
"76052A6680822C2132A1EB4E64568F3C9591560E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"E3535F123E7F666D573665142F90D3E5004DC326" = Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235E938E-ACDF-4646-ADAF-38F8D403EDAF}_is1" = Elemente Chemie Arbeitsblätter 1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5B5DEF99-85E9-423D-A1A3-B83202697B09}" = Lenovo Solutions for Small Business Customizations
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}" = Message Center Plus
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99DBFE8E-8143-4311-816B-AC3FE200B933}" = Rund um ... Chemie heute SI (Teil 1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EAB00-6FAE-417B-8A4E-9578E2215F63}_is1" = Elemente Chemie Arbeitsblätter 2 deinstallieren
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar
"Fastboot" = RapidBoot HDD Accelerator
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Klett Service-CD Lambacher Schweizer" = Klett Service-CD Lambacher Schweizer
"McAfee Security Scan" = McAfee Security Scan Plus
"MixPad" = MixPad
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStage" = PhotoStage Slideshow Producer
"Prism" = Prism Video File Converter
"SugarSync" = SugarSync Manager
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.3
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.12.2012 18:16:25 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 10.12.2012 13:03:17 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 11.12.2012 12:28:49 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 09:38:20 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 12.12.2012 11:02:52 | Computer Name = Forrest-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 23.0.1271.95,
Zeitstempel: 0x50b5708f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x72d94f0d ID des fehlerhaften
Prozesses: 0x26b0 Startzeit der fehlerhaften Anwendung: 0x01cdd874530dff3e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: ffdbc091-446c-11e2-942c-b888e3337514

Error - 13.12.2012 12:27:29 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 13.12.2012 17:12:22 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 14.12.2012 12:13:25 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 15.12.2012 12:26:08 | Computer Name = Forrest-THINK | Source = WinMgmt | ID = 10
Description =

Error - 15.12.2012 12:29:57 | Computer Name = Forrest-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 23.0.1271.97,
Zeitstempel: 0x50be88d8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x73224f0d ID des fehlerhaften
Prozesses: 0x1eec Startzeit der fehlerhaften Anwendung: 0x01cddae143a277a6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a942d990-46d4-11e2-8cbc-685d43930278

[ Lenovo-Message Center Plus/Admin Events ]
Error - 06.12.2012 17:24:59 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 11.12.2012 17:03:49 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 11.12.2012 17:03:49 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 11.12.2012 17:03:49 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 13.12.2012 18:05:43 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 13.12.2012 18:05:45 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 13.12.2012 18:05:47 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 19.12.2012 12:33:08 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 19.12.2012 12:33:10 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

Error - 19.12.2012 12:33:13 | Computer Name = Forrest-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt

[ System Events ]
Error - 18.12.2012 03:43:41 | Computer Name = Forrest-THINK | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.1938.0 Update Source: %%859 Update Stage:
%%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 18.12.2012 05:56:57 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 18.12.2012 05:56:58 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 18.12.2012 05:56:59 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 18.12.2012 06:06:43 | Computer Name = Forrest-THINK | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.1938.0 Update Source: %%859 Update Stage:
%%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 18.12.2012 18:10:05 | Computer Name = Forrest-THINK | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.

Error - 19.12.2012 12:41:41 | Computer Name = Forrest-THINK | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.2135.0 Update Source: %%859 Update Stage:
%%852 Source Path: hxxp://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 19.12.2012 18:10:49 | Computer Name = Forrest-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 21.12.2012 09:06:31 | Computer Name = Forrest-THINK | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 21.12.2012 09:06:31 | Computer Name = Forrest-THINK | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >

da bei den anderen posts die Sperre nicht wegging bzw. immer darauf hingewiesen wurde, dass das nicht für jeden PC 1:1 zu übernehmen ist, hoffe ich, dass mir jemand von euch weiterhelfen kann und mir sagt, wie ich weiter vorzugehen hab...

Schon mal vielen Dank im Vorraus

Alt 28.12.2012, 15:04   #2
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.12.28 12:57:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.28 12:55:50 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 12:55:46 | 000,204,712 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Forrest\wgsdgsdgdsgsd.dll
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 28.12.2012, 19:04   #3
mithrandir31
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hallo Markus,
vielen Dank für die schnelle Antwort. Deine Anweisungen habe ich durchgeführt. Das hat alles soweit ohne Probleme funktioniert. Ebenso der Upload der Dateien im Uploadchannel (denke ich zumindest). Ansonsten kurz Bescheid geben.
Wie geht es weiter...?
Gruß, Marcus

War gerade auf meinem Laptop bei Microsoft Security Essentials. Folgender Treffer wurde heute Mittag gelandet:
Trojan:Win32/Reveton!Ink
Weiß nicht, ob diese Info weiterhilft?!
__________________

Geändert von mithrandir31 (28.12.2012 um 19:15 Uhr)

Alt 03.01.2013, 16:09   #4
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Sorry für die Wartezeit hatte urlaub
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.01.2013, 12:14   #5
mithrandir31
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Kein Thema, hoffe, du hattest nen schönen Urlaub, und vielen Dank, dass du jetzt wieder da bist ;-)
Hab die weiteren Anweisungen ausgeführt und das Ergebnis im Uploadchannel als txt-datei bereit gestellt. Wolltest du den gesamten Report oder nur die Details, hab jetzt mal den Report reingestellt. Wie gehts nun weiter?


Alt 05.01.2013, 17:05   #6
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hi
logs bitte immer hier im Thema posten, bitte poste das Log noch mal, danke
__________________
--> GVU-Trojaner eingefangen

Alt 05.01.2013, 21:09   #7
mithrandir31
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



