Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: System Progressive Protection...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.01.2013, 21:06   #1
sensa
 
System Progressive Protection... - Standard

System Progressive Protection...



Hallo zusammen

Heute hat sich bei mir der System Progressive Protection installiert. Ich habe, wie in einem Beitrag geschrieben, den rkill gestartet und mit Malwarebytes das System durchsucht.
Hier der Log vom Quick-Scan
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
***:: *** [Administrator]

Schutz: Aktiviert

10.01.2013 21:33:02
mbam-log-2013-01-10 (21-33-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230316
Laufzeit: 16 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe (PUP.Fbsearch) -> 3976 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|6472A497FCFAC9BE00006472402ACED0 (Trojan.LameShield.GI) -> Daten: C:\ProgramData\6472A497FCFAC9BE00006472402ACED0\6472A497FCFAC9BE00006472402ACED0.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 5
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe (PUP.Fbsearch) -> Keine Aktion durchgeführt.
C:\ProgramData\6472A497FCFAC9BE00006472402ACED0\6472A497FCFAC9BE00006472402ACED0.exe (Trojan.LameShield.GI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ist da noch was zu retten? Mein Laptop sollte noch ein paar Wochen überleben, dann ist sowieso schon ein Ersatz geplant.

Vielen Dank schon mal für die Hilfe!

Geändert von sensa (10.01.2013 um 21:52 Uhr)

Alt 10.01.2013, 23:29   #2
markusg
/// Malware-holic
 
System Progressive Protection... - Standard

System Progressive Protection...



Hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 11.01.2013, 19:47   #3
sensa
 
System Progressive Protection... - Standard

System Progressive Protection...



Also, hier nun die gewünschten Daten.

OTL
Code:
ATTFilter
OTL logfile created on: 11.01.2013 19:42:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1.95 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 37.46% Memory free
3.89 Gb Paging File | 1.80 Gb Available in Paging File | 46.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 72.96 Gb Free Space | 32.91% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.85 Gb Free Space | 18.92% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.66 Gb Free Space | 45.21% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\divx\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\DTS.exe ()
PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\NCH Software\ExpressZip\ezcm.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll ()
MOD - C:\Program Files\divx\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\divx\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\GR\PWMROV.DLL ()
MOD - C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Program Files\Lenovo\Camera Center\bin\LocalizationWrapper.dll ()
MOD - C:\Program Files\Lenovo\Camera Center\bin\de\LocalizationWrapper.resources.dll ()
MOD - C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLibrary.dll ()
MOD - C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadDataObjects.dll ()
MOD - c:\Program Files\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HTCMonitorService) -- C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (dtsvc) -- C:\Windows\System32\DTS.exe ()
SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe ()
SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (5U875UVC) -- C:\Windows\System32\drivers\5U875.sys (Ricoh co.,Ltd.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (s117nd5) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.taekwondo.ch/bern/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - No CLSID value found
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=LENIE&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={592C111F-1ED1-49e1-8E63-7A40B616A18B}
IE - HKCU\..\SearchScopes\{30E97D08-462C-40B1-B406-10D72154D73B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=APN10280&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^CH&apn_ptnrs=^A9T&apn_uid=0078483025974264&p2=^A9T^YYYYYY^YY^CH&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local*.unibe.ch;130.92.*;<local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=proxy.unibe.ch:80
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Users\***\AppData\Roaming\Juniper Networks\Network Connect 6.3.0\instantproxy.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://eu.ask.com/web?l=dis&o=APN10280&gct=hp&apn_dtid=^YYYYYY^YY^CH&apn_ptnrs=^A9T&apn_uid=0078483025974264&p2=^A9T^YYYYYY^YY^CH"
FF - prefs.js..extensions.enabledAddons: admin@proxy-listen.de:1.0.1
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.10.0.1
FF - prefs.js..extensions.enabledAddons: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledAddons: {94366e2c-9923-431c-b0d6-747447dd0f2b}:1.0.0.12
FF - prefs.js..extensions.enabledAddons: ytvdw@pgport.com:1.1.10
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.5.2
FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.2
FF - prefs.js..keyword.URL: "hxxp://eu.ask.com/web?l=dis&o=APN10280&gct=kwd&qsrc=2869&apn_dtid=^YYYYYY^YY^CH&apn_ptnrs=^A9T&apn_uid=0078483025974264&p2=^A9T^YYYYYY^YY^CH&q="
FF - prefs.js..network.proxy.backup.ftp: "88.80.208.22"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "88.80.208.22"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "88.80.208.22"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "88.80.208.224"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "88.80.208.224"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "88.80.208.224"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "88.80.208.224"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 16:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.19 20:06:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 16:37:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009.11.29 20:23:14 | 000,000,000 | ---D | M]
 
[2010.03.04 00:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.04 00:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.07.10 16:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\himt3oew.default\extensions
[2012.03.07 13:58:10 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\himt3oew.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2012.07.10 16:44:14 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\himt3oew.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2011.06.16 13:33:05 | 000,014,778 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\himt3oew.default\extensions\admin@proxy-listen.de.xpi
[2012.03.09 19:44:37 | 000,061,854 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\himt3oew.default\extensions\ytvdw@pgport.com.xpi
[2012.08.25 20:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.28 07:55:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_5_2
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2012.09.19 20:06:02 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIMT3OEW.DEFAULT\EXTENSIONS\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIMT3OEW.DEFAULT\EXTENSIONS\{94366E2C-9923-431C-B0D6-747447DD0F2B}
[2009.11.29 20:28:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.07 14:15:13 | 000,002,274 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ask.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommhmgednjnodcljhlljkaiidghdmikk\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: NCH DE = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommhmgednjnodcljhlljkaiidghdmikk\2.3.15.10_0\
 
