Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner unter Windows VISTA

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.01.2013, 18:10   #1
TB-Mobil
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Hallo,

ich hab mir den GVU-Trojaner eingefangen.
Nach einiger Suche zu dem Problem (anderer Rechner) hab ich mit einer Start-CD und Kaspersky WindowsUnlocker und manuellem Datei-Löschen schon das Gröbste bereinigt und konnte immerhin wieder Windows starten.

Dann hab ich direkt Malwarebytes Anti-Malware ausgeführt und ordentlich gescannt. Aber nichts mehr gefunden.

Trotzdem hab ich das Gefühl dass irgendwas nicht richtig am PC ist.
Beim Start gibts jetzt jedesmal eine Fehlermeldung.
Dabei gehts zwar um eine "Rescue und Recovery"-Programm das auf meinem Notebook vorinstalliert war, aber bisher hatte ich keine Fehlermeldung.
Außerdem hieß der Autostart-Ordner in meinem Startmenü plötzlich "Startup".

Jetzt hab ich die Programme "defogger", "OTL" und "Gmer" ausgeführt.

Die Logs sind hier:

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 23.01.2013 17:39:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,18% Memory free
4,22 Gb Paging File | 3,38 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96,40 Gb Total Space | 4,95 Gb Free Space | 5,13% Space Free | Partition Type: NTFS
Drive D: | 47,30 Gb Total Space | 9,77 Gb Free Space | 20,65% Space Free | Partition Type: NTFS
 