12:56:00.0635 2208 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:56:00.0932 2208 ============================================================
12:56:00.0932 2208 Current date / time: 2013/01/04 12:56:00.0932
12:56:00.0932 2208 SystemInfo:
12:56:00.0932 2208
12:56:00.0932 2208 OS Version: 6.1.7601 ServicePack: 1.0
12:56:00.0932 2208 Product type: Workstation
12:56:00.0932 2208 ComputerName: FORREST-THINK
12:56:00.0932 2208 UserName: Forrest
12:56:00.0932 2208 Windows directory: C:\Windows
12:56:00.0932 2208 System windows directory: C:\Windows
12:56:00.0932 2208 Running under WOW64
12:56:00.0932 2208 Processor architecture: Intel x64
12:56:00.0932 2208 Number of processors: 8
12:56:00.0932 2208 Page size: 0x1000
12:56:00.0932 2208 Boot type: Normal boot
12:56:00.0932 2208 ============================================================
12:56:01.0742 2208 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:56:01.0743 2208 Drive \Device\Harddisk1\DR1 - Size: 0x3BA816000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:56:01.0756 2208 Drive \Device\Harddisk2\DR4 - Size: 0x3A2800000 (14.54 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:56:01.0767 2208 Drive \Device\Harddisk3\DR5 - Size: 0xED9DE000 (3.71 Gb), SectorSize: 0x400, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:56:01.0772 2208 ============================================================
12:56:01.0772 2208 \Device\Harddisk0\DR0:
12:56:01.0773 2208 MBR partitions:
12:56:01.0773 2208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
12:56:01.0773 2208 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x54F2F000
12:56:01.0773 2208 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5521D800, BlocksNum 0x2328000
12:56:01.0773 2208 \Device\Harddisk1\DR1:
12:56:01.0773 2208 Invalid mbr signature
12:56:01.0774 2208 \Device\Harddisk2\DR4:
12:56:01.0774 2208 MBR partitions:
12:56:01.0774 2208 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D12080
12:56:01.0774 2208 \Device\Harddisk3\DR5:
12:56:01.0776 2208 MBR partitions:
12:56:01.0776 2208 ============================================================
12:56:01.0828 2208 C: <-> \Device\Harddisk0\DR0\Partition2
12:56:01.0915 2208 Q: <-> \Device\Harddisk0\DR0\Partition3
12:56:01.0915 2208 ============================================================
12:56:01.0915 2208 Initialize success
12:56:01.0915 2208 ============================================================
12:56:42.0450 2476 ============================================================
12:56:42.0450 2476 Scan started
12:56:42.0450 2476 Mode: Manual; SigCheck; TDLFS;
12:56:42.0450 2476 ============================================================
12:56:42.0656 2476 ================ Scan system memory ========================
12:56:42.0656 2476 System memory - ok
12:56:42.0657 2476 ================ Scan services =============================
12:56:42.0899 2476 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:56:42.0988 2476 1394ohci - ok
12:56:43.0045 2476 [ 144D54704A881047AE1084C6F1163060 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
12:56:43.0115 2476 5U877 - ok
12:56:43.0159 2476 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:56:43.0203 2476 ACPI - ok
12:56:43.0226 2476 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:56:43.0295 2476 AcpiPmi - ok
12:56:43.0461 2476 [ 6A53AAEC52611285F32F1B71321F2604 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
12:56:43.0569 2476 AcPrfMgrSvc - ok
12:56:43.0606 2476 [ 04762CCCFBB3103E3567B582ECF561A6 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
12:56:43.0744 2476 AcSvc - ok
12:56:43.0841 2476 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:56:43.0932 2476 AdobeARMservice - ok
12:56:44.0019 2476 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:56:44.0066 2476 adp94xx - ok
12:56:44.0113 2476 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:56:44.0147 2476 adpahci - ok
12:56:44.0187 2476 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:56:44.0223 2476 adpu320 - ok
12:56:44.0259 2476 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:56:44.0462 2476 AeLookupSvc - ok
12:56:44.0524 2476 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:56:44.0618 2476 AFD - ok
12:56:44.0711 2476 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:56:44.0743 2476 agp440 - ok
12:56:44.0774 2476 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:56:44.0899 2476 ALG - ok
12:56:44.0930 2476 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:56:44.0961 2476 aliide - ok
12:56:44.0961 2476 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:56:44.0977 2476 amdide - ok
12:56:45.0008 2476 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:56:45.0057 2476 AmdK8 - ok
12:56:45.0063 2476 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:56:45.0124 2476 AmdPPM - ok
12:56:45.0138 2476 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:56:45.0155 2476 amdsata - ok
12:56:45.0162 2476 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:56:45.0183 2476 amdsbs - ok
12:56:45.0194 2476 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:56:45.0209 2476 amdxata - ok
12:56:45.0258 2476 [ 157B1C973637919DCD0D0464167C86BA ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
12:56:45.0312 2476 AMPPAL - ok
12:56:45.0319 2476 [ 157B1C973637919DCD0D0464167C86BA ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
12:56:45.0341 2476 AMPPALP - ok
12:56:45.0491 2476 [ FB70F8C1283C8CC6BFAA6F9971107E68 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
12:56:46.0274 2476 AMPPALR3 - ok
12:56:46.0306 2476 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:56:46.0340 2476 AppID - ok
12:56:46.0378 2476 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:56:46.0460 2476 AppIDSvc - ok
12:56:46.0473 2476 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:56:46.0563 2476 Appinfo - ok
12:56:46.0608 2476 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:56:46.0626 2476 arc - ok
12:56:46.0630 2476 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:56:46.0648 2476 arcsas - ok
12:56:46.0676 2476 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:56:46.0725 2476 AsyncMac - ok
12:56:46.0747 2476 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:56:46.0762 2476 atapi - ok
12:56:46.0830 2476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:56:46.0939 2476 AudioEndpointBuilder - ok
12:56:46.0948 2476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:56:46.0991 2476 AudioSrv - ok
12:56:47.0045 2476 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:56:47.0088 2476 AxInstSV - ok
12:56:47.0167 2476 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:56:47.0235 2476 b06bdrv - ok
12:56:47.0289 2476 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:56:47.0352 2476 b57nd60a - ok
12:56:47.0408 2476 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:56:47.0472 2476 BDESVC - ok
12:56:47.0523 2476 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:56:47.0591 2476 Beep - ok
12:56:47.0655 2476 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:56:47.0764 2476 BFE - ok
12:56:47.0904 2476 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys
12:56:47.0958 2476 BHDrvx64 - ok
12:56:47.0994 2476 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:56:48.0051 2476 BITS - ok
12:56:48.0069 2476 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:56:48.0097 2476 blbdrive - ok
12:56:48.0191 2476 [ A52EA1D8C2900055323C93DDB252A3DA ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
12:56:48.0585 2476 Bluetooth Device Monitor - ok
12:56:48.0616 2476 [ 091210450CA7CED08F360D9D7FEC5D11 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
12:56:49.0006 2476 Bluetooth Media Service - ok
12:56:49.0068 2476 [ 392450754E17FF778CBC5B9D20583AD1 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
12:56:49.0482 2476 Bluetooth OBEX Service - ok
12:56:49.0522 2476 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:56:49.0578 2476 bowser - ok
12:56:49.0612 2476 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:56:49.0656 2476 BrFiltLo - ok
12:56:49.0660 2476 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:56:49.0690 2476 BrFiltUp - ok
12:56:49.0722 2476 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:56:49.0782 2476 Browser - ok
12:56:49.0821 2476 [ 6DF544E72FF139E8FBBBA6D0E569BEA5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
12:56:49.0880 2476 BrSerIb - ok
12:56:49.0912 2476 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:56:49.0986 2476 Brserid - ok
12:56:49.0991 2476 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:56:50.0040 2476 BrSerWdm - ok
12:56:50.0066 2476 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:56:50.0095 2476 BrUsbMdm - ok
12:56:50.0098 2476 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:56:50.0118 2476 BrUsbSer - ok
12:56:50.0155 2476 [ 80082AD46578F0D3270D2E56D6433082 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
12:56:50.0188 2476 BrUsbSIb - ok
12:56:50.0217 2476 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:56:50.0304 2476 BthEnum - ok
12:56:50.0338 2476 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:56:50.0395 2476 BTHMODEM - ok
12:56:50.0408 2476 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:56:50.0457 2476 BthPan - ok
12:56:50.0495 2476 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:56:50.0539 2476 BTHPORT - ok
12:56:50.0576 2476 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:56:50.0657 2476 bthserv - ok
12:56:50.0693 2476 [ FA2D081709A764F6BEE16B7FFE03E36C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
12:56:50.0728 2476 BTHSSecurityMgr - ok
12:56:50.0751 2476 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:56:50.0790 2476 BTHUSB - ok
12:56:50.0824 2476 [ 988CC6CC49303665D3B2435C51505C3F ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
12:56:50.0893 2476 btmaux - ok
12:56:50.0926 2476 [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
12:56:51.0008 2476 btmhsf - ok
12:56:51.0091 2476 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
12:56:51.0128 2476 ccSet_NIS - ok
12:56:51.0161 2476 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:56:51.0240 2476 cdfs - ok
12:56:51.0281 2476 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:56:51.0324 2476 cdrom - ok
12:56:51.0371 2476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:56:51.0464 2476 CertPropSvc - ok
12:56:51.0511 2476 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:56:51.0558 2476 circlass - ok
12:56:51.0574 2476 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:56:51.0620 2476 CLFS - ok
12:56:51.0714 2476 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:56:51.0808 2476 clr_optimization_v2.0.50727_32 - ok
12:56:51.0854 2476 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:56:51.0886 2476 clr_optimization_v2.0.50727_64 - ok
12:56:51.0948 2476 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:56:52.0010 2476 clr_optimization_v4.0.30319_32 - ok
12:56:52.0073 2476 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:56:52.0104 2476 clr_optimization_v4.0.30319_64 - ok
12:56:52.0135 2476 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:56:52.0182 2476 CmBatt - ok
12:56:52.0213 2476 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:56:52.0244 2476 cmdide - ok
12:56:52.0296 2476 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:56:52.0336 2476 CNG - ok
12:56:52.0410 2476 [ 9F6DE1995A188615CEEE908E750A34ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
12:56:52.0486 2476 CnxtHdAudService - ok
12:56:52.0531 2476 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:56:52.0562 2476 Compbatt - ok
12:56:52.0588 2476 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:56:52.0634 2476 CompositeBus - ok
12:56:52.0665 2476 COMSysApp - ok
12:56:52.0799 2476 [ E1C17DC650A7FA69DE63C4D4A8E888EA ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
12:56:52.0900 2476 cphs - ok
12:56:52.0940 2476 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:56:52.0956 2476 crcdisk - ok
12:56:52.0995 2476 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:56:53.0086 2476 CryptSvc - ok
12:56:53.0216 2476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:56:53.0301 2476 DcomLaunch - ok
12:56:53.0369 2476 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:56:53.0453 2476 defragsvc - ok
12:56:53.0502 2476 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:56:53.0564 2476 DfsC - ok
12:56:53.0656 2476 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:56:53.0780 2476 Dhcp - ok
12:56:53.0803 2476 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:56:53.0872 2476 discache - ok
12:56:53.0956 2476 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:56:53.0996 2476 Disk - ok
12:56:54.0495 2476 [ 4453DA8650DA827BC33B8D41A8F97894 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
12:56:54.0741 2476 DisplayLinkService - ok
12:56:54.0782 2476 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:56:54.0877 2476 Dnscache - ok
12:56:54.0924 2476 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:56:55.0004 2476 dot3svc - ok
12:56:55.0022 2476 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:56:55.0079 2476 DPS - ok
12:56:55.0137 2476 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:56:55.0195 2476 drmkaud - ok
12:56:55.0230 2476 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:56:55.0274 2476 DXGKrnl - ok
12:56:55.0317 2476 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:56:55.0379 2476 EapHost - ok
12:56:55.0473 2476 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:56:55.0551 2476 ebdrv - ok
12:56:55.0660 2476 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:56:55.0707 2476 eeCtrl - ok
12:56:55.0738 2476 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:56:55.0800 2476 EFS - ok
12:56:55.0878 2476 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:56:56.0060 2476 ehRecvr - ok
12:56:56.0090 2476 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:56:56.0230 2476 ehSched - ok
12:56:56.0290 2476 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:56:56.0318 2476 elxstor - ok
12:56:56.0416 2476 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:56:56.0458 2476 EraserUtilRebootDrv - ok
12:56:56.0461 2476 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:56:56.0484 2476 ErrDev - ok
12:56:56.0527 2476 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:56:56.0595 2476 EventSystem - ok
12:56:56.0683 2476 [ 23D401A43DADED10A153B9F3A7E66C91 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:56:56.0711 2476 EvtEng - ok
12:56:56.0739 2476 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:56:56.0777 2476 exfat - ok
12:56:56.0862 2476 [ EB3A7D5663ACAC417DF986D4AEE12170 ] Fastboot C:\Windows\system32\DRIVERS\Fastboot.sys
12:56:56.0889 2476 Fastboot - ok
12:56:57.0014 2476 [ 63511240AF70D10343A4AE05F8E2CA12 ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
12:56:57.0048 2476 FastbootService - ok
12:56:57.0069 2476 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:56:57.0117 2476 fastfat - ok
12:56:57.0191 2476 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:56:57.0388 2476 Fax - ok
12:56:57.0420 2476 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:56:57.0451 2476 fdc - ok
12:56:57.0482 2476 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:56:57.0513 2476 fdPHost - ok
12:56:57.0529 2476 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:56:57.0560 2476 FDResPub - ok
12:56:57.0591 2476 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:56:57.0607 2476 FileInfo - ok
12:56:57.0622 2476 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:56:57.0685 2476 Filetrace - ok
12:56:57.0716 2476 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:56:57.0732 2476 flpydisk - ok
12:56:57.0778 2476 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:56:57.0825 2476 FltMgr - ok
12:56:57.0856 2476 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:56:57.0934 2476 FontCache - ok
12:56:57.0981 2476 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:56:57.0997 2476 FontCache3.0.0.0 - ok
12:56:58.0059 2476 [ 327C3EF11AD3A7262951FAC5D705F546 ] FPLService C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
12:56:58.0122 2476 FPLService - ok
12:56:58.0137 2476 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:56:58.0153 2476 FsDepends - ok
12:56:58.0200 2476 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:56:58.0215 2476 Fs_Rec - ok
12:56:58.0231 2476 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:56:58.0262 2476 fvevol - ok
12:56:58.0287 2476 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:56:58.0305 2476 gagp30kx - ok
12:56:58.0339 2476 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:56:58.0390 2476 gpsvc - ok
12:56:58.0519 2476 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:56:58.0676 2476 gupdate - ok
12:56:58.0731 2476 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:56:58.0785 2476 gupdatem - ok
12:56:58.0838 2476 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:56:59.0281 2476 gusvc - ok
12:56:59.0327 2476 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:56:59.0395 2476 hcw85cir - ok
12:56:59.0428 2476 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:56:59.0486 2476 HdAudAddService - ok
12:56:59.0526 2476 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:56:59.0566 2476 HDAudBus - ok
12:56:59.0569 2476 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:56:59.0599 2476 HidBatt - ok
12:56:59.0603 2476 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:56:59.0632 2476 HidBth - ok
12:56:59.0654 2476 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:56:59.0673 2476 HidIr - ok
12:56:59.0709 2476 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:56:59.0781 2476 hidserv - ok
12:56:59.0853 2476 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:56:59.0883 2476 HidUsb - ok
12:56:59.0932 2476 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:56:59.0987 2476 hkmsvc - ok
12:57:00.0006 2476 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:57:00.0068 2476 HomeGroupListener - ok
12:57:00.0109 2476 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:57:00.0145 2476 HomeGroupProvider - ok
12:57:00.0168 2476 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:57:00.0185 2476 HpSAMD - ok
12:57:00.0284 2476 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:57:00.0354 2476 HTTP - ok
12:57:00.0364 2476 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:57:00.0374 2476 hwpolicy - ok
12:57:00.0434 2476 [ 46FD38CBD57D2EC86C42DCCE05C82F67 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
12:57:00.0454 2476 HyperW7Svc - ok
12:57:00.0484 2476 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:57:00.0504 2476 i8042prt - ok
12:57:00.0564 2476 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:57:00.0644 2476 iaStor - ok
12:57:00.0714 2476 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:57:01.0045 2476 iaStorV - ok