O1 HOSTS File: ([2009.11.03 21:01:11 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-ch.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn.unibe.ch/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DFFC059-A6D1-49CD-8D00-02C6035D3C6F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk Q:\
O32 - Unable to obtain root file information for disk S:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.11 18:24:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.10 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\EurekaLog
[2013.01.10 22:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.01.10 22:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013.01.10 22:15:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware
[2013.01.10 21:46:08 | 258,580,296 | ---- | C] (Emsisoft GmbH                                               ) -- C:\Users\***\Desktop\EmsisoftAntiMalwareSetup.exe
[2013.01.10 21:43:27 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\rkill.com
[2013.01.10 21:31:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.10 21:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.10 21:31:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.10 21:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.10 21:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.10 21:31:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.01.10 21:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\6472A497FCFAC9BE00006472402ACED0
[2013.01.05 17:53:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Arbeiten Nadja
[2013.01.05 17:53:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ALS
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 19:45:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.11 19:40:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.11 19:40:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.11 19:00:21 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013.01.11 18:30:11 | 000,011,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.11 18:30:10 | 000,011,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.11 18:24:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.11 18:15:52 | 000,001,024 | ---- | M] () -- C:\Users\***\.rnd
[2013.01.11 18:12:47 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_***.job
[2013.01.11 18:12:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.11 18:11:33 | 1566,597,120 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.11 17:42:34 | 000,430,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.10 22:16:49 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.01.10 21:51:05 | 258,580,296 | ---- | M] (Emsisoft GmbH                                               ) -- C:\Users\***\Desktop\EmsisoftAntiMalwareSetup.exe
[2013.01.10 21:43:29 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\rkill.com
[2013.01.10 21:31:22 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.10 18:05:01 | 000,704,618 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 18:05:01 | 000,665,854 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 18:05:01 | 000,148,772 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 18:05:01 | 000,124,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.05 11:14:04 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_***.job
[2012.12.22 10:15:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_***.job
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.01.10 22:16:49 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.01.10 21:31:22 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.15 11:12:23 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_***.job
[2012.12.15 11:10:51 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_***.job
[2012.12.15 11:10:49 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_***.job
[2012.09.22 10:45:47 | 000,001,024 | ---- | C] () -- C:\Users\***\.rnd
[2012.07.10 16:44:06 | 000,045,765 | ---- | C] () -- C:\Users\Sonja\AppData\Roaming\ExpressZip.dmp
[2011.06.15 19:05:40 | 000,001,940 | ---- | C] () -- C:\Users\***\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.05.24 08:36:38 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.21 17:16:01 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.07 13:19:30 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010.12.21 08:06:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.21 07:15:03 | 000,000,166 | ---- | C] () -- C:\Users\***\20080418.rm
[2010.03.23 20:21:59 | 001,714,146 | ---- | C] () -- C:\Users\***\Backup_of_Programm10_3seitig.cdr
[2010.03.23 20:17:44 | 003,669,538 | ---- | C] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitigkurvig.cdr
[2010.03.23 20:16:05 | 003,148,809 | ---- | C] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitigkurvig.pdf
[2010.03.23 20:15:28 | 001,713,256 | ---- | C] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitig.cdr
[2010.03.23 20:12:59 | 003,669,684 | ---- | C] () -- C:\Users\***\Programm10_3seitigkurvig.cdr
[2010.03.23 20:06:52 | 003,118,733 | ---- | C] () -- C:\Users\***\Programm10_3seitig.cdr
[2009.12.22 16:12:59 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.11.29 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure
[2013.01.10 22:52:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EurekaLog
[2012.08.19 13:55:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haowes
[2012.07.04 12:34:05 | 000,000,000 | ---D | M] -- 
C:\Users\***\AppData\Roaming\HTC
[2012.07.04 12:34:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC Sync
[2009.11.29 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2009.11.29 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2009.11.29 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.11.29 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo
[2009.10.12 22:29:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.02.07 20:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Registry Mechanic
[2012.08.19 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ryvao
[2010.07.28 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010.05.23 18:14:10 | 000,000,000 | ---D | M] -- 
C:\Users\***\AppData\Roaming\Tific
[2012.08.19 13:55:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Urruer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.11.29 19:53:09 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR
[2009.11.29 21:54:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.11.29 20:56:02 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q
[2009.11.29 17:34:26 | 000,000,000 | -H-D | M] -- C:\A
[2012.02.28 20:34:34 | 000,000,000 | ---D | M] -- C:\a96e4b101ec97134f8ce
[2009.05.23 22:32:03 | 000,000,000 | ---D | M] -- C:\AuthLog
[2013.01.11 19:41:44 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.29 21:14:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.09.26 15:24:44 | 000,000,000 | ---D | M] -- C:\DRIVERS
[2009.05.23 22:06:27 | 000,000,000 | ---D | M] -- C:\Intel
[2009.08.24 15:11:16 | 000,000,000 | ---D | M] -- C:\KAV
[2009.05.23 21:05:50 | 000,000,000 | ---D | M] -- C:\mfg
[2009.05.23 22:38:14 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.10 22:51:46 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.01.10 21:31:21 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.11.29 21:14:48 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.11.29 21:14:48 | 000,000,000 | -HSD | M] -- C:\Recovery
[2009.11.29 17:34:26 | 000,000,000 | RHSD | M] -- C:\RRbackups
[2009.11.29 17:34:22 | 000,000,000 | ---D | M] -- C:\SWShare
[2009.08.24 15:00:55 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2009.08.24 10:21:04 | 000,000,000 | ---D | M] -- C:\swwork
[2013.01.11 18:59:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.07 13:59:02 | 000,000,000 | ---D | M] -- C:\Temp
[2009.11.29 20:47:55 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.10 21:13:35 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.05.23 22:28:18 | 000,000,436 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.05.24 13:41:17 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.05.24 13:41:19 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.02.07 13:19:52 | 000,000,254 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job
[2012.03.30 12:03:19 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.12.15 11:10:49 | 000,000,366 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_***.job
[2012.12.15 11:10:51 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_***.job
[2012.12.15 11:12:23 | 000,000,376 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_***.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.11.03 09:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\DRIVERS\other\IaStor.sys
[2008.11.03 09:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2008.11.03 09:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Windows\System32\drivers\iaStor.sys
[2008.11.03 09:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3ffc2247bd763e9e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
< %USERPROFILE%\*.* >
[2013.01.11 18:15:52 | 000,001,024 | ---- | M] () -- C:\Users\***\.rnd
[2010.04.21 07:15:04 | 000,000,166 | ---- | M] () -- C:\Users\***\20080418.rm
[2010.03.23 20:06:58 | 001,714,146 | ---- | M] () -- C:\Users\***\Backup_of_Programm10_3seitig.cdr
[2013.01.11 19:53:48 | 005,767,168 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2013.01.11 19:53:48 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2009.11.29 20:18:38 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2
[2010.06.13 13:18:19 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{0bee93f9-76d0-11df-9e6c-0022680e28bc}.TM.blf
[2010.06.13 13:18:19 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0bee93f9-76d0-11df-9e6c-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms
[2010.06.13 13:18:19 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0bee93f9-76d0-11df-9e6c-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms
[2011.04.06 21:51:07 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{57ba6177-6085-11e0-b0de-0022fadbf25c}.TM.blf
[2011.04.06 21:51:07 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{57ba6177-6085-11e0-b0de-0022fadbf25c}.TMContainer00000000000000000001.regtrans-ms
[2011.04.06 21:51:07 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{57ba6177-6085-11e0-b0de-0022fadbf25c}.TMContainer00000000000000000002.regtrans-ms
[2009.11.29 20:18:39 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.11.29 20:18:39 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.11.29 20:18:39 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.01.21 18:13:29 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{6d802bf5-2581-11e0-a1c1-0022680e28bc}.TM.blf
[2011.01.21 18:13:29 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{6d802bf5-2581-11e0-a1c1-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms
[2011.01.21 18:13:29 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{6d802bf5-2581-11e0-a1c1-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms
[2011.03.17 10:00:33 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{c056c08b-5071-11e0-a3af-0022680e28bc}.TM.blf
[2011.03.17 10:00:33 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c056c08b-5071-11e0-a3af-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms
[2011.03.17 10:00:33 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c056c08b-5071-11e0-a3af-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms
[2011.03.17 10:28:36 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{e0ea112e-5073-11e0-9cf4-0022680e28bc}.TM.blf
[2011.03.17 10:28:36 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{e0ea112e-5073-11e0-9cf4-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms
[2011.03.17 10:28:36 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{e0ea112e-5073-11e0-9cf4-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms
[2012.09.19 20:58:21 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{e83e2f10-0284-11e2-b8a9-0022680e28bc}.TM.blf
[2012.09.19 20:58:21 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{e83e2f10-0284-11e2-b8a9-0022680e28bc}.TMContainer00000000000000000001.regtrans-ms
[2012.09.19 20:58:21 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{e83e2f10-0284-11e2-b8a9-0022680e28bc}.TMContainer00000000000000000002.regtrans-ms
[2009.11.29 21:15:12 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
[2010.03.23 20:22:04 | 003,118,733 | ---- | M] () -- C:\Users\***\Programm10_3seitig.cdr
[2010.03.23 20:13:10 | 003,669,684 | ---- | M] () -- C:\Users\***\Programm10_3seitigkurvig.cdr
[2010.03.23 20:15:33 | 001,713,256 | ---- | M] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitig.cdr
[2010.03.23 20:17:44 | 003,669,538 | ---- | M] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitigkurvig.cdr
[2010.03.23 20:16:12 | 003,148,809 | ---- | M] () -- C:\Users\***\Sicherungskopie_von_Programm10_3seitigkurvig.pdf
[2011.03.01 16:18:57 | 000,052,224 | -HS- | M] () -- C:\Users\***\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
und Extra
Code:
ATTFilter
OTL Extras logfile created on: 11.01.2013 18:31:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1.95 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.96% Memory free
3.89 Gb Paging File | 1.90 Gb Available in Paging File | 48.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 73.71 Gb Free Space | 33.25% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 1.85 Gb Free Space | 18.92% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.66 Gb Free Space | 45.21% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FA6A0F-1AC2-4C58-BD2B-6FE234CD8458}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{0AAE132C-4E59-4976-8F9E-B9271351B679}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B909B47-11DA-4FB7-A828-9648C6242EB7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34E2DBB7-0809-424A-AE2A-3F360340BE66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A96ED1E-3AE3-4648-B8A6-43A59000CD69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D097B58-7AD4-44DC-8F60-CAD7951C431A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6B1CD13E-C1CD-4DD7-B2E6-73F9A2000D68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{711890D8-BE0E-49A5-86CC-54D5D4AB8C1D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7264B98D-735A-44B5-AEA4-06DB7FB83308}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8654053B-9ADF-4DED-8874-57EC77DCD6B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{88FD1137-2A18-4867-B6C1-7EA9FEA506F8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8A472A98-5528-4119-97B0-55886EE5F16B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{918405AA-A71F-4DB6-84F5-0122CB56A583}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{963CB90F-4A1F-4E45-B47C-4EA5E7B0CC15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B6519FD-5A51-4C3C-9E2A-2B8190F79D8A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AEFB8904-DDE5-45D8-AFDA-E20E811B569A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AF76901C-4E28-4DCD-934D-3A74435E0891}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B00C654C-9C41-4DAC-A417-9A5E0E897A48}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BB9BFB2A-253A-430C-B3D9-5BCD7F6A5115}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0FB4142-F4FD-41AE-BB34-98353C9C3152}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CC4865C2-F8E2-48CE-B68F-23589EF8A32E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CD4F2839-56B7-48F7-8B5B-FC4FCDDB5B14}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DA6E41BC-49E3-4C94-92BF-D6BE087FA7C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DB179DB5-7407-4A3B-913B-E448B5383887}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E18D9EA9-A8AA-466F-95D7-80E6BEA37D66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E30353D2-2F65-4825-B732-E5B5B68D1A89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F55FD117-E091-49F9-8544-DEFF8C163ACC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035B6248-1E99-41A6-B159-77908B39EB86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{0D2C2DDF-302F-4F7E-B6B9-DFA20A435EEF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0E7CC784-5C4D-43B6-B6B4-7F6F3686D73F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{1379036A-A392-4DF4-9E93-D1C58D1EFAC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{16E0CEEA-5DCB-4542-9680-B1F3A453A101}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{172F78FC-F723-4991-B4B1-9ED913E737FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{20C10EDD-410C-4722-8662-23104921F376}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2155B6D0-7651-4AA9-AC75-926BC2E94F7D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{27250648-06C2-4398-9206-3168BC89A392}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{288CDD0C-613C-491A-B321-5C2F172EBD3C}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2E2528CC-2944-4BED-8ABA-7D50C610A27E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33EB7F11-3CAF-4299-8225-BC12024896CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3938D084-F0AF-4EBB-B8EE-21D6747B19B8}" = dir=in | app=c:\program files\htc\htc sync manager\htc sync\htcsyncloader.exe | 
"{39C95B22-91BE-486E-9B05-6A37F48CD822}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{39D6EEEF-85B0-4BF4-9D20-404EA73CFD2F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{3C8FBEBB-70DE-4C69-A4D3-B08A8D8BA386}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{475AEEA6-A7D5-48EE-8242-85F485F18494}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{57760483-7AE0-44C6-92D6-D46D7E68A8CD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{61F4F797-E501-43E4-B99E-210015BFFDE2}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{67F6FB12-69B5-45F0-BA14-AE187C778B64}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{6B63646E-938B-467C-A381-D180F45B3B50}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{74D90D38-4608-44F6-8A51-7FC5EA81A1EA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{7A15F5F7-F67E-4834-8801-9A6505479B4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{7A47F128-4B4D-4FD8-90BF-42D296C94F19}" = dir=in | app=c:\users\sonja\appdata\local\temp\7zs10c2\ojj4600_basic_13\setup\hpznui01.exe | 
"{7C3B5D81-5399-4B2D-BB9E-1237B8D1F6CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{83640CB4-9197-4192-8FDC-D9909FAAA409}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{853BF420-C4C6-4939-BB08-2A8AC8938AE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A8FCC34-3AB7-4189-86E1-5E5A270886C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AB635C4-710D-4484-9CC0-A72CB8E3D339}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{9248C12D-0299-443C-AF51-93BE8EE4F600}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{98FD6607-D97A-400C-B41E-1EFC31687BD8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{99B3FB7B-E454-4C09-8933-B0E48C63FE8F}" = protocol=6 | dir=out | app=system | 
"{9B0A0EA2-F4D9-471B-A171-9A87361FA080}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{9BD9DE94-9089-4436-A8F7-1F6590DE3D42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9D5CD5A0-EC30-431F-BCE1-683FBA98DDE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9DC19387-0EA1-4334-8236-8521962434C4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{9F7F0640-5AEC-4989-BB7A-28D1C46E553B}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{ABBACBBD-8876-4474-8C03-4B0EA37CF119}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC8C3AC9-1580-4FDB-9ED0-3CFC5A182EDA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D7380227-40E7-40EA-A0B7-47B6548029D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBB5BB80-9B90-46A8-8EED-874DDF520C54}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{E51612D7-ED86-4A94-806C-A7F1A930F2D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E856E6A9-C23C-49AE-ADB0-73AE626E87DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC5E7769-B61C-44EE-9040-44227F9D1587}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{ED3DF7CE-60F2-4F45-ADED-321D7C16218B}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{F1C4D7C5-4870-415E-924C-4ED3AAC3297A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F54D7C3C-8180-4567-B6A4-988ADF6A478F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9841F34-C254-4029-A585-0AC808A5B714}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.4500
"{09A84D86-C709-4825-9548-ACF4838D478D}" = Intel(R) PROSet/Wireless WiFi Software
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{356C896A-6BE6-487D-AA37-C999F945E6CF}" = Integrated Camera TWAIN
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41CE67B3-7766-4CC0-9E5A-D28DF12072E7}" = HTC Sync Manager
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5523092E-13AA-4EED-8E18-255860F6D9DC}" = ThinkVantage Status Gadget
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = Integrated Camera Driver Installer Package Ver.1.18.500.0
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63d32065-045d-4328-a459-6d4c56540208}" = Microsoft Office Language Pack 2007 – Deutsch (für Office Outlook 2007 mit Business Contact Manager SP1)
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7DEF17DA-2FBD-457F-8550-68A116B7ACD9}" = WOT for Internet Explorer
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8776d074-2ff7-440b-b904-1836be70bd75}" = Microsoft Office Language Pack 2007 – Italiano (per Office Outlook 2007 con Business Contact Manager SP1)
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{ab3ef3f3-02df-47fe-ad89-26004ae29462}" = Module linguistique de Microsoft Office 2007 – French/Français (pour Office Outlook 2007 avec le Gestionnaire de contacts professionnels SP1)
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT für Internet Explorer
"{C7EE261A-06E9-402D-B504-9967F8FC6F0C}" = Mobile Broadband Connect
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CDDE4895-E348-4230-99E7-F2FA91131D2C}" = HP OfficeJet J4600 All-In-One Series
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DC1DDAC3-510E-44b1-A969-529FFED5A619}" = J4600
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc  (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net  (08/22/2008 9.52.10.1001)
"386CAF2F8306A2DD7EBAEAA5A86D98BE177DC951" = Windows Driver Package - Lenovo 1.45 (02/18/2008 1.45)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System  (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB  (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System  (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System  (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (10/02/2008 8.1.2.37)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System  (09/15/2006 7.0.0.1011)
"ExpressZip" = Express Zip Dateikomprimierungs-Software
"F47257BFD82AA5BBF9668FC2EE9A258601FCE833" = Windows Driver Package - Intel (iaStor) hdc  (11/03/2008 8.6.3.1004)
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista 
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PC-Doctor for Windows" = Lenovo System Toolbox
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"RealPlayer 15.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Search Guard Plus" = Search Guard Plus (My Tattoons)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Tattoons)
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Uninstall_is1" = Uninstall 1.0.0.1
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3227804131-1792914278-699631089-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2013 12:43:27 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2013 16:15:12 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2013 16:17:05 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2013 17:09:27 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.01.2013 17:54:11 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e70    Startzeit: 01cdef7729e487e9    Endzeit: 220    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 10.01.2013 18:34:10 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: xul.dll, Version: 1.9.0.3506,
 Zeitstempel: 0x4a7c9d7b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0051f3b7  ID des fehlerhaften
 Prozesses: 0x1fd4  Startzeit der fehlerhaften Anwendung: 0x01cdef7e232acf8c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\components\xul.dll
Berichtskennung:
 d96d6d7f-5b75-11e2-beef-0022680e28bc
 