Computer Name: TB-MOBIL | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2025591093-2054289321-3464103709-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1025BA7F-E65F-445A-8F0B-BB527380EEE0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{110F98CB-570C-4576-BC59-EA14E5EF8CE2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{409228E9-7407-4184-A3ED-247354B4C1FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{56DED6A7-AAD0-4506-83BB-7D2F06B29FD1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{57FFD1AE-EA06-447F-A82C-5FA260655EF6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7E5B8CDA-2860-47D9-84F6-009642437F5A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8BE6B0A8-1C75-45B5-9724-B10339A77230}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{93917ED4-522D-4DC1-9B64-49C922B95475}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9B207301-5F8B-4959-B036-ED274B281CA5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ACEF2F67-2CD2-409F-AD56-A057E7D7B201}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B9A70F2D-CF28-4B22-BE63-DF611FF9C088}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C3CE0CAD-5A92-4F46-81EE-4F6464178852}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E88D0E75-9841-4B89-8A81-9E7DB7A36007}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{EBBB5DCF-2886-45D0-A361-E0C21AF3A3E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{ED42027E-EF1F-4A83-8413-1DAEB8268BBC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FCFFC7ED-3CB8-4964-B61F-DF9237AC8796}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0707D78E-7A3A-40AA-9C28-351DD4D86547}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe | 
"{10ECBF8D-51D7-4CB3-9079-C984730DA38D}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{28CF06E1-B883-4C45-82DA-8D872AAF5421}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2A8F4F8B-A013-4D8C-9D86-DA8C80C68684}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe | 
"{4A816557-44F0-4258-B990-30399C808F65}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{4AD823A7-87BF-4F74-B71C-50374D510BC7}" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe | 
"{5C02C78F-1C6A-4863-A7E3-6A8120B50DC2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60F57D54-DCA4-41FE-B92D-7657A9EBA3E3}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6ADECF92-38D5-4DF8-A029-ECDA82313C6F}" = protocol=6 | dir=in | app=c:\users\***\desktop\ida\ida pro advanced edition\idaq.exe | 
"{6DB82D25-6BA6-433D-8BEC-67266E5C561E}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe | 
"{918F9546-445D-42C0-96D6-AC3E95133990}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{98E13EF7-A5E3-4276-AFCC-444F528D0BC4}" = protocol=6 | dir=out | app=c:\program files\airvideoserver\airvideoserver.exe | 
"{99344BF7-ADC1-419F-BFB0-C526A71AEAE8}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A955DCC3-C9A7-4A81-A73D-CFEA00C42BD8}" = protocol=17 | dir=in | app=c:\users\***\desktop\ida\ida pro advanced edition\idaq.exe | 
"{AA46CFA1-DF29-4CB2-A003-65ADBFF51A1C}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{C173CA25-4085-4264-8B9C-EF8A08959F62}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C3A817AC-A2DE-4D11-B416-CF417C8FF660}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{CE70920F-86E4-475B-BD44-43925A1FDE51}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D860027A-A72A-42BF-AD1C-19F6EA0E4CAB}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D9FBD163-2FFF-4369-8FF1-360556129555}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DA1DF8BD-B041-400D-B579-42EBC4BCDD1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{DDA096B0-0697-4E69-9361-860FCF9F9E29}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{ED2B07BC-4B18-4059-AB8C-08F0DEFA4929}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{F02DFF1C-5EED-4926-A8BF-13CA5623672F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F2ADE5C7-FBBC-4FF1-BECC-971400E619C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{0A47FD98-07F6-439A-830C-08D85B30CAFE}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{0D06D730-1FB5-49A1-B898-B7037385AC2E}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 
"TCP Query User{0E4D7702-061B-471B-9BF9-B55156CEAD05}C:\program files\emule0.49b\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule0.49b\emule.exe | 
"TCP Query User{168D50F2-909B-44E7-A817-DD8A801324FF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{1D60A7A3-527E-424D-8CC0-DFC55D5D0C35}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{24D848DE-85B2-4028-A39C-667A7FD51A92}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{279F5BFA-EE07-471D-9C4B-3C3D091C539C}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 
"TCP Query User{2A4E5A1F-5BE4-4562-9D75-752D34DD8E7F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{2F634941-1993-4C82-AA58-8D46E1D05BDA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{336A2B4A-A90D-430A-9B68-D49F912F9CB5}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe | 