12:57:01.0170 2476 [ 72B253CDBCAA10E88AAD0BA39CC83BCD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
12:57:01.0201 2476 IBMPMDRV - ok
12:57:01.0452 2476 [ 4925FFB084C9AD02E8EEF01FB18BF5AC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
12:57:01.0579 2476 IBMPMSVC - ok
12:57:01.0696 2476 [ 60CC7AE9AEDB4D1E7923BD053B176D97 ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
12:57:01.0778 2476 ibtfltcoex - ok
12:57:02.0246 2476 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:57:02.0398 2476 idsvc - ok
12:57:02.0965 2476 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120928.001\IDSvia64.sys
12:57:03.0139 2476 IDSVia64 - ok
12:57:04.0206 2476 [ E910E770A54E55973FFBE663C3254000 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:57:05.0094 2476 igfx - ok
12:57:05.0144 2476 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:57:05.0167 2476 iirsp - ok
12:57:05.0265 2476 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:57:05.0375 2476 IKEEXT - ok
12:57:05.0558 2476 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
12:57:05.0574 2476 intaud_WaveExtensible - ok
12:57:05.0676 2476 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:57:05.0772 2476 IntcDAud - ok
12:57:06.0054 2476 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:57:06.0983 2476 Intel(R) Capability Licensing Service Interface - ok
12:57:07.0186 2476 [ FB166D86AFCBD9A9BFD342DC2564F5DF ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
12:57:07.0311 2476 Intel(R) ME Service - ok
12:57:07.0577 2476 [ 16DF912A1C88B7AE46E907661F31AA77 ] Intel(R) Small Business Advantage C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
12:57:07.0598 2476 Intel(R) Small Business Advantage - ok
12:57:07.0632 2476 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:57:07.0647 2476 intelide - ok
12:57:07.0688 2476 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:57:07.0723 2476 intelppm - ok
12:57:07.0846 2476 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:57:07.0937 2476 IPBusEnum - ok
12:57:07.0957 2476 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:57:07.0990 2476 IpFilterDriver - ok
12:57:08.0174 2476 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:57:08.0266 2476 iphlpsvc - ok
12:57:08.0345 2476 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:57:08.0425 2476 IPMIDRV - ok
12:57:08.0428 2476 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:57:08.0473 2476 IPNAT - ok
12:57:08.0510 2476 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:57:08.0550 2476 IRENUM - ok
12:57:08.0568 2476 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:57:08.0583 2476 isapnp - ok
12:57:08.0613 2476 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:57:08.0649 2476 iScsiPrt - ok
12:57:08.0732 2476 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
12:57:08.0748 2476 iusb3hcs - ok
12:57:08.0765 2476 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
12:57:08.0803 2476 iusb3hub - ok
12:57:08.0859 2476 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
12:57:08.0889 2476 iusb3xhc - ok
12:57:09.0016 2476 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
12:57:09.0073 2476 iwdbus - ok
12:57:09.0173 2476 [ B443D3D1B6F21C2B424E49491B65C488 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
12:57:09.0216 2476 jhi_service - ok
12:57:09.0268 2476 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:57:09.0287 2476 kbdclass - ok
12:57:09.0321 2476 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:57:09.0358 2476 kbdhid - ok
12:57:09.0378 2476 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:57:09.0394 2476 KeyIso - ok
12:57:09.0441 2476 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:57:09.0456 2476 KSecDD - ok
12:57:09.0534 2476 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:57:09.0550 2476 KSecPkg - ok
12:57:09.0628 2476 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:57:09.0690 2476 ksthunk - ok
12:57:09.0800 2476 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:57:09.0893 2476 KtmRm - ok
12:57:09.0971 2476 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:57:10.0049 2476 LanmanServer - ok
12:57:10.0127 2476 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:57:10.0205 2476 LanmanWorkstation - ok
12:57:10.0268 2476 [ D157679261C0F6739784166CB984A933 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
12:57:10.0377 2476 LENOVO.CAMMUTE - ok
12:57:10.0475 2476 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
12:57:10.0524 2476 LENOVO.MICMUTE - ok
12:57:10.0555 2476 [ 9D37F8F00324E9C6C7C5369E50D92EB6 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
12:57:10.0692 2476 LENOVO.TPKNRSVC - ok
12:57:10.0715 2476 [ 3038396D26AE40D7C2E7E775870EB458 ] LENOVO.TVTVCAM C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
12:57:10.0749 2476 LENOVO.TVTVCAM - ok
12:57:10.0815 2476 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
12:57:10.0847 2476 Lenovo.VIRTSCRLSVC - ok
12:57:10.0924 2476 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:57:11.0012 2476 lltdio - ok
12:57:11.0064 2476 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:57:11.0107 2476 lltdsvc - ok
12:57:11.0178 2476 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:57:11.0234 2476 lmhosts - ok
12:57:11.0380 2476 [ 9BE23DF9B1FC56F58DD0F28CC187E713 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:57:11.0474 2476 LMS - ok
12:57:11.0536 2476 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:57:11.0552 2476 LSI_FC - ok
12:57:11.0552 2476 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:57:11.0567 2476 LSI_SAS - ok
12:57:11.0567 2476 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:57:11.0583 2476 LSI_SAS2 - ok
12:57:11.0599 2476 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:57:11.0614 2476 LSI_SCSI - ok
12:57:11.0630 2476 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:57:11.0677 2476 luafv - ok
12:57:11.0864 2476 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
12:57:11.0895 2476 McAfee SiteAdvisor Service - ok
12:57:12.0020 2476 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
12:57:12.0067 2476 McComponentHostService - ok
12:57:12.0113 2476 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:57:12.0160 2476 Mcx2Svc - ok
12:57:12.0191 2476 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:57:12.0207 2476 megasas - ok
12:57:12.0238 2476 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:57:12.0269 2476 MegaSR - ok
12:57:12.0332 2476 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:57:12.0347 2476 MEIx64 - ok
12:57:12.0472 2476 Microsoft SharePoint Workspace Audit Service - ok
12:57:12.0503 2476 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:57:12.0566 2476 MMCSS - ok
12:57:12.0628 2476 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:57:12.0675 2476 Modem - ok
12:57:12.0722 2476 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:57:12.0769 2476 monitor - ok
12:57:12.0815 2476 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:57:12.0831 2476 mouclass - ok
12:57:12.0893 2476 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:57:12.0940 2476 mouhid - ok
12:57:12.0987 2476 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:57:13.0003 2476 mountmgr - ok
12:57:13.0127 2476 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:57:13.0174 2476 MozillaMaintenance - ok
12:57:13.0315 2476 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:57:13.0346 2476 MpFilter - ok
12:57:13.0425 2476 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:57:13.0442 2476 mpio - ok
12:57:13.0499 2476 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:57:13.0531 2476 mpsdrv - ok
12:57:13.0640 2476 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:57:13.0690 2476 MpsSvc - ok
12:57:13.0718 2476 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:57:13.0758 2476 MRxDAV - ok
12:57:13.0786 2476 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:57:13.0853 2476 mrxsmb - ok
12:57:13.0913 2476 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:57:13.0970 2476 mrxsmb10 - ok
12:57:13.0985 2476 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:57:14.0002 2476 mrxsmb20 - ok
12:57:14.0033 2476 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:57:14.0048 2476 msahci - ok
12:57:14.0084 2476 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:57:14.0102 2476 msdsm - ok
12:57:14.0121 2476 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:57:14.0159 2476 MSDTC - ok
12:57:14.0200 2476 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:57:14.0232 2476 Msfs - ok
12:57:14.0316 2476 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:57:14.0380 2476 mshidkmdf - ok
12:57:14.0380 2476 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:57:14.0396 2476 msisadrv - ok
12:57:14.0474 2476 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:57:14.0536 2476 MSiSCSI - ok
12:57:14.0536 2476 msiserver - ok
12:57:14.0599 2476 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:57:14.0661 2476 MSKSSRV - ok
12:57:14.0801 2476 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:57:14.0817 2476 MsMpSvc - ok
12:57:14.0895 2476 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:57:14.0926 2476 MSPCLOCK - ok
12:57:14.0957 2476 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:57:14.0989 2476 MSPQM - ok
12:57:15.0051 2476 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:57:15.0067 2476 MsRPC - ok
12:57:15.0145 2476 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:57:15.0160 2476 mssmbios - ok
12:57:15.0301 2476 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:57:15.0347 2476 MSTEE - ok
12:57:15.0347 2476 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:57:15.0378 2476 MTConfig - ok
12:57:15.0404 2476 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:57:15.0424 2476 Mup - ok
12:57:15.0525 2476 [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:57:15.0622 2476 MyWiFiDHCPDNS - ok
12:57:15.0671 2476 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:57:15.0737 2476 napagent - ok
12:57:15.0863 2476 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:57:15.0888 2476 NativeWifiP - ok
12:57:16.0007 2476 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\ENG64.SYS
12:57:16.0024 2476 NAVENG - ok
12:57:16.0208 2476 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120928.033\EX64.SYS
12:57:16.0289 2476 NAVEX15 - ok
12:57:16.0365 2476 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:57:16.0412 2476 NDIS - ok
12:57:16.0471 2476 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:57:16.0522 2476 NdisCap - ok
12:57:16.0556 2476 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:57:16.0589 2476 NdisTapi - ok
12:57:16.0633 2476 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:57:16.0679 2476 Ndisuio - ok
12:57:16.0726 2476 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:16.0793 2476 NdisWan - ok
12:57:16.0817 2476 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:57:16.0857 2476 NDProxy - ok
12:57:16.0886 2476 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:57:16.0938 2476 NetBIOS - ok
12:57:16.0993 2476 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:57:17.0043 2476 NetBT - ok
12:57:17.0078 2476 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:57:17.0096 2476 Netlogon - ok
12:57:17.0220 2476 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:57:17.0294 2476 Netman - ok
12:57:17.0381 2476 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:57:17.0460 2476 netprofm - ok
12:57:17.0507 2476 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:57:17.0523 2476 NetTcpPortSharing - ok
12:57:18.0365 2476 [ FAD6C5610D020534401966CD72A1C306 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
12:57:18.0714 2476 NETwNs64 - ok
12:57:18.0769 2476 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:57:18.0785 2476 nfrd960 - ok
12:57:18.0945 2476 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
12:57:18.0990 2476 NIS - ok
12:57:19.0069 2476 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:57:19.0087 2476 NisDrv - ok
12:57:19.0183 2476 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:57:19.0233 2476 NisSrv - ok
12:57:19.0271 2476 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:57:19.0315 2476 NlaSvc - ok
12:57:19.0352 2476 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:57:19.0386 2476 Npfs - ok
12:57:19.0418 2476 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:57:19.0465 2476 nsi - ok
12:57:19.0481 2476 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:57:19.0527 2476 nsiproxy - ok
12:57:19.0746 2476 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:57:19.0793 2476 Ntfs - ok
12:57:19.0886 2476 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:57:19.0949 2476 Null - ok
12:57:20.0953 2476 [ 9B635F8CC717E51F4780DF61B1BD74C0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:57:21.0296 2476 nvlddmkm - ok
12:57:21.0330 2476 [ 6077B62EADE7B4B692AFB92ACEA3A154 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
12:57:21.0345 2476 nvpciflt - ok
12:57:21.0420 2476 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:57:21.0451 2476 nvraid - ok
12:57:21.0638 2476 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:57:21.0669 2476 nvstor - ok
12:57:21.0763 2476 [ DE6940FB71C4CAE080A7F5D824A68EBE ] nvsvc C:\Windows\system32\nvvsvc.exe
12:57:21.0856 2476 nvsvc - ok
12:57:21.0966 2476 [ 0AEC60D3DB51C327E501FDEFE42EC4C1 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:57:22.0075 2476 nvUpdatusService - ok
12:57:22.0215 2476 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:57:22.0231 2476 nv_agp - ok
12:57:22.0278 2476 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:57:22.0293 2476 ohci1394 - ok
12:57:22.0340 2476 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:57:22.0458 2476 ose - ok
12:57:22.0875 2476 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:57:23.0156 2476 osppsvc - ok
12:57:23.0371 2476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:57:23.0578 2476 p2pimsvc - ok
12:57:23.0671 2476 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:57:23.0718 2476 p2psvc - ok
12:57:23.0796 2476 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:57:23.0843 2476 Parport - ok
12:57:23.0905 2476 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:57:23.0952 2476 partmgr - ok
12:57:24.0092 2476 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:57:24.0155 2476 PcaSvc - ok
12:57:24.0280 2476 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:57:24.0311 2476 pci - ok
12:57:24.0342 2476 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:57:24.0358 2476 pciide - ok
12:57:24.0404 2476 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:57:24.0439 2476 pcmcia - ok
12:57:24.0473 2476 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:57:24.0506 2476 pcw - ok
12:57:24.0572 2476 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:57:24.0623 2476 PEAUTH - ok
12:57:24.0795 2476 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:57:24.0831 2476 PerfHost - ok
12:57:24.0872 2476 [ 2CECB15AC87B7869A40305221FD28F82 ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
12:57:24.0891 2476 PHCORE - ok
12:57:24.0965 2476 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:57:25.0037 2476 pla - ok
12:57:25.0116 2476 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:57:25.0177 2476 PlugPlay - ok
12:57:25.0233 2476 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:57:25.0294 2476 PNRPAutoReg - ok
12:57:25.0326 2476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:57:25.0353 2476 PNRPsvc - ok
12:57:25.0472 2476 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:57:25.0567 2476 PolicyAgent - ok
12:57:25.0602 2476 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
12:57:25.0642 2476 Power - ok
12:57:25.0766 2476 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
12:57:25.0982 2476 Power Manager DBC Service - ok
12:57:26.0011 2476 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:57:26.0054 2476 PptpMiniport - ok
12:57:26.0064 2476 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:57:26.0106 2476 Processor - ok
12:57:26.0132 2476 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:57:26.0204 2476 ProfSvc - ok
12:57:26.0233 2476 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:57:26.0279 2476 ProtectedStorage - ok
12:57:26.0302 2476 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
12:57:26.0326 2476 psadd - ok
12:57:26.0367 2476 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:57:26.0444 2476 Psched - ok
12:57:26.0475 2476 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
12:57:26.0506 2476 PSI_SVC_2 - ok
12:57:26.0678 2476 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
12:57:26.0787 2476 PwmEWSvc - ok
12:57:26.0927 2476 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:57:26.0990 2476 ql2300 - ok
12:57:27.0005 2476 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:57:27.0021 2476 ql40xx - ok
12:57:27.0036 2476 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:57:27.0068 2476 QWAVE - ok
12:57:27.0083 2476 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:57:27.0114 2476 QWAVEdrv - ok
12:57:27.0130 2476 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:57:27.0177 2476 RasAcd - ok
12:57:27.0208 2476 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:57:27.0239 2476 RasAgileVpn - ok
12:57:27.0270 2476 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:57:27.0317 2476 RasAuto - ok
12:57:27.0333 2476 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:57:27.0395 2476 Rasl2tp - ok
12:57:27.0451 2476 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:57:27.0507 2476 RasMan - ok
12:57:27.0555 2476 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:57:27.0636 2476 RasPppoe - ok
12:57:27.0678 2476 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:57:27.0723 2476 RasSstp - ok
12:57:27.0744 2476 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:57:27.0794 2476 rdbss - ok
12:57:27.0809 2476 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:57:27.0828 2476 rdpbus - ok
12:57:27.0852 2476 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:57:27.0883 2476 RDPCDD - ok
12:57:27.0894 2476 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:57:27.0936 2476 RDPENCDD - ok
12:57:27.0963 2476 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:57:27.0993 2476 RDPREFMP - ok
12:57:28.0041 2476 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:57:28.0112 2476 RDPWD - ok
12:57:28.0146 2476 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:57:28.0178 2476 rdyboost - ok
12:57:28.0223 2476 [ 0C2B4C3B10D183BE116A38353E937F62 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:57:28.0260 2476 RegSrvc - ok
12:57:28.0296 2476 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:57:28.0386 2476 RemoteAccess - ok
12:57:28.0417 2476 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:57:28.0496 2476 RemoteRegistry - ok
12:57:28.0517 2476 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:57:28.0555 2476 RFCOMM - ok