Error - 11.01.2013 12:44:12 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 12:59:59 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1638    Startzeit: 01cdf01c54775325    Endzeit: 31    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 11.01.2013 13:13:10 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 13:30:36 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: edc    Startzeit: 
01cdf020d479bc64    Endzeit: 16    Anwendungspfad: C:\Users\***\Desktop\OTL.exe    Berichts-ID:
   
 
[ System Events ]
Error - 11.01.2013 13:10:20 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst PCToolsSSDMonitorSvc erreicht.
 
Error - 11.01.2013 13:12:26 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Cisco Systems Inc. IPSec Driver" ist von folgendem Dienst
 abhängig: DNE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 11.01.2013 13:12:58 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 TVT Backup Protection Service erreicht.
 
Error - 11.01.2013 13:12:58 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 TVT Backup Service erreicht.
 
Error - 11.01.2013 13:12:59 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 TVT Scheduler erreicht.
 
Error - 11.01.2013 13:13:40 | Computer Name = *** | Source = DCOM | ID = 10016
Description = 
 
Error - 11.01.2013 13:14:53 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
Error - 11.01.2013 13:15:04 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Cisco Systems Inc. IPSec Driver" ist von folgendem Dienst
 abhängig: DNE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 11.01.2013 13:16:47 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 11.01.2013 13:17:39 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 ThinkVantage Registry Monitor Service erreicht.
 
 
< End of report >
         
Vielen Dank!
__________________

Alt 11.01.2013, 19:49   #4
sensa
 
System Progressive Protection... - Standard

System Progressive Protection...



gelöscht

Geändert von sensa (11.01.2013 um 19:55 Uhr) Grund: da doppelt gepostet

Alt 11.01.2013, 20:14   #5
markusg
/// Malware-holic
 
System Progressive Protection... - Standard

System Progressive Protection...



hi
öffne mal c:\benutzer\name\eigene dokumente\antimalware\reports und poste, falls vorhanden logs mit Funden.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 20:25   #6
sensa
 
System Progressive Protection... - Standard

System Progressive Protection...



Code:
ATTFilter
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 10.01.2013 22:20:11

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\, S:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	10.01.2013 22:29:34

C:\Program Files\Free Offers from Freeze.com\ 	gefunden: Trace.File.Freeze (A)
C:\Program Files\SGPSA 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\Tmp 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Free Offers from Freeze.com 	gefunden: Trace.File.Freeze (A)
C:\Program Files\Search Guard Plus\fbsProtection.xml 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\fbsSearchProvider.xml 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\FbsSearchProviderIE8.exe 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\SearchGuardPlus.ico 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\SGPU.ico 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdater.exe 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdater.xml 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe 	gefunden: Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Free Offers from Freeze.com\control.txt 	gefunden: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\dolphinico.ico 	gefunden: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico 	gefunden: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\whalesico.ico 	gefunden: Trace.File.Freeze (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> Disable 	gefunden: Trace.Registry.els.mywebtattoo.com (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> ProgramPath 	gefunden: Trace.Registry.els.mywebtattoo.com (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> toolbar_id 	gefunden: Trace.Registry.els.mywebtattoo.com (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> v 	gefunden: Trace.Registry.els.mywebtattoo.com (A)
Value: hkey_users\s-1-5-21-3227804131-1792914278-699631089-1003\software\fbsearch -> Version 	gefunden: Trace.Registry.els.mywebtattoo.com (A)

Gescannt	317054
Gefunden	24

Scan Ende:	10.01.2013 22:50:54
Scan Zeit:	0:21:20

C:\Program Files\SGPSA	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\Tmp	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\fbsProtection.xml	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\fbsSearchProvider.xml	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\FbsSearchProviderIE8.exe	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard Plus\SearchGuardPlus.ico	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\SGPU.ico	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdater.exe	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdater.xml	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe	Quarantäne Trace.File.els.mywebtattoo.com (A)
C:\Program Files\Free Offers from Freeze.com\	Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com	Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\control.txt	Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\dolphinico.ico	Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico	Quarantäne Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\whalesico.ico	Quarantäne Trace.File.Freeze (A)

Quarantäne	31
         

Alt 11.01.2013, 20:29   #7
markusg
/// Malware-holic
 
System Progressive Protection... - Standard

System Progressive Protection...



sehr gut.
lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 20:43   #8
sensa
 
System Progressive Protection... - Standard

System Progressive Protection...



ok, ist erledigt.

Alt 11.01.2013, 20:50   #9
markusg
/// Malware-holic
 
System Progressive Protection... - Standard

System Progressive Protection...



Fein.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 21:02   #10
sensa
 
System Progressive Protection... - Standard

System Progressive Protection...