"TCP Query User{3D513C41-266D-4765-8613-FCF782E94FFB}C:\program files\concept design\onlinetv 4\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe | 
"TCP Query User{3DE706B9-905B-4CA3-9335-C5704B21D783}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3E4440F6-41ED-4D21-8B0C-97B157A0E907}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{48F0B438-50A9-4358-831B-65740B38245D}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{4F15F754-DB4F-4BD1-9809-E1E45BEC5793}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{516B0038-27E6-4F4F-A81D-BCB182806348}C:\program files\emule0.48a\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule0.48a\emule.exe | 
"TCP Query User{567A53B4-D250-462F-8A15-FD6542C53730}C:\users\***\desktop\gta\gtawin\gtawin.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\gta\gtawin\gtawin.exe | 
"TCP Query User{5A7D5166-CE16-47A8-8C28-1D1C85C8D4C9}C:\program files\emule0.48a\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule0.48a\emule.exe | 
"TCP Query User{5AB97D84-BD63-462A-BB9F-BF6FB310A225}C:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead.exe | 
"TCP Query User{85D0A82F-D304-43D6-BEA7-0BADB45D9753}I:\stuff\blobby\volley.exe" = protocol=6 | dir=in | app=i:\stuff\blobby\volley.exe | 
"TCP Query User{89DC0A4A-9BEC-43C0-9948-FA818515F544}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{9A97D0B4-2AE9-473F-8B5B-70AE17E535B6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{A55D8537-91BD-49DF-AB11-9E397EE9BBAC}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe | 
"TCP Query User{A9E6CF63-3687-4DBA-81DA-5E1DAF4E7CDA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{B2C72289-7F41-45F0-A2C9-1EB56ABCDF08}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{C360CBAD-E2CC-4F6F-9B26-D53AD1D9D77D}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe | 
"TCP Query User{D8552CD8-7589-4F64-B672-2F051BFF247A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{D8EDD7D4-1298-45A5-9458-823C0D857F23}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{DE1BB17D-3542-46C0-9016-8BD03ACE3B85}C:\users\***\desktop\games\gta\gtawin\gtawin.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\games\gta\gtawin\gtawin.exe | 
"TCP Query User{E96B3942-FE18-468F-8DB1-6EA90399873A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{F22FC8FF-11FC-40CB-A8D1-7D0C0389345B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{FD0A5A04-4ECA-4416-9A8E-1CF6BDFD2321}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{04058F6A-333D-40E5-B361-311CCEEA6EA6}C:\program files\emule0.48a\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule0.48a\emule.exe | 
"UDP Query User{0441CEB9-F499-453A-8825-A2F6DDD87B9C}C:\program files\concept design\onlinetv 4\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe | 
"UDP Query User{05E5A4FD-10BE-4619-9FCE-3F7B73633EA4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{156613AD-6EFA-4203-AE44-DDD39AAF889A}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe | 
"UDP Query User{1E5F338F-6FAA-4E2C-93CB-D39601DB3708}C:\users\***\desktop\gta\gtawin\gtawin.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\gta\gtawin\gtawin.exe | 
"UDP Query User{20513F0C-BA0C-4C6D-874D-22D1A496D3D4}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{22B45105-2432-4373-83F4-AA54D71B9756}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{280070F5-D57A-4718-860D-35B3E461AF71}C:\program files\emule0.48a\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule0.48a\emule.exe | 
"UDP Query User{290EC590-E521-424A-B4A0-C96911DCAEA0}I:\stuff\blobby\volley.exe" = protocol=17 | dir=in | app=i:\stuff\blobby\volley.exe | 
"UDP Query User{36362BAC-49CB-4B55-AE11-F9FF4CC18C14}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{46BDD58D-26A9-4E64-9AC6-54562D8CCFDF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{495EE38D-86B4-4199-B62E-1E859AFC8A88}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{4BFD8AB0-E9AE-4780-AC61-D215AFD4BB06}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{531C25F3-8AB9-4BFC-8C70-2C994649F339}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe | 
"UDP Query User{6DD64D81-4AF6-41F0-AF00-6E9325EBB574}C:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead.exe | 
"UDP Query User{77FD7AD8-7F58-4D17-893D-A10C73657E80}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 
"UDP Query User{7A9F7A81-0DA3-4FEB-AC68-EA4884C32C58}C:\program files\emule0.49b\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule0.49b\emule.exe | 
"UDP Query User{82A8C488-607B-4437-9FB7-944A9FE6599C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{ABBE2CF1-AFC3-49AE-9600-EC720D0F1BFE}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{BE26C9EC-8698-4F25-AF3A-8408CBE4E4A1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{C54AADEE-1580-4612-88FA-9426A3F77D00}C:\users\***\desktop\games\gta\gtawin\gtawin.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\games\gta\gtawin\gtawin.exe | 