12:57:28.0572 2476 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:57:28.0622 2476 RpcEptMapper - ok
12:57:28.0643 2476 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:57:28.0678 2476 RpcLocator - ok
12:57:28.0767 2476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:57:28.0811 2476 RpcSs - ok
12:57:28.0866 2476 [ 7F324DFFCA5318EEF040DBE351D038D8 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
12:57:28.0897 2476 RSP2STOR - ok
12:57:28.0946 2476 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:57:28.0996 2476 rspndr - ok
12:57:29.0051 2476 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:57:29.0075 2476 RTL8167 - ok
12:57:29.0088 2476 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:57:29.0106 2476 SamSs - ok
12:57:29.0133 2476 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:57:29.0152 2476 sbp2port - ok
12:57:29.0171 2476 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:57:29.0214 2476 SCardSvr - ok
12:57:29.0241 2476 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:57:29.0307 2476 scfilter - ok
12:57:29.0345 2476 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:57:29.0435 2476 Schedule - ok
12:57:29.0482 2476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:57:29.0513 2476 SCPolicySvc - ok
12:57:29.0529 2476 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:57:29.0607 2476 SDRSVC - ok
12:57:29.0638 2476 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:57:29.0685 2476 secdrv - ok
12:57:29.0700 2476 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:57:29.0732 2476 seclogon - ok
12:57:29.0747 2476 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:57:29.0810 2476 SENS - ok
12:57:29.0841 2476 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:57:29.0934 2476 SensrSvc - ok
12:57:29.0950 2476 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:57:30.0012 2476 Serenum - ok
12:57:30.0090 2476 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:57:30.0137 2476 Serial - ok
12:57:30.0153 2476 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:57:30.0200 2476 sermouse - ok
12:57:30.0246 2476 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:57:30.0324 2476 SessionEnv - ok
12:57:30.0356 2476 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:57:30.0371 2476 sffdisk - ok
12:57:30.0371 2476 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:57:30.0402 2476 sffp_mmc - ok
12:57:30.0402 2476 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:57:30.0474 2476 sffp_sd - ok
12:57:30.0498 2476 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:57:30.0532 2476 sfloppy - ok
12:57:30.0611 2476 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:57:30.0681 2476 SharedAccess - ok
12:57:30.0731 2476 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:57:30.0792 2476 ShellHWDetection - ok
12:57:30.0842 2476 [ 3FA2CBF653544AB4EC2249B6719A3C8E ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
12:57:30.0903 2476 Shockprf - ok
12:57:30.0943 2476 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:57:30.0969 2476 SiSRaid2 - ok
12:57:30.0974 2476 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:57:31.0001 2476 SiSRaid4 - ok
12:57:31.0033 2476 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:57:31.0086 2476 Smb - ok
12:57:31.0122 2476 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:57:31.0173 2476 SNMPTRAP - ok
12:57:31.0198 2476 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:57:31.0231 2476 spldr - ok
12:57:31.0316 2476 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:57:31.0388 2476 Spooler - ok
12:57:31.0553 2476 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:57:31.0741 2476 sppsvc - ok
12:57:31.0789 2476 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:57:31.0848 2476 sppuinotify - ok
12:57:31.0946 2476 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
12:57:31.0987 2476 SRTSP - ok
12:57:32.0005 2476 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
12:57:32.0022 2476 SRTSPX - ok
12:57:32.0044 2476 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:57:32.0100 2476 srv - ok
12:57:32.0107 2476 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:57:32.0143 2476 srv2 - ok
12:57:32.0156 2476 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:57:32.0179 2476 srvnet - ok
12:57:32.0219 2476 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:57:32.0275 2476 SSDPSRV - ok
12:57:32.0287 2476 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:57:32.0325 2476 SstpSvc - ok
12:57:32.0332 2476 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:57:32.0349 2476 stexstor - ok
12:57:32.0378 2476 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:57:32.0420 2476 stisvc - ok
12:57:32.0535 2476 [ 289F4813EC8E844A18B5AAF64CDA428D ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
12:57:32.0586 2476 SUService - ok
12:57:32.0648 2476 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:57:32.0673 2476 swenum - ok
12:57:32.0735 2476 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:57:32.0797 2476 swprv - ok
12:57:32.0846 2476 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
12:57:32.0912 2476 SymDS - ok
12:57:32.0964 2476 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
12:57:33.0009 2476 SymEFA - ok
12:57:33.0040 2476 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:57:33.0093 2476 SymEvent - ok
12:57:33.0134 2476 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
12:57:33.0158 2476 SymIRON - ok
12:57:33.0198 2476 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
12:57:33.0229 2476 SymNetS - ok
12:57:33.0288 2476 [ 2765A6B5DFF317D15C2E03E5C25122ED ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:57:33.0325 2476 SynTP - ok
12:57:33.0391 2476 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:57:33.0469 2476 SysMain - ok
12:57:33.0477 2476 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:57:33.0508 2476 TabletInputService - ok
12:57:33.0539 2476 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:57:33.0570 2476 TapiSrv - ok
12:57:33.0586 2476 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:57:33.0633 2476 TBS - ok
12:57:33.0680 2476 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:57:33.0742 2476 Tcpip - ok
12:57:33.0773 2476 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:57:33.0820 2476 TCPIP6 - ok
12:57:33.0836 2476 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:57:33.0851 2476 tcpipreg - ok
12:57:33.0882 2476 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:57:33.0929 2476 TDPIPE - ok
12:57:33.0945 2476 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:57:33.0992 2476 TDTCP - ok
12:57:34.0007 2476 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:57:34.0054 2476 tdx - ok
12:57:34.0070 2476 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:57:34.0085 2476 TermDD - ok
12:57:34.0116 2476 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:57:34.0163 2476 TermService - ok
12:57:34.0194 2476 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:57:34.0210 2476 Themes - ok
12:57:34.0226 2476 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:57:34.0272 2476 THREADORDER - ok
12:57:34.0288 2476 [ BC148E3415BF8A9DE83364966F75044F ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
12:57:34.0304 2476 TPDIGIMN - ok
12:57:34.0319 2476 [ BBD91008BEC4A2BA5D383BC9A15D6F9E ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
12:57:34.0366 2476 TPHDEXLGSVC - ok
12:57:34.0413 2476 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
12:57:34.0480 2476 TPHKLOAD - ok
12:57:34.0504 2476 [ 046A7B412E4E6C4A7B426441E143F0F2 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
12:57:34.0540 2476 TPHKSVC - ok
12:57:34.0579 2476 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
12:57:34.0621 2476 TPM - ok
12:57:34.0640 2476 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
12:57:34.0663 2476 TPPWRIF - ok
12:57:34.0699 2476 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:57:34.0762 2476 TrkWks - ok
12:57:34.0802 2476 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:57:34.0844 2476 TrustedInstaller - ok
12:57:34.0856 2476 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:57:34.0897 2476 tssecsrv - ok
12:57:34.0935 2476 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:57:34.0981 2476 TsUsbFlt - ok
12:57:34.0999 2476 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:57:35.0022 2476 TsUsbGD - ok
12:57:35.0052 2476 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:57:35.0098 2476 tunnel - ok
12:57:35.0132 2476 [ D4915DB03B19F9FD50EC084CC0ED15FC ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
12:57:35.0161 2476 TVTI2C - ok
12:57:35.0196 2476 [ 760B34088C2AD8D634CC3784EF3A2CA2 ] tvtvcamd C:\Windows\system32\DRIVERS\tvtvcamd.sys
12:57:35.0227 2476 tvtvcamd - ok
12:57:35.0239 2476 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:57:35.0288 2476 uagp35 - ok
12:57:35.0308 2476 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:57:35.0380 2476 udfs - ok
12:57:35.0408 2476 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:57:35.0462 2476 UI0Detect - ok
12:57:35.0525 2476 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:57:35.0790 2476 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
12:57:35.0790 2476 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
12:57:35.0806 2476 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:57:35.0821 2476 uliagpkx - ok
12:57:35.0852 2476 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:57:35.0868 2476 umbus - ok
12:57:35.0868 2476 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:57:35.0899 2476 UmPass - ok
12:57:35.0977 2476 [ 30FF46EABCA1BB18E4F357492A8F7FC9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:57:36.0102 2476 UNS - ok
12:57:36.0118 2476 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:57:36.0180 2476 upnphost - ok
12:57:36.0211 2476 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:57:36.0258 2476 usbccgp - ok
12:57:36.0305 2476 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:57:36.0352 2476 usbcir - ok
12:57:36.0367 2476 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:57:36.0398 2476 usbehci - ok
12:57:36.0445 2476 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:57:36.0523 2476 usbhub - ok
12:57:36.0523 2476 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:57:36.0601 2476 usbohci - ok
12:57:36.0648 2476 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:57:36.0695 2476 usbprint - ok
12:57:36.0742 2476 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:57:36.0788 2476 usbscan - ok
12:57:36.0820 2476 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:57:36.0835 2476 USBSTOR - ok
12:57:36.0866 2476 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:57:36.0913 2476 usbuhci - ok
12:57:36.0929 2476 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:57:36.0976 2476 usbvideo - ok
12:57:37.0022 2476 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:57:37.0116 2476 UxSms - ok
12:57:37.0132 2476 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:57:37.0147 2476 VaultSvc - ok
12:57:37.0178 2476 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:57:37.0194 2476 vdrvroot - ok
12:57:37.0210 2476 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:57:37.0256 2476 vds - ok
12:57:37.0288 2476 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:57:37.0303 2476 vga - ok
12:57:37.0303 2476 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:57:37.0350 2476 VgaSave - ok
12:57:37.0366 2476 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:57:37.0381 2476 vhdmp - ok
12:57:37.0381 2476 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:57:37.0397 2476 viaide - ok
12:57:37.0444 2476 [ A9BDE7317E68D497DEFAD1C84FBCFD24 ] VIPAppService C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
12:57:37.0498 2476 VIPAppService - ok
12:57:37.0514 2476 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:57:37.0531 2476 volmgr - ok
12:57:37.0550 2476 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:57:37.0573 2476 volmgrx - ok
12:57:37.0579 2476 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:57:37.0601 2476 volsnap - ok
12:57:37.0625 2476 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:57:37.0644 2476 vsmraid - ok
12:57:37.0821 2476 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:57:37.0964 2476 VSS - ok
12:57:37.0984 2476 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:57:38.0038 2476 vwifibus - ok
12:57:38.0066 2476 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:57:38.0098 2476 vwififlt - ok
12:57:38.0118 2476 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:57:38.0148 2476 vwifimp - ok
12:57:38.0216 2476 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:57:38.0275 2476 W32Time - ok
12:57:38.0337 2476 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:57:38.0378 2476 WacomPen - ok
12:57:38.0406 2476 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:57:38.0442 2476 WANARP - ok
12:57:38.0445 2476 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:57:38.0477 2476 Wanarpv6 - ok
12:57:38.0524 2476 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:57:38.0758 2476 WatAdminSvc - ok
12:57:38.0805 2476 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:57:38.0899 2476 wbengine - ok
12:57:38.0914 2476 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:57:38.0945 2476 WbioSrvc - ok
12:57:38.0961 2476 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:57:38.0992 2476 wcncsvc - ok
12:57:39.0023 2476 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:57:39.0117 2476 WcsPlugInService - ok
12:57:39.0133 2476 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:57:39.0148 2476 Wd - ok
12:57:39.0179 2476 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:57:39.0211 2476 Wdf01000 - ok
12:57:39.0226 2476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:57:39.0351 2476 WdiServiceHost - ok
12:57:39.0351 2476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:57:39.0382 2476 WdiSystemHost - ok
12:57:39.0413 2476 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:57:39.0487 2476 WebClient - ok
12:57:39.0508 2476 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:57:39.0559 2476 Wecsvc - ok
12:57:39.0577 2476 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:57:39.0615 2476 wercplsupport - ok
12:57:39.0644 2476 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:57:39.0683 2476 WerSvc - ok
12:57:39.0723 2476 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:57:39.0782 2476 WfpLwf - ok
12:57:39.0803 2476 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:57:39.0818 2476 WIMMount - ok
12:57:39.0850 2476 WinDefend - ok
12:57:39.0853 2476 WinHttpAutoProxySvc - ok
12:57:39.0907 2476 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:57:39.0959 2476 Winmgmt - ok
12:57:40.0089 2476 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:57:40.0176 2476 WinRM - ok
12:57:40.0236 2476 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
12:57:40.0268 2476 WinUsb - ok
12:57:40.0297 2476 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:57:40.0358 2476 Wlansvc - ok
12:57:40.0409 2476 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:57:40.0445 2476 wlcrasvc - ok
12:57:40.0666 2476 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:57:40.0790 2476 wlidsvc - ok
12:57:40.0822 2476 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:57:40.0868 2476 WmiAcpi - ok
12:57:40.0931 2476 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:57:40.0993 2476 wmiApSrv - ok
12:57:41.0040 2476 WMPNetworkSvc - ok
12:57:41.0087 2476 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:57:41.0196 2476 WPCSvc - ok
12:57:41.0212 2476 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:57:41.0243 2476 WPDBusEnum - ok
12:57:41.0258 2476 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:57:41.0290 2476 ws2ifsl - ok
12:57:41.0321 2476 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:57:41.0352 2476 wscsvc - ok
12:57:41.0352 2476 WSearch - ok
12:57:41.0430 2476 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:57:41.0543 2476 wuauserv - ok
12:57:41.0566 2476 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:57:41.0625 2476 WudfPf - ok
12:57:41.0656 2476 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:41.0699 2476 WUDFRd - ok
12:57:41.0727 2476 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:57:41.0789 2476 wudfsvc - ok
12:57:41.0822 2476 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:57:41.0877 2476 WwanSvc - ok
12:57:42.0079 2476 [ D2FE4103450E52CB248D842501F84B90 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
12:57:42.0163 2476 ZeroConfigService - ok
12:57:42.0188 2476 ================ Scan global ===============================
12:57:42.0205 2476 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:57:42.0242 2476 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:57:42.0253 2476 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:57:42.0269 2476 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:57:42.0295 2476 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:57:42.0302 2476 [Global] - ok
12:57:42.0302 2476 ================ Scan MBR ==================================
12:57:42.0315 2476 [ 98444C06AC71883C0421884742A38752 ] \Device\Harddisk0\DR0
12:57:43.0602 2476 \Device\Harddisk0\DR0 - ok
12:57:43.0608 2476 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
12:57:43.0682 2476 \Device\Harddisk1\DR1 - ok
12:57:43.0688 2476 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4
12:57:43.0778 2476 \Device\Harddisk2\DR4 - ok
12:57:43.0839 2476 [ 8D3131581627E5B7851CCDEF4CDDF062 ] \Device\Harddisk3\DR5
12:57:50.0451 2476 \Device\Harddisk3\DR5 - ok
12:57:50.0451 2476 ================ Scan VBR ==================================
12:57:50.0483 2476 [ 94C0BE14F4C2A88F32A1B552597A702D ] \Device\Harddisk0\DR0\Partition1
12:57:50.0483 2476 \Device\Harddisk0\DR0\Partition1 - ok
12:57:50.0498 2476 [ 2DA222FD4C190EE42D0EC6955ED44B76 ] \Device\Harddisk0\DR0\Partition2
12:57:50.0498 2476 \Device\Harddisk0\DR0\Partition2 - ok
12:57:50.0529 2476 [ 1CF38BB1A24125CA0FCF33817BACB0F7 ] \Device\Harddisk0\DR0\Partition3
12:57:50.0545 2476 \Device\Harddisk0\DR0\Partition3 - ok
12:57:50.0545 2476 [ 0EFE582A448E4683A6BC86F21BC3DE74 ] \Device\Harddisk2\DR4\Partition1
12:57:50.0545 2476 \Device\Harddisk2\DR4\Partition1 - ok
12:57:50.0545 2476 ============================================================
12:57:50.0545 2476 Scan finished
12:57:50.0545 2476 ============================================================
12:57:50.0561 3028 Detected object count: 1
12:57:50.0561 3028 Actual detected object count: 1
12:58:10.0739 3028 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:10.0739 3028 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 07.01.2013, 15:38   #8
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.01.2013, 21:38   #9
mithrandir31
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hier das Logfile:

ComboFix 13-01-06.01 - Forrest 07.01.2013 20:56:10.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3690.1465 [GMT 1:00]
ausgeführt von:: C:\Users\Forrest\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\Roaming
C:\Users\Forrest\4.0
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\042f66a0\00beb143_af32cd01\Groupon.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\05f19f73\00809d4f_af32cd01\Skype.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\096cf9e9\00cf9436_af32cd01\DefaultTheme.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\129d664f\00beb143_af32cd01\Kayak.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\1fe80e8f\00263b4d_af32cd01\MessageCenterPlus.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\25c2ee83\003ada2b_af32cd01\WirelessApi.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\2c02c8a5\0056283a_af32cd01\EvernoteLauncher.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\37480ae9\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\410f27e1\00e169d7_ea00cd01\SugarSync.SimpleTapAddons.FileManager.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\4cc8602a\00809d4f_af32cd01\Wikipedia.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\6cd84186\00ccd84a_af32cd01\LenovoTV.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\803323a9\00671b6a_cde0cc01\NewsTile.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\8712ad3f\0029f738_af32cd01\Chrome.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\8a53ca3b\00e07729_af32cd01\DisplayBrightnessApi.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\8eab25f7\0056283a_af32cd01\InternetExplorer.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\97b7f1ae\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\9e034a81\00b34628_af32cd01\CoreAudioApi.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\a6f05eb8\00bc6f59_da08cd01\Flickr.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\a7bb6c4e\00536c4e_af32cd01\MSOffice.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\a7dc7db5\00b08a3c_af32cd01\SimpleTapAppStoreAddon.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\ad15a5ea\00ebe244_af32cd01\LenovoMusic.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\b4736027\0083593b_af32cd01\AccuWeatherTile.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\b7f47784\00480133_af32cd01\ScreenRotate.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\bc35f49e\007fe0f8_d908cd01\KeyboardLightApi.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\e1e2923e\00753234_af32cd01\Biztree.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\e610f86c\0083593b_af32cd01\PriceGrabber.dll
C:\Users\Forrest\AppData\Local\Temp\SimpleTap\assembly\dl3\f6caaded\00727648_af32cd01\LenovoSolutionCenter.dll
Q:\Autorun.inf