Code:
ATTFilter
21:53:13.0022 7252  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:53:13.0432 7252  ============================================================
21:53:13.0432 7252  Current date / time: 2013/01/11 21:53:13.0432
21:53:13.0432 7252  SystemInfo:
21:53:13.0432 7252  
21:53:13.0432 7252  OS Version: 6.1.7601 ServicePack: 1.0
21:53:13.0432 7252  Product type: Workstation
21:53:13.0432 7252  ComputerName: ***
21:53:13.0432 7252  UserName: ***
21:53:13.0432 7252  Windows directory: C:\Windows
21:53:13.0432 7252  System windows directory: C:\Windows
21:53:13.0432 7252  Processor architecture: Intel x86
21:53:13.0432 7252  Number of processors: 2
21:53:13.0432 7252  Page size: 0x1000
21:53:13.0432 7252  Boot type: Normal boot
21:53:13.0432 7252  ============================================================
21:53:16.0122 7252  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:53:16.0242 7252  ============================================================
21:53:16.0242 7252  \Device\Harddisk0\DR0:
21:53:16.0242 7252  MBR partitions:
21:53:16.0242 7252  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
21:53:16.0242 7252  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BB4E7F8
21:53:16.0242 7252  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
21:53:16.0242 7252  ============================================================
21:53:16.0302 7252  C: <-> \Device\Harddisk0\DR0\Partition2
21:53:16.0342 7252  S: <-> \Device\Harddisk0\DR0\Partition1
21:53:16.0392 7252  Q: <-> \Device\Harddisk0\DR0\Partition3
21:53:16.0392 7252  ============================================================
21:53:16.0392 7252  Initialize success
21:53:16.0392 7252  ============================================================
21:53:50.0118 0172  ============================================================
21:53:50.0118 0172  Scan started
21:53:50.0118 0172  Mode: Manual; SigCheck; TDLFS; 
21:53:50.0118 0172  ============================================================
21:53:52.0110 0172  ================ Scan system memory ========================
21:53:52.0110 0172  System memory - ok
21:53:52.0110 0172  ================ Scan services =============================
21:53:52.0350 0172  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:53:52.0612 0172  1394ohci - ok
21:53:52.0662 0172  [ 37E62B1D2BA075E3AD7AB30C873CEFA6 ] 5U875UVC        C:\Windows\system32\DRIVERS\5U875.sys
21:53:52.0762 0172  5U875UVC - ok
21:53:52.0932 0172  [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc           C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
21:53:53.0042 0172  a2acc - ok
21:53:53.0242 0172  [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
21:53:53.0442 0172  a2AntiMalware - ok
21:53:53.0482 0172  [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA           C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
21:53:53.0512 0172  A2DDA - ok
21:53:53.0542 0172  [ 03BFDFAE9D150D43F4A19B5FBB892591 ] a2injectiondriver C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
21:53:53.0552 0172  a2injectiondriver - ok
21:53:53.0602 0172  [ 2DA26EB05B5495D3B2EE36456C239FB7 ] a2util          C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
21:53:53.0612 0172  a2util - ok
21:53:53.0663 0172  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:53:53.0683 0172  ACPI - ok
21:53:53.0783 0172  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:53:53.0903 0172  AcpiPmi - ok
21:53:53.0983 0172  [ DB639006452E21796534B818CCBDA90A ] AcPrfMgrSvc     C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
21:53:54.0023 0172  AcPrfMgrSvc - ok
21:53:54.0053 0172  [ 929CDB87810A6C89DF8E9A5A7EC3C2EB ] AcSvc           C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
21:53:54.0073 0172  AcSvc - ok
21:53:54.0103 0172  [ FB0BE3B9EBC6219270E7E507582CF0FF ] ADMonitor       C:\Windows\system32\ADMonitor.exe
21:53:54.0133 0172  ADMonitor ( UnsignedFile.Multi.Generic ) - warning
21:53:54.0133 0172  ADMonitor - detected UnsignedFile.Multi.Generic (1)
21:53:54.0223 0172  [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
21:53:54.0273 0172  AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - warning
21:53:54.0273 0172  AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic (1)
21:53:54.0363 0172  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:53:54.0413 0172  AdobeFlashPlayerUpdateSvc - ok
21:53:54.0473 0172  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:53:54.0533 0172  adp94xx - ok
21:53:54.0563 0172  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:53:54.0603 0172  adpahci - ok
21:53:54.0633 0172  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:53:54.0664 0172  adpu320 - ok
21:53:54.0704 0172  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:53:54.0854 0172  AeLookupSvc - ok
21:53:54.0914 0172  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:53:55.0014 0172  AFD - ok
21:53:55.0065 0172  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:53:55.0076 0172  agp440 - ok
21:53:55.0136 0172  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:53:55.0156 0172  aic78xx - ok
21:53:55.0206 0172  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:53:55.0276 0172  ALG - ok
21:53:55.0316 0172  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:53:55.0336 0172  aliide - ok
21:53:55.0436 0172  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:53:55.0476 0172  amdagp - ok
21:53:55.0516 0172  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:53:55.0526 0172  amdide - ok
21:53:55.0576 0172  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:53:55.0636 0172  AmdK8 - ok
21:53:55.0656 0172  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:53:55.0687 0172  AmdPPM - ok
21:53:55.0727 0172  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:53:55.0767 0172  amdsata - ok
21:53:55.0809 0172  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:53:55.0819 0172  amdsbs - ok
21:53:55.0839 0172  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:53:55.0849 0172  amdxata - ok
21:53:56.0079 0172  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:53:56.0149 0172  AntiVirSchedulerService - ok
21:53:56.0209 0172  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:53:56.0219 0172  AntiVirService - ok
21:53:56.0269 0172  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:53:57.0539 0172  AppID - ok
21:53:57.0599 0172  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:53:57.0669 0172  AppIDSvc - ok
21:53:57.0710 0172  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
21:53:57.0760 0172  Appinfo - ok
21:53:57.0840 0172  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:53:57.0860 0172  Apple Mobile Device - ok
21:53:57.0920 0172  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:53:58.0000 0172  AppMgmt - ok
21:53:58.0070 0172  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:53:58.0100 0172  arc - ok
21:53:58.0110 0172  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:53:58.0140 0172  arcsas - ok
21:53:58.0200 0172  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:53:58.0400 0172  AsyncMac - ok
21:53:58.0470 0172  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:53:58.0480 0172  atapi - ok
21:53:58.0550 0172  [ 6A0F37BC6E960E4BAA47048D6D877D3C ] ATService       C:\Windows\system32\AtService.exe
21:53:58.0650 0172  ATService - ok
21:53:58.0710 0172  [ 40E3212DA94ACF9E120C30ACEBC6EA80 ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
21:53:58.0760 0172  ATSwpWDF - ok
21:53:58.0830 0172  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:53:58.0910 0172  AudioEndpointBuilder - ok
21:53:58.0940 0172  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:53:58.0990 0172  Audiosrv - ok
21:53:59.0050 0172  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:53:59.0080 0172  avgntflt - ok
21:53:59.0130 0172  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:53:59.0150 0172  avipbb - ok
21:53:59.0190 0172  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:53:59.0200 0172  avkmgr - ok
21:53:59.0270 0172  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:53:59.0410 0172  AxInstSV - ok
21:53:59.0490 0172  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:53:59.0580 0172  b06bdrv - ok
21:53:59.0630 0172  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:53:59.0680 0172  b57nd60x - ok
21:53:59.0740 0172  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:53:59.0760 0172  BcmSqlStartupSvc - ok
21:53:59.0820 0172  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:53:59.0930 0172  BDESVC - ok
21:53:59.0970 0172  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:54:00.0010 0172  Beep - ok
21:54:00.0140 0172  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:54:00.0200 0172  BFE - ok
21:54:00.0240 0172  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:54:00.0300 0172  BITS - ok
21:54:00.0340 0172  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:54:00.0370 0172  blbdrive - ok
21:54:00.0460 0172  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:54:00.0510 0172  Bonjour Service - ok
21:54:00.0560 0172  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:54:00.0620 0172  bowser - ok
21:54:00.0640 0172  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:54:00.0730 0172  BrFiltLo - ok
21:54:00.0750 0172  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:54:00.0800 0172  BrFiltUp - ok
21:54:00.0850 0172  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:54:00.0920 0172  Browser - ok
21:54:00.0960 0172  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:54:01.0070 0172  Brserid - ok
21:54:01.0090 0172  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:54:01.0120 0172  BrSerWdm - ok
21:54:01.0150 0172  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:54:01.0180 0172  BrUsbMdm - ok
21:54:01.0210 0172  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:54:01.0270 0172  BrUsbSer - ok
21:54:01.0290 0172  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:54:01.0340 0172  BTHMODEM - ok
21:54:01.0390 0172  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:54:01.0450 0172  bthserv - ok
21:54:01.0530 0172  [ 97689D6A5C74226071A8B19F68CB0D35 ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
21:54:01.0580 0172  btwdins - ok
21:54:01.0630 0172  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:54:01.0690 0172  cdfs - ok
21:54:01.0740 0172  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:54:01.0780 0172  cdrom - ok
21:54:01.0830 0172  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:54:01.0870 0172  CertPropSvc - ok
21:54:01.0910 0172  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:54:01.0930 0172  circlass - ok
21:54:01.0980 0172  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:54:02.0030 0172  CLFS - ok
21:54:02.0130 0172  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:54:02.0170 0172  clr_optimization_v2.0.50727_32 - ok
21:54:02.0280 0172  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:54:02.0310 0172  clr_optimization_v4.0.30319_32 - ok
21:54:02.0330 0172  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:54:02.0350 0172  CmBatt - ok
21:54:02.0380 0172  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:54:02.0400 0172  cmdide - ok
21:54:02.0430 0172  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:54:02.0470 0172  CNG - ok
21:54:02.0550 0172  [ 726803D911045D283509D3CDD91D8E52 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:54:02.0620 0172  CnxtHdAudService - ok
21:54:02.0670 0172  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:54:02.0690 0172  Compbatt - ok
21:54:02.0740 0172  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:54:02.0790 0172  CompositeBus - ok
21:54:02.0800 0172  COMSysApp - ok
21:54:02.0810 0172  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:54:02.0820 0172  crcdisk - ok
21:54:02.0870 0172  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:54:02.0960 0172  CryptSvc - ok
21:54:03.0010 0172  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
21:54:03.0060 0172  CSC - ok
21:54:03.0100 0172  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
21:54:03.0190 0172  CscService - ok
21:54:03.0300 0172  [ 5CE32922F8F74A0D2D6ECC30CDAD01E0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:54:03.0410 0172  CVPND - ok
21:54:03.0450 0172  [ D46B2E0EEAF349F2085F8B164E462156 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
21:54:03.0490 0172  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:54:03.0490 0172  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:54:03.0530 0172  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:54:03.0630 0172  DcomLaunch - ok
21:54:03.0670 0172  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:54:03.0720 0172  defragsvc - ok
21:54:03.0760 0172  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:54:03.0810 0172  DfsC - ok
21:54:03.0860 0172  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:54:03.0930 0172  Dhcp - ok
21:54:03.0960 0172  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:54:04.0000 0172  discache - ok
21:54:04.0050 0172  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:54:04.0070 0172  Disk - ok
21:54:04.0110 0172  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:54:04.0160 0172  Dnscache - ok
21:54:04.0200 0172  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:54:04.0250 0172  dot3svc - ok
21:54:04.0300 0172  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:54:04.0370 0172  Dot4 - ok
21:54:04.0420 0172  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
21:54:04.0480 0172  Dot4Print - ok
21:54:04.0520 0172  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:54:04.0560 0172  dot4usb - ok
21:54:04.0600 0172  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:54:04.0700 0172  DPS - ok
21:54:04.0750 0172  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:54:04.0810 0172  drmkaud - ok
21:54:04.0900 0172  [ CD5102D11D59B62F4C21A66711220095 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
21:54:04.0950 0172  dsNcService - ok
21:54:04.0990 0172  [ 13F36B3CB0F73AD0A0B89A6AFEC97954 ] dtsvc           C:\Windows\system32\DTS.exe
21:54:05.0020 0172  dtsvc ( UnsignedFile.Multi.Generic ) - warning
21:54:05.0020 0172  dtsvc - detected UnsignedFile.Multi.Generic (1)
21:54:05.0070 0172  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:54:05.0110 0172  DXGKrnl - ok
21:54:05.0170 0172  [ C90CE29DF8B9836CC6514CE9F53D0EB5 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y6032.sys
21:54:05.0190 0172  e1yexpress - ok
21:54:05.0230 0172  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:54:05.0280 0172  EapHost - ok
21:54:05.0400 0172  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:54:05.0590 0172  ebdrv - ok
21:54:05.0630 0172  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:54:05.0721 0172  EFS - ok
21:54:05.0811 0172  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:54:05.0941 0172  ehRecvr - ok
21:54:05.0971 0172  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:54:06.0061 0172  ehSched - ok
21:54:06.0121 0172  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:54:06.0151 0172  elxstor - ok
21:54:06.0201 0172  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:54:06.0261 0172  ErrDev - ok