"UDP Query User{CABFCD5E-26C7-4001-A9A9-FC82AFAFC177}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{CF22CF37-D23B-4893-AEFA-0C6766C329F4}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe | 
"UDP Query User{D05C1B57-2FB7-45E9-A52A-D6F01F4FF26C}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{D3FF2FE7-13E9-4D27-9E4E-3257B4FBEA45}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{DC48C01B-21BE-4437-83B1-03B85010FFDF}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{E8482BD2-BDFD-422D-98DA-838C4B005C36}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EC55A03F-204D-4DED-941D-F9E4F686DCA6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{EC85F72F-6CB1-48FF-8858-FCF2F4E6CFB8}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 
"UDP Query User{ECB7203B-CC76-4A54-957C-0F885BE2D140}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{F008D385-E078-4172-B975-B5CDF2AFE143}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{FB57B8BA-6056-4F8B-BEA2-0465E7EE8D51}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{57F66B4D-C3C6-4CE2-AA9C-CDDE448F5DC1}" = ape@map
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7AE25201-3E12-4FA2-9E65-67CD475D9263}" = ACDSee 9 Foto-Manager
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{809B22DC-A386-4F22-0023-DE0000000001}" = EXAM 11.0
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{83B0CE83-BE3C-464B-851B-19555F6A8633}" = Vista Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F9BE2A8-2FA2-438E-934B-6F237B641167}" = Cooliris for Internet Explorer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148E192-F289-4297-85BF-70E2A422EB25}_is1" = Android-Sync (PRE-ALPHA) ver0.192a
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4278936-73B8-4250-AF88-21E26249D5F8}" = REFPROP
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{ECE355F2-E477-47db-83DA-6311841ABC23}}_is1" = Sceneo Vcopy Version 1.5
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2705192-1C10-4FD9-A10F-47D9D9706287}" = PowerArchiver 2007 German
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Air Video Server" = Air Video Server 2.4.3
"Allway Sync_is1" = Allway Sync version 12.0.12
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AwayTask" = Maintenance Manager
"Blender" = Blender (remove only)
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CD/DVD Diagnostic" = CD/DVD Diagnostic
"CloneCD" = CloneCD
"Contour Storyteller 3.0.1" = Contour Storyteller
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.6
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.7.7 (09/10/2012)
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.2.1
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FreePDF_XP" = FreePDF (Remove only)
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"Grand Theft Auto" = Grand Theft Auto
"HandBrake" = HandBrake 0.9.5
"IDA Pro Free_is1" = IDA Pro Free v4.9
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"IsoBuster_is1" = IsoBuster 2.3
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"LastFM_is1" = Last.fm 1.5.4.24567
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManyCam" = ManyCam 3.0.80 (remove only)
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mp3tag" = Mp3tag v2.44
"NetLimiter 2 Pro" = NetLimiter 2 Pro (remove only)
"NfoDiz 6.0 Setup" = NfoDiz 6.0 Setup
"NSchach3a_is1" = N Schach 3 beta
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = Anzeige am Bildschirm
"Orbit_is1" = Orbit Downloader
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCFriendly" = PCFriendly
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SecondLife" = SecondLife (remove only)
"sevMail ActiveX_is1" = sevMail ActiveX 1.3.0.121
"ST6UNST #1" = List Maker
"Stellarium_is1" = Stellarium 0.11.1
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.5
"Update Engine" = Sony Ericsson Update Engine
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"Videoload Manager" = Videoload Manager 2.0.2200
"Videora iPod nano Converter" = Videora iPod nano Converter 5.03
"Visual Studio 6.0 Professional Edition (deu)" = Microsoft Visual Studio 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 2.0.3
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Weight Watchers FlexPoints" = Weight Watchers FlexPoints
"Winamp" = Winamp
"Windows Password Recovery Lastic_is1" = Windows Password Recovery Lastic 1.0
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.93
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bb91a114638258b8" = Google Contact Sync
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webGAMET" = webGAMET
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.01.2013 11:52:02 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rrservice.exe, Version 4.10.314.0, Zeitstempel
 0x4693e5ea, fehlerhaftes Modul rrservice.exe, Version 4.10.314.0, Zeitstempel 0x4693e5ea,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000018ff,  Prozess-ID 0xb90, Anwendungsstartzeit
 01cdf981434e0b13.
 