((((((((((((((((((((((( Dateien erstellt von 2012-12-07 bis 2013-01-07 ))))))))))))))))))))))))))))))


2013-01-07 20:32:01 . 2013-01-07 20:32:01 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87D459D3-3BAD-4372-9BC3-D1C905CE11EA}\offreg.dll
2013-01-07 20:28:27 . 2012-11-08 17:24:30 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87D459D3-3BAD-4372-9BC3-D1C905CE11EA}\mpengine.dll
2013-01-07 20:27:11 . 2013-01-07 20:27:11 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-01-07 20:27:11 . 2013-01-07 20:27:11 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-01-06 18:24:15 . 2012-11-08 17:24:30 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-03 15:35:18 . 2013-01-03 15:35:49 -------- d-----w- C:\Program Files (x86)\Chemie_Aber_Sicher
2012-12-31 12:09:45 . 2012-12-31 12:10:27 -------- d-----w- C:\Users\Forrest\.tfo4
2012-12-29 22:20:56 . 2012-12-29 22:20:57 -------- d-----w- C:\Windows\SysWow64\Wat
2012-12-29 22:20:56 . 2012-12-29 22:20:56 -------- d-----w- C:\Windows\system32\Wat
2012-12-28 18:15:39 . 2012-12-28 18:35:32 -------- d-----w- C:\_OTL
2012-12-23 11:59:48 . 2012-12-23 11:59:48 -------- d-----w- C:\Users\Forrest\AppData\Local\Macromedia
2012-12-22 21:40:20 . 2012-12-22 21:40:20 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 21:40:20 . 2012-12-22 21:40:20 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-22 21:40:17 . 2012-12-22 21:40:17 -------- d-----w- C:\Windows\system32\Macromed
2012-12-21 17:21:43 . 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\system32\atmlib.dll
2012-12-21 17:21:43 . 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\system32\atmfd.dll
2012-12-21 17:21:43 . 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 17:21:42 . 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 14:30:49 . 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\system32\tzres.dll
.