21:54:06.0321 0172  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:54:06.0411 0172  EventSystem - ok
21:54:06.0511 0172  [ A1390C15F217204039F34C595DBD5087 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:54:06.0591 0172  EvtEng ( UnsignedFile.Multi.Generic ) - warning
21:54:06.0591 0172  EvtEng - detected UnsignedFile.Multi.Generic (1)
21:54:06.0611 0172  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:54:06.0671 0172  exfat - ok
21:54:06.0691 0172  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:54:06.0741 0172  fastfat - ok
21:54:06.0801 0172  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:54:06.0891 0172  Fax - ok
21:54:06.0941 0172  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:54:06.0991 0172  fdc - ok
21:54:07.0031 0172  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:54:07.0131 0172  fdPHost - ok
21:54:07.0171 0172  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:54:07.0221 0172  FDResPub - ok
21:54:07.0241 0172  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:54:07.0261 0172  FileInfo - ok
21:54:07.0291 0172  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:54:07.0331 0172  Filetrace - ok
21:54:07.0361 0172  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:54:07.0391 0172  flpydisk - ok
21:54:07.0421 0172  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:54:07.0441 0172  FltMgr - ok
21:54:07.0501 0172  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
21:54:07.0611 0172  FontCache - ok
21:54:07.0681 0172  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:54:07.0701 0172  FontCache3.0.0.0 - ok
21:54:07.0731 0172  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:54:07.0751 0172  FsDepends - ok
21:54:07.0781 0172  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:54:07.0801 0172  Fs_Rec - ok
21:54:07.0851 0172  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:54:07.0871 0172  fvevol - ok
21:54:07.0901 0172  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:54:07.0911 0172  gagp30kx - ok
21:54:07.0951 0172  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:54:07.0991 0172  GEARAspiWDM - ok
21:54:08.0071 0172  [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper   C:\Program Files\NOS\bin\getPlus_Helper.dll
21:54:08.0091 0172  getPlusHelper - ok
21:54:08.0151 0172  [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
21:54:08.0191 0172  ggflt - ok
21:54:08.0251 0172  [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
21:54:08.0291 0172  ggsemc - ok
21:54:08.0341 0172  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:54:08.0421 0172  gpsvc - ok
21:54:08.0541 0172  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:54:08.0571 0172  gupdate - ok
21:54:08.0611 0172  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:54:08.0623 0172  gupdatem - ok
21:54:08.0683 0172  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:54:08.0703 0172  gusvc - ok
21:54:08.0733 0172  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:54:08.0813 0172  hcw85cir - ok
21:54:08.0853 0172  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:54:08.0903 0172  HDAudBus - ok
21:54:08.0943 0172  [ 2DF64415A28CE036AC6ACEC7645A996F ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
21:54:08.0983 0172  HECI - ok
21:54:09.0023 0172  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:54:09.0083 0172  HidBatt - ok
21:54:09.0103 0172  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:54:09.0153 0172  HidBth - ok
21:54:09.0193 0172  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:54:09.0223 0172  HidIr - ok
21:54:09.0263 0172  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:54:09.0293 0172  hidserv - ok
21:54:09.0353 0172  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:54:09.0373 0172  HidUsb - ok
21:54:09.0423 0172  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:54:09.0493 0172  hkmsvc - ok
21:54:09.0543 0172  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:54:09.0623 0172  HomeGroupListener - ok
21:54:09.0653 0172  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:54:09.0693 0172  HomeGroupProvider - ok
21:54:09.0773 0172  [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:54:09.0803 0172  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:54:09.0803 0172  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:54:09.0833 0172  [ DF446BA625CC441617843E87798CE048 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:54:09.0863 0172  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:54:09.0863 0172  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:54:09.0903 0172  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:54:09.0923 0172  HpSAMD - ok
21:54:09.0993 0172  [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:54:10.0063 0172  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:54:10.0063 0172  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:54:10.0143 0172  [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:54:10.0273 0172  HSF_DPV - ok
21:54:10.0293 0172  [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:54:10.0333 0172  HSXHWAZL - ok
21:54:10.0383 0172  [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:54:10.0453 0172  HTCAND32 - ok
21:54:10.0613 0172  [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
21:54:10.0643 0172  HTCMonitorService - ok
21:54:10.0683 0172  [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
21:54:10.0713 0172  htcnprot - ok
21:54:10.0793 0172  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:54:10.0863 0172  HTTP - ok
21:54:10.0893 0172  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:54:10.0923 0172  hwpolicy - ok
21:54:10.0973 0172  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:54:11.0043 0172  i8042prt - ok
21:54:11.0103 0172  [ 37769C28E1C6489C56E41DB7A32D58C5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:54:11.0113 0172  iaStor - ok
21:54:11.0173 0172  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:54:11.0243 0172  iaStorV - ok
21:54:11.0283 0172  [ 699052E165698013020D2AC693CD80C7 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:54:11.0293 0172  IBMPMDRV - ok
21:54:11.0313 0172  [ 5A92B2DC9CCA34105A4125BA8D0BA035 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
21:54:11.0323 0172  IBMPMSVC - ok
21:54:11.0403 0172  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:54:11.0443 0172  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:54:11.0443 0172  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:54:11.0513 0172  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:54:11.0603 0172  idsvc - ok
21:54:11.0933 0172  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:54:12.0265 0172  igfx - ok
21:54:12.0325 0172  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:54:12.0335 0172  iirsp - ok
21:54:12.0435 0172  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:54:12.0515 0172  IKEEXT - ok
21:54:12.0555 0172  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:54:12.0575 0172  intelide - ok
21:54:12.0625 0172  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:54:12.0645 0172  intelppm - ok
21:54:12.0695 0172  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:54:12.0725 0172  IPBusEnum - ok
21:54:12.0745 0172  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:54:12.0795 0172  IpFilterDriver - ok
21:54:12.0855 0172  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:54:12.0925 0172  iphlpsvc - ok
21:54:12.0965 0172  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:54:12.0975 0172  IPMIDRV - ok
21:54:13.0005 0172  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:54:13.0055 0172  IPNAT - ok
21:54:13.0145 0172  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:54:13.0195 0172  iPod Service - ok
21:54:13.0215 0172  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:54:13.0305 0172  IRENUM - ok
21:54:13.0325 0172  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:54:13.0345 0172  isapnp - ok
21:54:13.0385 0172  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:54:13.0425 0172  iScsiPrt - ok
21:54:13.0455 0172  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:54:13.0465 0172  IviRegMgr - ok
21:54:13.0515 0172  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:54:13.0575 0172  kbdclass - ok
21:54:13.0615 0172  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:54:13.0655 0172  kbdhid - ok
21:54:13.0675 0172  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:54:13.0705 0172  KeyIso - ok
21:54:13.0745 0172  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:54:13.0765 0172  KSecDD - ok
21:54:13.0785 0172  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:54:13.0815 0172  KSecPkg - ok
21:54:13.0865 0172  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:54:13.0935 0172  KtmRm - ok
21:54:13.0985 0172  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:54:14.0035 0172  LanmanServer - ok
21:54:14.0065 0172  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:54:14.0115 0172  LanmanWorkstation - ok
21:54:14.0175 0172  [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi      C:\Windows\system32\DRIVERS\smiif32.sys
21:54:14.0185 0172  lenovo.smi - ok
21:54:14.0235 0172  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:54:14.0265 0172  lltdio - ok
21:54:14.0295 0172  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:54:14.0345 0172  lltdsvc - ok
21:54:14.0355 0172  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:54:14.0405 0172  lmhosts - ok
21:54:14.0455 0172  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:54:14.0475 0172  LSI_FC - ok
21:54:14.0495 0172  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:54:14.0505 0172  LSI_SAS - ok
21:54:14.0525 0172  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:54:14.0535 0172  LSI_SAS2 - ok
21:54:14.0545 0172  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:54:14.0565 0172  LSI_SCSI - ok
21:54:15.0026 0172  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:54:15.0056 0172  luafv - ok
21:54:15.0106 0172  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:54:15.0116 0172  MBAMProtector - ok
21:54:15.0186 0172  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:54:15.0206 0172  MBAMScheduler - ok
21:54:15.0226 0172  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:54:15.0256 0172  MBAMService - ok
21:54:15.0296 0172  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:54:15.0316 0172  Mcx2Svc - ok
21:54:15.0346 0172  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:54:15.0396 0172  mdmxsdk - ok
21:54:15.0426 0172  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:54:15.0446 0172  megasas - ok
21:54:15.0486 0172  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:54:15.0506 0172  MegaSR - ok
21:54:15.0536 0172  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:54:15.0636 0172  MMCSS - ok
21:54:15.0646 0172  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:54:15.0696 0172  Modem - ok
21:54:15.0736 0172  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:54:15.0766 0172  monitor - ok
21:54:15.0816 0172  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
21:54:15.0836 0172  mouclass - ok
21:54:15.0916 0172  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:54:15.0956 0172  mouhid - ok
21:54:15.0996 0172  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:54:16.0006 0172  mountmgr - ok
21:54:16.0036 0172  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:54:16.0056 0172  mpio - ok
21:54:16.0076 0172  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:54:16.0126 0172  mpsdrv - ok
21:54:16.0166 0172  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:54:16.0226 0172  MpsSvc - ok
21:54:16.0256 0172  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:54:16.0276 0172  MRxDAV - ok
21:54:16.0376 0172  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:54:16.0466 0172  mrxsmb - ok
21:54:16.0506 0172  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:54:16.0556 0172  mrxsmb10 - ok
21:54:16.0586 0172  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:54:16.0626 0172  mrxsmb20 - ok
21:54:16.0666 0172  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:54:16.0676 0172  msahci - ok
21:54:16.0736 0172  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:54:16.0746 0172  msdsm - ok
21:54:16.0776 0172  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:54:16.0806 0172  MSDTC - ok
21:54:16.0856 0172  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:54:16.0886 0172  Msfs - ok
21:54:16.0906 0172  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:54:16.0976 0172  mshidkmdf - ok
21:54:17.0006 0172  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:54:17.0016 0172  msisadrv - ok
21:54:17.0066 0172  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:54:17.0096 0172  MSiSCSI - ok
21:54:17.0106 0172  msiserver - ok
21:54:17.0156 0172  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:54:17.0196 0172  MSKSSRV - ok
21:54:17.0216 0172  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:54:17.0246 0172  MSPCLOCK - ok
21:54:17.0296 0172  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:54:17.0346 0172  MSPQM - ok
21:54:17.0366 0172  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:54:17.0376 0172  MsRPC - ok
21:54:17.0416 0172  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:54:17.0436 0172  mssmbios - ok
21:54:17.0496 0172  MSSQL$MSSMLBIZ - ok
21:54:17.0576 0172  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:54:17.0596 0172  MSSQLServerADHelper - ok
21:54:17.0666 0172  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:54:17.0706 0172  MSTEE - ok
21:54:17.0746 0172  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:54:17.0796 0172  MTConfig - ok
21:54:17.0826 0172  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:54:17.0836 0172  Mup - ok
21:54:17.0876 0172  [ C3DECE7A0E627750DE6B1A27427589C1 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:54:17.0916 0172  MyWiFiDHCPDNS ( UnsignedFile.Multi.Generic ) - warning
21:54:17.0916 0172  MyWiFiDHCPDNS - detected UnsignedFile.Multi.Generic (1)
21:54:17.0956 0172  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:54:18.0026 0172  napagent - ok
21:54:18.0086 0172  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:54:18.0116 0172  NativeWifiP - ok
21:54:18.0196 0172  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:54:18.0286 0172  NDIS - ok
21:54:18.0316 0172  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:54:18.0346 0172  NdisCap - ok
21:54:18.0386 0172  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:54:18.0446 0172  NdisTapi - ok
21:54:18.0476 0172  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:54:18.0516 0172  Ndisuio - ok
21:54:18.0546 0172  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:54:18.0586 0172  NdisWan - ok
21:54:18.0626 0172  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:54:18.0676 0172  NDProxy - ok
21:54:18.0746 0172  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:54:18.0756 0172  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:54:18.0756 0172  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:54:18.0806 0172  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:54:18.0846 0172  NetBIOS - ok