Error - 23.01.2013 12:14:27 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spmtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059,
 fehlerhaftes Modul spmtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005a57,  Prozess-ID 0x16ec, Anwendungsstartzeit 01cdf9849b6d8de3.
 
Error - 23.01.2013 12:15:25 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SPMtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059,
 fehlerhaftes Modul SPMtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005a57,  Prozess-ID 0x1114, Anwendungsstartzeit 01cdf984c67a8513.
 
Error - 23.01.2013 12:16:25 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel 
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae,  Prozess-ID 0x11a0, Anwendungsstartzeit
 01cdf984debdc333.
 
Error - 23.01.2013 12:17:26 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel 
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae,  Prozess-ID 0x145c, Anwendungsstartzeit
 01cdf98502994c23.
 
Error - 23.01.2013 12:18:25 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel 
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae,  Prozess-ID 0x1688, Anwendungsstartzeit
 01cdf98526639703.
 
Error - 23.01.2013 12:19:26 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel 
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae,  Prozess-ID 0x824, Anwendungsstartzeit
 01cdf985472ab403.
 
Error - 23.01.2013 12:20:25 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel 
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae,  Prozess-ID 0x1690, Anwendungsstartzeit
 01cdf9856aeff5d3.
 
Error - 23.01.2013 12:22:28 | Computer Name = TB-Mobil | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 23.01.2013 12:30:10 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rrservice.exe, Version 4.10.314.0, Zeitstempel
 0x4693e5ea, fehlerhaftes Modul rrservice.exe, Version 4.10.314.0, Zeitstempel 0x4693e5ea,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000018ff,  Prozess-ID 0xcd0, Anwendungsstartzeit
 01cdf9869b418148.
 
[ NetLimiter Events ]
Error - 24.02.2008 14:52:50 | Computer Name = TB-Mobil | Source = NetLimiter 2 | ID = 1000
Description = NetLimiter trial expired. 
 
[ OSession Events ]
Error - 17.12.2007 13:26:38 | Computer Name = TB-Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3507
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 25.02.2010 12:54:48 | Computer Name = TB-Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 202
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.01.2013 17:11:56 | Computer Name = TB-Mobil | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 17:12:03 | Computer Name = TB-Mobil | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 17:12:10 | Computer Name = TB-Mobil | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 17:12:18 | Computer Name = TB-Mobil | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 23.01.2013 01:42:19 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description = 
 
Error - 23.01.2013 01:42:49 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description = 
 
Error - 23.01.2013 11:50:52 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description = 
 
Error - 23.01.2013 11:51:52 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description = 
 
Error - 23.01.2013 12:29:35 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description = 
 
Error - 23.01.2013 12:31:05 | Computer Name = TB-Mobil | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Otl.txt:
Code:
ATTFilter
OTL logfile created on: 23.01.2013 17:39:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,18% Memory free
4,22 Gb Paging File | 3,38 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96,40 Gb Total Space | 4,95 Gb Free Space | 5,13% Space Free | Partition Type: NTFS
Drive D: | 47,30 Gb Total Space | 9,77 Gb Free Space | 20,65% Space Free | Partition Type: NTFS
 
Computer Name: TB-MOBIL | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.23 17:34:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.12.17 18:05:23 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.17 18:05:08 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.12.17 18:05:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.17 18:05:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.07 19:10:20 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2012.10.19 23:23:13 | 000,197,344 | ---- | M] () -- C:\Programme\ContourStoryteller\ContourAutoplay.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.06.17 20:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.05.21 19:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.14 09:08:38 | 000,054,560 | ---- | M] (Lenovo.) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2008.03.11 12:33:02 | 000,054,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.03 13:27:44 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.07.10 20:56:04 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007.07.10 20:48:20 | 000,022,016 | ---- | M] () -- C:\Programme\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007.06.05 16:11:28 | 000,034,352 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMHandler.exe
PRC - [2007.04.09 19:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007.03.16 04:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe
PRC - [2007.02.28 18:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2007.02.12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 12:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.01.30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006.11.15 15:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.11.15 15:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.11.07 11:51:20 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.10.05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.19 23:23:13 | 000,197,344 | ---- | M] () -- C:\Programme\ContourStoryteller\ContourAutoplay.exe
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.04.14 14:30:56 | 000,139,264 | ---- | M] () -- C:\Programme\Common Files\Lenovo\CDRecord.dll
MOD - [2007.04.09 19:03:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007.02.28 18:02:00 | 000,063,024 | ---- | M] () -- C:\Programme\Lenovo\LenovoCare\GR\LPRESMGR.DLL
MOD - [2006.05.24 12:33:32 | 000,024,576 | ---- | M] () -- C:\Programme\Lenovo\PM Driver\PMHlerIO.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Users\***\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2012.12.17 18:05:23 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.17 18:05:06 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.07 19:10:20 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2009.05.21 19:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.02.06 19:32:08 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.03.14 09:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.03 13:27:44 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.10.02 09:38:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.07.10 20:56:04 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007.03.21 19:57:56 | 000,516,096 | ---- | M] (Locktime Software) [Disabled | Stopped] -- C:\Programme\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007.03.16 04:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007.02.12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.01.30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.11.15 15:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nixsrkw.sys -- (nixsrkw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.17 18:05:30 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.17 18:05:30 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.16 18:48:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.02.22 11:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012.01.11 07:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011.08.15 14:51:40 | 000,054,144 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab)
DRV - [2010.08.08 20:07:38 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.08.08 20:07:38 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.02.23 10:51:14 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010.02.23 10:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.07.11 07:20:49 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.05.29 06:41:27 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008.07.30 06:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.05.12 17:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.03.04 18:59:28 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.10.03 13:26:54 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.10.02 09:23:34 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2007.09.12 16:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.05.22 20:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007.04.23 12:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\nltdi.sys -- (nltdi)
DRV - [2007.04.10 14:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007.01.13 01:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.01.09 01:25:53 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.12.26 13:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.12.19 01:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.09 13:34:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2006.11.08 08:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.06 09:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2003.10.28 16:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Programme\InfinaDyne\Shared\CDRPDACC.SYS -- (CDRPDACC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6091C9F7-19C2-42AD-B8D3-A44DA4CDC733}
IE - HKLM\..\SearchScopes\{6091C9F7-19C2-42AD-B8D3-A44DA4CDC733}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&amp;source=iglk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {847B4734-CA42-4B30-83B1-10C89310A4F8}
IE - HKCU\..\SearchScopes\{847B4734-CA42-4B30-83B1-10C89310A4F8}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.22 17:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.04 18:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.04 18:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.11 11:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.23 17:23:27 | 000,000,000 | ---D | M]
 