(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-12-13 16:37:07 . 2012-11-21 16:03:51 67413224 ----a-w- C:\Windows\system32\MRT.exe
2012-11-28 18:42:29 . 2012-11-28 18:43:18 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67EECF66-4B91-4426-99E2-D78F04B5F30E}\gapaengine.dll
2012-11-21 16:24:42 . 2012-11-21 16:24:42 53248 ----a-r- C:\Users\Forrest\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe
2012-11-21 16:24:38 . 2012-11-21 16:24:38 53248 ----a-r- C:\Users\Forrest\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe
2012-11-14 21:58:38 . 2012-11-14 21:59:07 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-17 00:31:24 . 2012-11-10 12:15:38 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76CBF6AC-C07B-4808-9A6A-5174479299A4}\mpengine.dll
2012-10-16 08:38:37 . 2012-11-28 18:35:56 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 . 2012-11-28 18:35:56 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 . 2012-11-28 18:35:56 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll


(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-16 23:46:28 1521352]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-16 23:46:28 1521352 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-16 23:46:28 1521352]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 129272 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 129272 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 129272 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-06 09:51:50 39408]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 19:03:48 719672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 22:49:08 133400]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 19:59:50 291608]
"RotateImage"="C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 13:24:26 55808]
"PWMTRV"="C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 05:32:00 5941344]
"Fastboot"="C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 06:29:21 1091376]
"Lenovo Registration"="C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 15:24:30 4351712]
"IntelSBA"="C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 11:03:46 55520]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 12:54:26 91520]
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2012-10-16 23:46:34 1573576]

C:\Users\Forrest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Forrest\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 22:27:14 138576]
R2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 12:28:32 145472]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;C:\Windows\system32\DRIVERS\amppal.sys [2012-01-09 10:32:40 195584]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-21 17:55:22 1304912]
R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys [2011-03-30 00:57:24 87552]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys [2011-03-30 00:57:24 14592]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys [2011-11-30 09:19:46 94720]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys [2011-11-30 09:19:48 747008]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2012-02-14 10:38:56 60928]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys [2011-12-20 15:38:36 34200]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 17:33:04 237008]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 03:07:42 273168]
R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 05:32:00 1662560]
R3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 05:32:00 1665120]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-29 22:20:54 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]
S0 Fastboot;Fastboot;C:\Windows\System32\DRIVERS\Fastboot.sys [2012-01-17 06:55:19 70416]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 19:58:50 16152]
S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-12-24 15:19:00 28992]
S0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-12-28 20:48:24 25416]
S1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-30 18:40:02 33344]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 10:39:44 659968]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-21 17:55:18 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-21 17:55:24 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 14:12:28 135952]
S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 18:11:05 8447848]
S2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 06:29:24 169776]
S2 FPLService;TrueSuiteService;C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2012-08-09 02:27:56 328552]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-02 20:29:52 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 22:49:08 128280]
S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 11:01:00 49376]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 22:49:04 163608]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-10 16:42:36 58192]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 07:53:26 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-10 16:42:50 61264]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-10 16:43:00 175440]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 07:54:00 133992]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 10:26:32 103472]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 02:24:19 138272]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 21:03:48 128456]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 07:53:42 145256]
S2 TPHKSVC;Anzeige am Bildschirm;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 10:20:42 144960]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 22:49:18 363800]
S2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 03:41:54 84080]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 03:07:52 2669840]
S3 5U877;5U877;C:\Windows\system32\DRIVERS\5U877.sys [2012-03-28 12:16:48 216704]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 10:32:40 195584]
S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-08-31 22:09:13 1385120]
S3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 04:43:38 167072]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-15 11:09:45 138912]
S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120928.001\IDSvia64.sys [2012-08-31 22:32:30 513184]
S3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 11:23:10 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 19:58:50 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 19:58:50 786200]
S3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys [2011-12-20 15:38:36 25496]
S3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 20:21:48 368896]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 02:27:52 259688]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 12:57:24 565352]
S3 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-25 18:18:36 451192]
S3 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 01:37:12 1129120]
S3 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 01:42:14 190072]
S3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 02:13:32 405624]
S3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 10:48:04 40248]
S3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\system32\DRIVERS\tvtvcamd.sys [2011-12-07 16:59:52 27432]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - WS2IFSL

Inhalt des "geplante Tasks" Ordners

2013-01-07 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 09:51:29 . 2012-07-06 09:51:28]

2013-01-07 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 09:51:29 . 2012-07-06 09:51:28]

2013-01-07 C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41:18 . 2011-11-25 11:41:18]

2012-11-17 C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41:18 . 2011-11-25 11:41:18]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 162552 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 162552 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 162552 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 162552 ----a-w- C:\Users\Forrest\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-29 06:38:56 463952 ----a-w- C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-29 06:38:56 463952 ----a-w- C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-29 06:38:56 463952 ----a-w- C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-29 06:38:56 463952 ----a-w- C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-02-09 07:10:16 398616]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-02-09 07:10:22 440600]
"BLEServicesCtrl"="C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 13:23:52 177936]
"BTMTrayAgent"="C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 17:54:38 11406608]
"TpShocks"="TpShocks.exe" [2012-09-20 18:44:42 228744]
"LENOVO.TPKNRRES"="C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-10 16:42:54 283984]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-09-12 20:16:10 1289704]
"AcWin7Hlpr"="C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 07:10:52 63376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=C:\Windows\System32\nvinitx.dll

------- Zusätzlicher Suchlauf -------

uStart Page = hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9BF20AEC-2AC9-42DB-9016-F9982AB1877E}: NameServer = 213.191.74.12 62.109.123.254
FF - ProfilePath - C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=KW_ss&mntrId=de8ad114000000000000000000000000&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-23 23:28; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF - ExtSQL: 2012-11-23 23:34; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2012-11-24 10:56; toolbar@ask.com; C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\toolbar@ask.com
FF - ExtSQL: 2012-12-22 22:36; ich@maltegoetz.de; C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\extensions\ich@maltegoetz.de
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=de&utid=de8ad114000000000000b888e3337514
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=de&utid=de8ad114000000000000b888e3337514&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan=de&utid=de8ad114000000000000b888e3337514
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN114597794683869-1001&toolbarId=base&affiliateId=1001 tlbrid=ZoneAlarmSecurity&Lan={dfltLng}&utid=de8ad114000000000000b888e3337514&q=
FF - user.js: extensions.zonealarm.id - de8ad114000000000000b888e3337514
FF - user.js: extensions.zonealarm.instlDay - 15589
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.420:37:10
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001 tlbrid=ZoneAlarmSecurity
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN114597794683869-1001
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=de8ad114000000000000000000000000&q=
FF - user.js: extensions.BabylonToolbar.id - de8ad114000000000000000000000000
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15675
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.817:45:38
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

Wie gehts weiter?

Alt 08.01.2013, 18:14   #10
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



combofix log ist nicht vollständig, hänge das mal als txt an.
danach:
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.01.2013, 23:16   #11
mithrandir31
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hi,
das ist das einzige logfile das ich von combofix habe. Meinst Du mit "häng das mal als txt an", dass ich es auf den Uploadchannel laden soll? Falls ja, ist hiermit gemacht.
Hier nun noch das logfile von Malwarebytes:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.08.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Forrest :: FORREST-THINK [Administrator]

Schutz: Aktiviert

08.01.2013 23:07:44
mbam-log-2013-01-08 (23-07-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372466
Laufzeit: 51 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ist combofix nicht vollständig gelaufen? Ist der Laptop sauber? Oder wie gehts weiter?
Aber erstmal nochmal vielen Dank für Deine Hilfe...

Alt 08.01.2013, 23:18   #12
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



Hi
passt.
wir sind schon fast durch
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 15:23   #13
mithrandir31
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



die meisten Programme sind mir leider unbekannt bzw. ich weiß, dass sie auf meinem Laptop sind, weiß aber nicht, was deren Zweck ist bzw. falls doch, ob die Programme sinnvoll/notwendig sind. Bei den Anti-Viren-Programmen etc weiß ich nicht, welche gut sind. Hast du da bestimmte Favoriten/Tipps?