21:54:18.0896 0172  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:54:18.0956 0172  NetBT - ok
21:54:18.0966 0172  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:54:18.0986 0172  Netlogon - ok
21:54:19.0036 0172  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:54:19.0136 0172  Netman - ok
21:54:19.0166 0172  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:54:19.0246 0172  netprofm - ok
21:54:19.0286 0172  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:54:19.0296 0172  NetTcpPortSharing - ok
21:54:19.0456 0172  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
21:54:19.0636 0172  netw5v32 - ok
21:54:19.0686 0172  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:54:19.0726 0172  nfrd960 - ok
21:54:19.0766 0172  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:54:19.0806 0172  NlaSvc - ok
21:54:19.0806 0172  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:54:19.0866 0172  Npfs - ok
21:54:19.0906 0172  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:54:19.0936 0172  nsi - ok
21:54:19.0976 0172  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:54:20.0026 0172  nsiproxy - ok
21:54:20.0106 0172  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:54:20.0216 0172  Ntfs - ok
21:54:20.0236 0172  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:54:20.0286 0172  Null - ok
21:54:20.0326 0172  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:54:20.0336 0172  nvraid - ok
21:54:20.0356 0172  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:54:20.0376 0172  nvstor - ok
21:54:20.0406 0172  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:54:20.0416 0172  nv_agp - ok
21:54:20.0496 0172  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:54:20.0526 0172  odserv - ok
21:54:20.0576 0172  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:54:20.0616 0172  ohci1394 - ok
21:54:20.0666 0172  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:54:20.0676 0172  ose - ok
21:54:20.0706 0172  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:54:20.0766 0172  p2pimsvc - ok
21:54:20.0806 0172  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:54:20.0846 0172  p2psvc - ok
21:54:20.0886 0172  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:54:20.0916 0172  Parport - ok
21:54:20.0966 0172  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:54:21.0006 0172  partmgr - ok
21:54:21.0026 0172  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:54:21.0056 0172  Parvdm - ok
21:54:21.0096 0172  [ 9987ABA0E5DD0D46C95076B157B38C06 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
21:54:21.0126 0172  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:54:21.0126 0172  PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:54:21.0176 0172  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:54:21.0216 0172  PcaSvc - ok
21:54:21.0266 0172  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:54:21.0276 0172  pci - ok
21:54:21.0326 0172  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:54:21.0336 0172  pciide - ok
21:54:21.0386 0172  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:54:21.0406 0172  pcmcia - ok
21:54:21.0516 0172  [ E6E503845208A148A9E3E7FAA63B97A4 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
21:54:21.0546 0172  PCToolsSSDMonitorSvc - ok
21:54:21.0566 0172  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:54:21.0576 0172  pcw - ok
21:54:21.0616 0172  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:54:21.0656 0172  PEAUTH - ok
21:54:21.0716 0172  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:54:21.0826 0172  PeerDistSvc - ok
21:54:21.0906 0172  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:54:21.0996 0172  pla - ok
21:54:22.0056 0172  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:54:22.0106 0172  PlugPlay - ok
21:54:22.0146 0172  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:54:22.0166 0172  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:54:22.0166 0172  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:54:22.0186 0172  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:54:22.0216 0172  PNRPAutoReg - ok
21:54:22.0266 0172  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:54:22.0276 0172  PNRPsvc - ok
21:54:22.0316 0172  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:54:22.0376 0172  PolicyAgent - ok
21:54:22.0416 0172  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:54:22.0476 0172  Power - ok
21:54:22.0566 0172  [ 2804E582753985E6DEF08FF5B0B2C82E ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
21:54:22.0596 0172  Power Manager DBC Service - ok
21:54:22.0656 0172  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:54:22.0706 0172  PptpMiniport - ok
21:54:22.0726 0172  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:54:22.0756 0172  Processor - ok
21:54:22.0806 0172  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:54:22.0876 0172  ProfSvc - ok
21:54:22.0896 0172  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:54:22.0906 0172  ProtectedStorage - ok
21:54:22.0936 0172  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:54:22.0976 0172  Psched - ok
21:54:23.0016 0172  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
21:54:23.0036 0172  PxHelp20 - ok
21:54:23.0096 0172  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:54:23.0196 0172  ql2300 - ok
21:54:23.0246 0172  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:54:23.0296 0172  ql40xx - ok
21:54:23.0336 0172  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:54:23.0366 0172  QWAVE - ok
21:54:23.0386 0172  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:54:23.0406 0172  QWAVEdrv - ok
21:54:23.0416 0172  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:54:23.0486 0172  RasAcd - ok
21:54:23.0536 0172  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:54:23.0606 0172  RasAgileVpn - ok
21:54:23.0636 0172  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:54:23.0666 0172  RasAuto - ok
21:54:23.0727 0172  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:54:23.0797 0172  Rasl2tp - ok
21:54:23.0847 0172  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:54:23.0897 0172  RasMan - ok
21:54:23.0927 0172  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:54:23.0977 0172  RasPppoe - ok
21:54:24.0007 0172  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:54:24.0057 0172  RasSstp - ok
21:54:24.0097 0172  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:54:24.0167 0172  rdbss - ok
21:54:24.0207 0172  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:54:24.0237 0172  rdpbus - ok
21:54:24.0277 0172  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:54:24.0347 0172  RDPCDD - ok
21:54:24.0447 0172  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:54:24.0557 0172  RDPDR - ok
21:54:24.0597 0172  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:54:24.0657 0172  RDPENCDD - ok
21:54:24.0677 0172  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:54:24.0707 0172  RDPREFMP - ok
21:54:24.0737 0172  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:54:24.0827 0172  RDPWD - ok
21:54:24.0857 0172  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:54:24.0887 0172  rdyboost - ok
21:54:24.0917 0172  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:54:24.0977 0172  RemoteAccess - ok
21:54:25.0017 0172  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:54:25.0067 0172  RemoteRegistry - ok
21:54:25.0107 0172  [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
21:54:25.0187 0172  rimmptsk - ok
21:54:25.0237 0172  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
21:54:25.0287 0172  rimsptsk - ok
21:54:25.0307 0172  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
21:54:25.0337 0172  rismxdp - ok
21:54:25.0387 0172  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:54:25.0427 0172  RpcEptMapper - ok
21:54:25.0467 0172  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:54:25.0497 0172  RpcLocator - ok
21:54:25.0537 0172  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:54:25.0567 0172  RpcSs - ok
21:54:25.0617 0172  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:54:25.0667 0172  rspndr - ok
21:54:25.0717 0172  [ 1F561844318914E7EB6E54673A4CC54C ] s117bus         C:\Windows\system32\DRIVERS\s117bus.sys
21:54:25.0747 0172  s117bus - ok
21:54:25.0797 0172  [ BA93EEC3CDF6A63B77AE66221AA4F902 ] s117mdfl        C:\Windows\system32\DRIVERS\s117mdfl.sys
21:54:25.0827 0172  s117mdfl - ok
21:54:25.0847 0172  [ CBA12FD8A8EE5B5CDFBBAE2381CD6703 ] s117mdm         C:\Windows\system32\DRIVERS\s117mdm.sys
21:54:25.0867 0172  s117mdm - ok
21:54:25.0897 0172  [ BD6483E64B1DA17E812B34BCDEFD9459 ] s117mgmt        C:\Windows\system32\DRIVERS\s117mgmt.sys
21:54:25.0907 0172  s117mgmt - ok
21:54:25.0927 0172  [ C7CA36C3054B4CD47A1F6611B046E2F9 ] s117nd5         C:\Windows\system32\DRIVERS\s117nd5.sys
21:54:25.0937 0172  s117nd5 - ok
21:54:25.0957 0172  [ E290B3A6B58FB72CA97DD48D64E4FC1C ] s117obex        C:\Windows\system32\DRIVERS\s117obex.sys
21:54:25.0987 0172  s117obex - ok
21:54:26.0017 0172  [ 5C4D1BA23C7511AC880E8BA7BAA80DBA ] s117unic        C:\Windows\system32\DRIVERS\s117unic.sys
21:54:26.0027 0172  s117unic - ok
21:54:26.0047 0172  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:54:26.0117 0172  s3cap - ok
21:54:26.0137 0172  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:54:26.0157 0172  SamSs - ok
21:54:26.0207 0172  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:54:26.0237 0172  sbp2port - ok
21:54:26.0277 0172  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:54:26.0307 0172  SCardSvr - ok
21:54:26.0327 0172  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:54:26.0347 0172  scfilter - ok
21:54:26.0397 0172  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:54:26.0467 0172  Schedule - ok
21:54:26.0507 0172  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:54:26.0547 0172  SCPolicySvc - ok
21:54:26.0597 0172  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
21:54:26.0617 0172  sdbus - ok
21:54:26.0647 0172  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:54:26.0747 0172  SDRSVC - ok
21:54:26.0817 0172  [ 16A252022535B680046F6E34E136D378 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:54:26.0847 0172  SeaPort - ok
21:54:26.0897 0172  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:54:26.0937 0172  secdrv - ok
21:54:26.0967 0172  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:54:27.0007 0172  seclogon - ok
21:54:27.0047 0172  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
21:54:27.0087 0172  seehcri - ok
21:54:27.0127 0172  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:54:27.0167 0172  SENS - ok
21:54:27.0207 0172  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:54:27.0307 0172  SensrSvc - ok
21:54:27.0337 0172  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:54:27.0387 0172  Serenum - ok
21:54:27.0437 0172  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:54:27.0477 0172  Serial - ok
21:54:27.0517 0172  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:54:27.0547 0172  sermouse - ok
21:54:27.0597 0172  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:54:27.0647 0172  SessionEnv - ok
21:54:27.0677 0172  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:54:27.0717 0172  sffdisk - ok
21:54:27.0757 0172  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:54:27.0797 0172  sffp_mmc - ok
21:54:27.0827 0172  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:54:27.0837 0172  sffp_sd - ok
21:54:27.0907 0172  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:54:27.0917 0172  sfloppy - ok
21:54:27.0967 0172  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:54:28.0027 0172  SharedAccess - ok
21:54:28.0057 0172  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:54:28.0097 0172  ShellHWDetection - ok
21:54:28.0137 0172  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:54:28.0157 0172  sisagp - ok
21:54:28.0207 0172  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:54:28.0217 0172  SiSRaid2 - ok
21:54:28.0247 0172  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:54:28.0257 0172  SiSRaid4 - ok
21:54:28.0327 0172  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:54:28.0337 0172  SkypeUpdate - ok
21:54:28.0367 0172  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:54:28.0387 0172  Smb - ok
21:54:28.0437 0172  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:54:28.0457 0172  SNMPTRAP - ok
21:54:28.0487 0172  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:54:28.0507 0172  spldr - ok
21:54:28.0557 0172  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:54:28.0637 0172  Spooler - ok
21:54:28.0767 0172  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:54:28.0937 0172  sppsvc - ok
21:54:28.0957 0172  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:54:29.0007 0172  sppuinotify - ok
21:54:29.0047 0172  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:54:29.0057 0172  SQLBrowser - ok
21:54:29.0087 0172  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:54:29.0097 0172  SQLWriter - ok
21:54:29.0127 0172  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:54:29.0207 0172  srv - ok
21:54:29.0227 0172  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:54:29.0277 0172  srv2 - ok
21:54:29.0307 0172  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:54:29.0347 0172  srvnet - ok
21:54:29.0397 0172  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:54:29.0457 0172  SSDPSRV - ok
21:54:29.0517 0172  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:54:29.0527 0172  ssmdrv - ok
21:54:29.0557 0172  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:54:29.0607 0172  SstpSvc - ok
21:54:29.0657 0172  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:54:29.0687 0172  stexstor - ok
21:54:29.0717 0172  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
21:54:29.0747 0172  StillCam - ok
21:54:29.0797 0172  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:54:29.0847 0172  StiSvc - ok
21:54:29.0877 0172  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:54:29.0897 0172  storflt - ok
21:54:29.0927 0172  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
21:54:29.0977 0172  StorSvc - ok
21:54:30.0027 0172  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:54:30.0047 0172  storvsc - ok
21:54:30.0137 0172  [ A5542490B61C8D8BDE2C8BAEACBD1613 ] SUService       c:\Program Files\Lenovo\System Update\SUService.exe
21:54:30.0147 0172  SUService ( UnsignedFile.Multi.Generic ) - warning
21:54:30.0147 0172  SUService - detected UnsignedFile.Multi.Generic (1)
21:54:30.0187 0172  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:54:30.0207 0172  swenum - ok
21:54:30.0247 0172  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:54:30.0307 0172  swprv - ok
21:54:30.0357 0172  [ 130332E29759FD0EEFFBB143EDF4E8D3 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:54:30.0377 0172  SynTP - ok
21:54:30.0467 0172  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:54:30.0537 0172  SysMain - ok
21:54:30.0577 0172  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:54:30.0617 0172  TabletInputService - ok
21:54:30.0657 0172  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:54:30.0707 0172  TapiSrv - ok