Absolute Reminder Absolute Software 06.07.2012 988KB 2.0.0.19 unbekannt
Adobe AIR Adobe Systems Incorporated 10.11.2012 3.5.0.600 unbekannt
Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 06.07.2012 1,85MB 10.0.32.18 unbekannt
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 22.12.2012 6,00MB 11.5.502.135 unbekannt
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 07.09.2012 121MB 10.1.4 benötigt
Anzeige am Bildschirm 21.11.2012 7.01.00 unbekannt
Ask Toolbar Ask.com 24.11.2012 5,01MB 1.15.9.0 unnötig
Ask Toolbar Updater Ask.com 24.11.2012 1.2.3.29495 unnötig
Babylon toolbar BabylonToolbar 01.12.2012 unnötig
CCleaner Piriform 19.12.2012 3.26 unbekannt
Chemie_Aber_Sicher Version 1.0 Marco Korn 03.01.2013 403MB 1.0 notwendig
Conexant HD Audio Conexant 27.11.2012 8.54.32.50 unbekannt
Corel Burn.Now Lenovo Edition Corel Corporation 06.07.2012 82,3MB 4.5.0 unbekannt
Corel DVD MovieFactory Lenovo Edition Corel Corporation 06.07.2012 318MB 7.0.0 unbekannt
Corel WinDVD Corel Inc. 06.07.2012 302MB 10.0.6.334 unbekannt
Create Recovery Media Lenovo Group Limited 06.07.2012 8,08MB 1.20.0.00 unbekannt
DisplayLink Core Software DisplayLink Corp. 06.07.2012 20,3MB 6.1.35392.0 unbekannt
Dropbox Dropbox, Inc. 31.12.2012 1.6.11 notwendig
Elemente Chemie Arbeitsblätter 1 Ernst Klett Verlag GmbH 06.09.2012 240MB notwendig
Elemente Chemie Arbeitsblätter 2 deinstallieren Ernst Klett Verlag GmbH 06.09.2012 295MB notwendig
Energie-Manager 21.11.2012 6.32 unbekannt
Evernote v. 4.2.3 Evernote Corp. 06.07.2012 139MB 4.2.3.15 unbekannt
Fingerprint Reader AuthenTec, Inc. 21.11.2012 120MB 5.4.100.233 unnötig
Google Chrome Google Inc. 06.07.2012 23.0.1271.97 notwendig
Google Toolbar for Internet Explorer Google Inc. 10.11.2012 7.4.3230.2052 unnötig
Integrated Camera Driver Installer Package Ver.1.2.1.18 RICOH 21.11.2012 1.2.1.18 unbekannt
Intel(R) Control Center Intel Corporation 06.07.2012 1.2.1.1007 unbekannt
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 06.07.2012 54,8MB 1.0.0.35342 unbekannt
Intel(R) Management Engine Components Intel Corporation 06.07.2012 8.0.4.1441 unbekannt
Intel(R) OpenCL CPU Runtime Intel Corporation 06.07.2012 unbekannt
Intel(R) Processor Graphics Intel Corporation 06.07.2012 8.15.10.2639 unbekannt
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed Intel Corporation 06.07.2012 5,30MB 15.1.0.0096 unbekannt
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel Corporation 06.07.2012 95,2MB 2.1.0.0140 unbekannt
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 06.07.2012 1.0.1.209 unbekannt
Intel(R) WiDi Intel Corporation 06.07.2012 141MB 3.0.12.0 unbekannt
Intel® PROSet/Wireless WiFi-Software Intel Corporation 06.07.2012 181MB 15.01.0000.0830 unbekannt
Intel® Trusted Connect Service Client Intel Corporation 06.07.2012 10,6MB 1.23.605.1 unbekannt
Java 7 Update 9 Oracle 07.09.2012 128MB 7.0.90 unbekannt
Klett Service-CD Lambacher Schweizer 06.09.2012 notwendig
Lenovo Auto Scroll Utility 06.07.2012 1.11 unbekannt
Lenovo Graphics Software Lenovo 06.07.2012 4,00KB 6.1.35401.0 unbekannt
Lenovo Patch Utility Lenovo Group Limited 21.11.2012 1,33MB 1.3.0.9 unbekannt
Lenovo Patch Utility 64 bit Lenovo Group Limited 21.11.2012 1,64MB 1.3.0.9 unbekannt
Lenovo Power Management Driver 21.11.2012 1.65.05.21 unbekannt
Lenovo Registration Lenovo Inc. 06.07.2012 4,13MB 1.0.4 unbekannt
Lenovo SimpleTap Lenovo Group Limited 06.09.2012 30,7MB 3.2.0004.00 unbekannt
Lenovo Solution Center Lenovo Group Limited 15.12.2012 25,5MB 2.0.013.00 unbekannt
Lenovo Solutions for Small Business Intel(R) Corporation 06.07.2012 33,2MB unbekannt
Lenovo Solutions for Small Business Customizations Lenovo Group Limited 06.07.2012 5,14MB 1.0.0006.00 unbekannt
Lenovo System Update Lenovo 25.11.2012 12,7MB 5.00.0019 unbekannt
Lenovo User Guide Lenovo Group Limited 06.07.2012 606KB 1.0.0009.00 unbekannt
Lenovo Warranty Information Lenovo 06.07.2012 861KB 1.0.0005.00 unnötig
Lenovo Welcome Lenovo Group Limited 06.07.2012 9,21MB 3.1.0012.00 unbekannt
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 08.01.2013 18,4MB 1.70.0.1100 unbekannt
McAfee Security Scan Plus McAfee, Inc. 21.09.2012 10,2MB 3.0.207.4 unnötig
McAfee SiteAdvisor McAfee, Inc. 29.09.2012 3.5.229 unnötig
Message Center Plus Lenovo Group Limited 06.07.2012 3,81MB 3.0.0012.00 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.12.2011 38,8MB 4.0.30319 unbekannt
Microsoft Office 2010 Microsoft Corporation 06.07.2012 6,40MB 14.0.4763.1000 notwendig
Microsoft Office Professional Plus 2010 Microsoft Corporation 06.09.2012 14.0.6029.1000 notwendig
Microsoft Security Essentials Microsoft Corporation 10.11.2012 4.1.522.0 notwendig
Microsoft Silverlight Microsoft Corporation 06.09.2012 40,3MB 4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 06.07.2012 1,69MB 3.1.0000 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.09.2012 298KB 8.0.61001 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 06.07.2012 708KB 8.0.61000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 06.07.2012 252KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 06.07.2012 784KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 06.09.2012 786KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.07.2012 596KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.07.2012 592KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06.09.2012 598KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 06.07.2012 13,8MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.07.2012 11,1MB 10.0.40219 unbekannt
MixPad NCH Software 01.12.2012 unbekannt
Mozilla Firefox 15.0 (x86 en-US) Mozilla 06.09.2012 39,0MB 15.0 unnötig
Mozilla Firefox 17.0.1 (x86 en-US) Mozilla 24.12.2012 56,3MB 17.0.1 unnötig
Mozilla Maintenance Service Mozilla 24.12.2012 329KB 17.0.1 unnötig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 06.09.2012 1,27MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 06.09.2012 1,33MB 4.20.9876.0 unbekannt
Norton Internet Security Symantec Corporation 06.09.2012 19.9.0.9 unbekannt
NVIDIA Grafiktreiber 290.56 NVIDIA Corporation 06.07.2012 290.56 notwendig
NVIDIA PhysX-Systemsoftware 9.11.1111 NVIDIA Corporation 06.07.2012 9.11.1111 unbekannt
NVIDIA Update 1.6.24 NVIDIA Corporation 06.07.2012 1.6.24 unbekannt
PhotoStage Slideshow Producer NCH Software 01.12.2012 unbekannt
Prism Video File Converter NCH Software 01.12.2012 unbekannt
RapidBoot Lenovo 06.07.2012 23,3MB 1.20 unbekannt
RapidBoot HDD Accelerator Lenovo 06.07.2012 1.00.0802 unbekannt
Realtek Ethernet Controller Driver Realtek 06.07.2012 7.48.823.2011 unbekannt
Realtek PCIE Card Reader Realtek Semiconductor Corp. 06.07.2012 6.1.7601.29005 unbekannt
Rund um ... Chemie heute SI (Teil 1) Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH 06.09.2012 211MB 1.00.0000 notwendig
SugarSync Manager SugarSync, Inc. 06.07.2012 1.9.51.86909 unbekannt
ThinkPad UltraNav Driver 06.07.2012 46,4MB 16.0.5.2 unbekannt
ThinkVantage Access Connections Lenovo 21.11.2012 81,9MB 5.97 unbekannt
ThinkVantage Communications Utility Lenovo 21.11.2012 20,3MB 3.0.34.0 unbekannt
ThinkVantage System für aktiven Festplattenschutz Lenovo 24.11.2012 16,4MB 1.77.0.9 unbekannt
VideoPad Video Editor NCH Software 01.12.2012 notwendig
VIP Access VeriSign 06.07.2012 35,8MB 2.0.5.11 unbekannt
VLC media player 2.0.3 VideoLAN 07.09.2012 2.0.3 notwendig
WavePad Sound Editor NCH Software 01.12.2012 unbekannt
Windows Live Essentials Microsoft Corporation 06.07.2012 15.4.3508.1109 unbekannt
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 06.07.2012 5,57MB 15.4.5722.2 unbekannt
Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) Intel 06.07.2012 11/29/2011 11.0.0.1032 unbekannt
Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) Lenovo 06.07.2012 02/29/2012 1.65.05.20 unbekannt
Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2) Synaptics 06.07.2012 04/02/2012 16.0.5.2 unbekannt

Alt 09.01.2013, 15:26   #14
markusg
/// Malware-holic
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



deinstaliere:
Absolute Reminder
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Ask : alle
Babylon
Corel : alle
Fingerprint
Google Toolbar
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
Deinstaliere:
McAfee : alle
Norton
PhotoStage
Prism
SugarSync
WavePad
Windows Live : alle für dich unnötigen

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 16:44   #15
mithrandir31
 
GVU-Trojaner eingefangen - Standard

GVU-Trojaner eingefangen



# AdwCleaner v2.105 - Datei am 09/01/2013 um 17:43:24 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Forrest - FORREST-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Forrest\Desktop\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\searchplugins\zonealarm.xml
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Forrest\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKU\S-1-5-21-2873345013-2306711166-1285330114-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000

-\\ Mozilla Firefox v15.0 (en-US)

Datei : C:\Users\Forrest\AppData\Roaming\Mozilla\Firefox\Profiles\6pwtvhsn.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_s[...]
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "de8ad114000000000000000000000000");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15675");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109958&tt=4812_[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.817:45:38");

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Forrest\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.8] : homepage = "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000",
Gefunden [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000" ]
Gefunden [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gefunden [l.47] : keyword = "babylon.com",
Gefunden [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4812_5&babsrc=SP_ss&mntrId=de8ad114000000000000000000000000",
Gefunden [l.1513] : homepage = "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000",
Gefunden [l.1799] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=109958&tt=4812_5&babsrc=HP_ss&mntrId=de8ad114000000000000000000000000" ]

*************************

AdwCleaner[R1].txt - [5549 octets] - [09/01/2013 17:43:24]

########## EOF - C:\AdwCleaner[R1].txt - [5609 octets] ##########

Antwort

Themen zu GVU-Trojaner eingefangen
autorun, babylontoolbar, bho, browser, error, festplatte, firefox, flash player, format, home, install.exe, internet, lenovo, logfile, mozilla, nvidia update, nvpciflt.sys, object, pwmtr64v.dll, realtek, registry, rundll, scan, search the web, security, senden, siteadvisor, software, svchost.exe, symantec, usb, windows



Ähnliche Themen: GVU-Trojaner eingefangen


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)

Zum Thema GVU-Trojaner eingefangen - Hallo liebe Helfer, ich habe mir heute auf meinem Lenovo ThinkPad Edge E530 den GVU-Trojaner eingefangen, in dem man aufgefordert wird 100€ zu zahlen, um den Laptop wieder zu entsperren - GVU-Trojaner eingefangen...
Archiv
Du betrachtest: GVU-Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.