21:54:30.0737 0172  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:54:30.0777 0172  TBS - ok
21:54:30.0867 0172  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:54:30.0967 0172  Tcpip - ok
21:54:31.0027 0172  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:54:31.0067 0172  TCPIP6 - ok
21:54:31.0107 0172  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:54:31.0157 0172  tcpipreg - ok
21:54:31.0177 0172  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:54:31.0247 0172  TDPIPE - ok
21:54:31.0267 0172  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:54:31.0287 0172  TDTCP - ok
21:54:31.0337 0172  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:54:31.0387 0172  tdx - ok
21:54:31.0427 0172  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:54:31.0447 0172  TermDD - ok
21:54:31.0487 0172  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:54:31.0577 0172  TermService - ok
21:54:31.0607 0172  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:54:31.0647 0172  Themes - ok
21:54:31.0717 0172  [ EB90A37AABAEFD7B4F4F92BEFEA8C2E2 ] ThinkVantage Registry Monitor Service c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:54:31.0788 0172  ThinkVantage Registry Monitor Service - ok
21:54:31.0808 0172  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:54:31.0848 0172  THREADORDER - ok
21:54:31.0878 0172  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:54:31.0908 0172  TPM - ok
21:54:31.0948 0172  [ 6412DA2B8D079D821B99B3A99943284E ] TPPWRIF         C:\Windows\system32\drivers\Tppwr32v.sys
21:54:31.0948 0172  TPPWRIF - ok
21:54:31.0988 0172  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:54:32.0068 0172  TrkWks - ok
21:54:32.0128 0172  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:54:32.0208 0172  TrustedInstaller - ok
21:54:32.0288 0172  [ 4A4FFDEB90A151B734A0BEA3D420FD3B ] TSSCoreService  C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
21:54:32.0348 0172  TSSCoreService - ok
21:54:32.0378 0172  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:54:32.0458 0172  tssecsrv - ok
21:54:32.0568 0172  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:54:32.0628 0172  TsUsbFlt - ok
21:54:32.0668 0172  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:54:32.0728 0172  tunnel - ok
21:54:32.0798 0172  [ 1A9F115D6F82FC0753D06599E42B2295 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
21:54:32.0828 0172  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
21:54:32.0828 0172  TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
21:54:32.0868 0172  [ 43FFBB6AF7245C97865ADA74B8CEECF9 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
21:54:32.0938 0172  TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
21:54:32.0938 0172  TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
21:54:33.0048 0172  [ 58BC366538A8A1F252D2750C1F5193B6 ] TVT Scheduler   c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
21:54:33.0148 0172  TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
21:54:33.0148 0172  TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
21:54:33.0188 0172  [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter       C:\Windows\system32\DRIVERS\tvtfilter.sys
21:54:33.0218 0172  tvtfilter ( UnsignedFile.Multi.Generic ) - warning
21:54:33.0218 0172  tvtfilter - detected UnsignedFile.Multi.Generic (1)
21:54:33.0248 0172  [ 22A001F3FBB92E3811C3BFD8FDAD3ED3 ] TVT_UpdateMonitor C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
21:54:33.0268 0172  TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - warning
21:54:33.0278 0172  TVT_UpdateMonitor - detected UnsignedFile.Multi.Generic (1)
21:54:33.0298 0172  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:54:33.0318 0172  uagp35 - ok
21:54:33.0338 0172  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:54:33.0398 0172  udfs - ok
21:54:33.0428 0172  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:54:33.0468 0172  UI0Detect - ok
21:54:33.0508 0172  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:54:33.0528 0172  uliagpkx - ok
21:54:33.0588 0172  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
21:54:33.0638 0172  umbus - ok
21:54:33.0668 0172  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:54:33.0688 0172  UmPass - ok
21:54:33.0718 0172  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:54:33.0758 0172  UmRdpService - ok
21:54:33.0788 0172  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:54:33.0828 0172  upnphost - ok
21:54:33.0888 0172  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:54:33.0918 0172  USBAAPL - ok
21:54:33.0948 0172  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:54:33.0978 0172  usbccgp - ok
21:54:34.0018 0172  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:54:34.0058 0172  usbcir - ok
21:54:34.0098 0172  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:54:34.0118 0172  usbehci - ok
21:54:34.0178 0172  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
21:54:34.0218 0172  usbhub - ok
21:54:34.0258 0172  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:54:34.0288 0172  usbohci - ok
21:54:34.0338 0172  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:54:34.0358 0172  usbprint - ok
21:54:34.0388 0172  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:54:34.0418 0172  usbscan - ok
21:54:34.0438 0172  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:54:34.0518 0172  USBSTOR - ok
21:54:34.0568 0172  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:54:34.0588 0172  usbuhci - ok
21:54:34.0628 0172  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:54:34.0698 0172  UxSms - ok
21:54:34.0718 0172  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:54:34.0748 0172  VaultSvc - ok
21:54:34.0788 0172  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:54:34.0798 0172  vdrvroot - ok
21:54:34.0848 0172  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:54:34.0938 0172  vds - ok
21:54:35.0008 0172  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:54:35.0038 0172  vga - ok
21:54:35.0078 0172  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:54:35.0108 0172  VgaSave - ok
21:54:35.0148 0172  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:54:35.0178 0172  vhdmp - ok
21:54:35.0228 0172  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:54:35.0248 0172  viaagp - ok
21:54:35.0278 0172  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:54:35.0308 0172  ViaC7 - ok
21:54:35.0358 0172  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:54:35.0368 0172  viaide - ok
21:54:35.0398 0172  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:54:35.0418 0172  vmbus - ok
21:54:35.0448 0172  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:54:35.0478 0172  VMBusHID - ok
21:54:35.0518 0172  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:54:35.0528 0172  volmgr - ok
21:54:35.0568 0172  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:54:35.0608 0172  volmgrx - ok
21:54:35.0648 0172  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:54:35.0688 0172  volsnap - ok
21:54:35.0738 0172  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:54:35.0748 0172  vsmraid - ok
21:54:35.0798 0172  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:54:35.0898 0172  VSS - ok
21:54:35.0918 0172  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:54:35.0948 0172  vwifibus - ok
21:54:35.0998 0172  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:54:36.0048 0172  W32Time - ok
21:54:36.0058 0172  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:54:36.0098 0172  WacomPen - ok
21:54:36.0148 0172  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:54:36.0238 0172  WANARP - ok
21:54:36.0248 0172  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:54:36.0288 0172  Wanarpv6 - ok
21:54:36.0388 0172  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:54:36.0468 0172  WatAdminSvc - ok
21:54:36.0528 0172  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:54:36.0638 0172  wbengine - ok
21:54:36.0681 0172  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:54:36.0770 0172  WbioSrvc - ok
21:54:36.0820 0172  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:54:36.0880 0172  wcncsvc - ok
21:54:36.0920 0172  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:54:36.0990 0172  WcsPlugInService - ok
21:54:37.0029 0172  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:54:37.0042 0172  Wd - ok
21:54:37.0092 0172  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:54:37.0142 0172  Wdf01000 - ok
21:54:37.0152 0172  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:54:37.0222 0172  WdiServiceHost - ok
21:54:37.0232 0172  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:54:37.0252 0172  WdiSystemHost - ok
21:54:37.0282 0172  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:54:37.0332 0172  WebClient - ok
21:54:37.0382 0172  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:54:37.0432 0172  Wecsvc - ok
21:54:37.0442 0172  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:54:37.0492 0172  wercplsupport - ok
21:54:37.0522 0172  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:54:37.0572 0172  WerSvc - ok
21:54:37.0622 0172  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:54:37.0682 0172  WfpLwf - ok
21:54:37.0712 0172  [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
21:54:37.0732 0172  WimFltr - ok
21:54:37.0742 0172  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:54:37.0762 0172  WIMMount - ok
21:54:37.0812 0172  [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:54:37.0902 0172  winachsf - ok
21:54:37.0982 0172  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:54:38.0062 0172  WinDefend - ok
21:54:38.0072 0172  WinHttpAutoProxySvc - ok
21:54:38.0142 0172  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:54:38.0242 0172  Winmgmt - ok
21:54:38.0362 0172  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:54:38.0452 0172  WinRM - ok
21:54:38.0502 0172  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:54:38.0542 0172  WinUsb - ok
21:54:38.0592 0172  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:54:38.0642 0172  Wlansvc - ok
21:54:38.0682 0172  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:54:38.0742 0172  WmiAcpi - ok
21:54:38.0782 0172  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:54:38.0812 0172  wmiApSrv - ok
21:54:38.0912 0172  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:54:39.0032 0172  WMPNetworkSvc - ok
21:54:39.0062 0172  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:54:39.0162 0172  WPCSvc - ok
21:54:39.0192 0172  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:54:39.0252 0172  WPDBusEnum - ok
21:54:39.0292 0172  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:54:39.0332 0172  ws2ifsl - ok
21:54:39.0362 0172  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:54:39.0382 0172  wscsvc - ok
21:54:39.0432 0172  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
21:54:39.0452 0172  WSDPrintDevice - ok
21:54:39.0452 0172  WSearch - ok
21:54:39.0552 0172  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:54:39.0672 0172  wuauserv - ok
21:54:39.0712 0172  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:54:39.0772 0172  WudfPf - ok
21:54:39.0812 0172  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:54:39.0832 0172  WUDFRd - ok
21:54:39.0872 0172  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:54:39.0892 0172  wudfsvc - ok
21:54:39.0942 0172  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:54:40.0032 0172  WwanSvc - ok
21:54:40.0084 0172  [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
21:54:40.0114 0172  XAudio - ok
21:54:40.0134 0172  [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
21:54:40.0174 0172  XAudioService - ok
21:54:40.0204 0172  ================ Scan global ===============================
21:54:40.0234 0172  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:54:40.0264 0172  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
21:54:40.0274 0172  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
21:54:40.0304 0172  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:54:40.0344 0172  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:54:40.0354 0172  [Global] - ok
21:54:40.0354 0172  ================ Scan MBR ==================================
21:54:40.0364 0172  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:54:40.0774 0172  \Device\Harddisk0\DR0 - ok
21:54:40.0784 0172  ================ Scan VBR ==================================
21:54:40.0814 0172  [ 12D31D17B17360F54DE5C4F71F1D473D ] \Device\Harddisk0\DR0\Partition1
21:54:40.0814 0172  \Device\Harddisk0\DR0\Partition1 - ok
21:54:40.0834 0172  [ 057DBBCDD980C704FE99B2E8A0EBBB9B ] \Device\Harddisk0\DR0\Partition2
21:54:40.0844 0172  \Device\Harddisk0\DR0\Partition2 - ok
21:54:40.0874 0172  [ D6800D97591C85B65873820A1565E8F3 ] \Device\Harddisk0\DR0\Partition3
21:54:40.0874 0172  \Device\Harddisk0\DR0\Partition3 - ok
21:54:40.0874 0172  ============================================================
21:54:40.0874 0172  Scan finished
21:54:40.0874 0172  ============================================================
21:54:40.0894 3884  Detected object count: 19
21:54:40.0894 3884  Actual detected object count: 19
21:55:15.0766 3884  ADMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884  ADMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0766 3884  AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884  AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0766 3884  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0766 3884  dtsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884  dtsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0766 3884  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0766 3884  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0766 3884  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0776 3884  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0776 3884  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0776 3884  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0776 3884  MyWiFiDHCPDNS ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884  MyWiFiDHCPDNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0776 3884  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0776 3884  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0776 3884  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0786 3884  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0786 3884  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0786 3884  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0786 3884  TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884  TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0786 3884  TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0786 3884  TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0796 3884  tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0796 3884  tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:15.0796 3884  TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:15.0796 3884  TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 11.01.2013, 21:14   #11
markusg
/// Malware-holic
 
System Progressive Protection... - Standard

System Progressive Protection...



combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 22:43   #12
sensa
 
System Progressive Protection... - Standard

System Progressive Protection...



endlich, endlich...

Code:
ATTFilter
ComboFix 13-01-11.02 - *** 11.01.2013  23:06:18.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.1992.586 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\system32\Thumbs.db
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Roaming
c:\users\***\AppData\Roaming\Haowes
c:\users\***\AppData\Roaming\Haowes\feti.abb
c:\users\***\AppData\Roaming\Urruer
c:\users\***\AppData\Roaming\Urruer\wovye.kax
Q:\AUTORUN.INF
S:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-11 bis 2013-01-11  ))))))))))))))))))))))))))))))
.
.
2013-01-11 22:21 . 2013-01-11 22:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-10 21:52 . 2013-01-10 21:52	--------	d-----w-	c:\users\***\AppData\Roaming\EurekaLog
2013-01-10 21:15 . 2013-01-11 22:24	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2013-01-10 20:31 . 2013-01-10 20:31	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-01-10 20:31 . 2013-01-10 20:31	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-10 20:31 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-10 20:31 . 2013-01-10 20:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-10 20:31 . 2013-01-10 20:31	--------	d-----w-	c:\users\***\AppData\Local\Programs
2013-01-10 20:02 . 2013-01-10 20:50	--------	d-----w-	c:\programdata\6472A497FCFAC9BE00006472402ACED0
2013-01-09 20:53 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 20:52 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 20:52 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 20:51 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 20:49 . 2012-12-07 10:46	43520	----a-w-	c:\windows\system32\csrr.rs
2013-01-09 20:48 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 20:48 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2012-12-22 08:57 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 08:57 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 20:38 . 2012-03-30 11:03	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:38 . 2011-05-19 06:33	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 17:23 . 2012-12-09 17:16	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-11 17:23 . 2012-12-09 17:16	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-16 19:17 . 2012-12-09 17:16	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-14 02:09 . 2012-12-12 22:19	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 22:19	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 22:19	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 22:19	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 22:19	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 22:19	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 19:12	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 19:13	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-10-16 07:39 . 2012-11-28 20:07	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 435488]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-07-29 177440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-08-12 16384]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-11 1191936]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-14 214576]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-14 644384]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-03-07 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-10-17 3364264]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-17 752168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-23 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-10-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [x]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [x]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [x]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [x]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:38]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 12:41]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 12:41]
.
2012-09-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-12-22 c:\windows\Tasks\ReclaimerUpdateFiles_Sonja.job
- c:\users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 22:21]
.
2013-01-05 c:\windows\Tasks\ReclaimerUpdateXML_Sonja.job
- c:\users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 22:21]
.
2013-01-11 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-02-07 07:46]
.
2013-01-11 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Sonja.job
- c:\users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 22:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.taekwondo.ch/bern/
uInternet Settings,ProxyOverride = *.local*.unibe.ch;130.92.*;<local>;*.local
uInternet Settings,ProxyServer = http=proxy.unibe.ch:80
uSearchURL,(Default) = hxxp://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(668)
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
c:\windows\system32\EhStorShell.dll
c:\windows\system32\SndVolSSO.DLL
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\windows\System32\srchadmin.dll
c:\windows\system32\wwapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\msiexec.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-11  23:35:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-11 22:35
.
Vor Suchlauf: 21 Verzeichnis(se), 78'102'953'984 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 77'844'779'008 Bytes frei
.
- - End Of File - - 989190A253EA9FFCE81707B67303F485
         

Alt 14.01.2013, 15:35   #13
markusg
/// Malware-holic
 
System Progressive Protection... - Standard

System Progressive Protection...



hi
nutzt du das System für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.01.2013, 16:17   #14
sensa
 
System Progressive Protection... - Standard

System Progressive Protection...



Hallo
Ich habs benutzt für onlinebanking (habe ich sperren lassen) und selten mal zum einkaufen. Beruflich gar nichts.

Alt 14.01.2013, 20:27   #15
markusg
/// Malware-holic
 
System Progressive Protection... - Standard

System Progressive Protection...



hi
du hast hier das zero access rootkit, das kann man nicht 100 %ig sicher los werden, du machst aber onlinebanking, deswegen ist das nötig.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu System Progressive Protection...
administrator, anti-malware, appdata, autostart, code, dateien, desktop, explorer, explorer.exe, gelöscht, gen, guard, hilfe!, laptop, malwarebytes, microsoft, quarantäne, roaming, service, software, speicher, system, test, version



Ähnliche Themen: System Progressive Protection...


  1. System Progressive Protection
    Log-Analyse und Auswertung - 23.01.2013 (16)
  2. System progressive protection
    Log-Analyse und Auswertung - 08.12.2012 (2)
  3. System Progressive Protection
    Log-Analyse und Auswertung - 08.12.2012 (2)
  4. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (1)
  5. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (13)
  6. System Progressive Protection
    Log-Analyse und Auswertung - 19.11.2012 (1)
  7. System Progressive Protection 3.7.17
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (15)
  8. System Progressive Protection
    Log-Analyse und Auswertung - 29.10.2012 (1)
  9. system progressive protection
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (28)
  10. System Progressive Protection - Entfernung
    Log-Analyse und Auswertung - 28.10.2012 (15)
  11. System Progressive Protection :(
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  12. System Progressive Protection 3.7.10
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  13. System Progressive Protection befall
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (8)
  14. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (24)
  15. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (1)
  16. System progressive protection
    Log-Analyse und Auswertung - 21.09.2012 (3)
  17. System Progressive Protection
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (1)

Zum Thema System Progressive Protection... - Hallo zusammen Heute hat sich bei mir der System Progressive Protection installiert. Ich habe, wie in einem Beitrag geschrieben, den rkill gestartet und mit Malwarebytes das System durchsucht. Hier der - System Progressive Protection......
Archiv
Du betrachtest: System Progressive Protection... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.