[2010.02.23 17:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.01 08:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions
[2010.05.16 15:26:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.21 19:31:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.26 11:46:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.06.14 21:37:21 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\facepad@lazyrussian.com
[2012.02.22 14:24:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.03 16:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.27 10:30:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 20:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.02.22 14:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010.03.31 18:53:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.03 16:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.27 10:30:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 20:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.02.22 14:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.06.27 19:41:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011.06.14 21:53:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.14 21:53:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.14 21:53:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.14 21:53:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.14 21:53:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.14 21:53:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/ig?hl=de&amp;source=iglk
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/ig?hl=de&amp;source=iglk
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files\Common Files\mpDRM\NPMPDRM.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: fluxDVD Placeholder Plugin (Enabled) = C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DivX HiQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Reg Error: Value error.) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (Lenovo)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [ContourCameraFinder] C:\Program Files\ContourStoryteller\ContourAutoplay.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = 
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: apemap.com ([]http in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22A7612-A91E-4D35-96D2-16A05D5F388F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD98FF75-9315-4485-81B0-7FED0807963F}: NameServer = 192.168.2.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{132ec8fc-ea15-11dc-a0fb-00197efec164}\Shell - "" = AutoRun
O33 - MountPoints2\{132ec8fc-ea15-11dc-a0fb-00197efec164}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.23 17:34:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.21 21:06:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.21 21:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.21 21:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.21 21:05:30 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.21 21:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.06 02:54:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{99B320C2-3D70-4476-962C-233A4A4783EC}
[2013.01.05 14:53:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{992A9D7C-9BCB-4975-8CA1-F7064550786A}
[2013.01.05 12:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux_2.6.1
[2013.01.03 19:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.01.03 10:07:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity
[2013.01.03 10:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity_2.0.2
[2009.12.06 17:21:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA988.dll
[2008.04.04 21:08:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[4 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.23 17:34:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.23 17:29:51 | 000,044,528 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2013.01.23 17:28:56 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2013.01.23 17:27:50 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013.01.23 17:27:50 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2013.01.23 17:27:48 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003UA.job
[2013.01.23 17:27:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.23 17:26:54 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 17:26:54 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 17:26:51 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2013.01.23 17:26:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.23 17:26:35 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013.01.23 17:25:34 | 000,004,796 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.23 17:25:01 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.23 17:22:03 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.23 17:01:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.23 16:49:54 | 000,044,528 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2013.01.21 21:05:31 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.20 16:04:11 | 000,001,356 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2013.01.13 18:27:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003Core.job
[2013.01.13 18:10:02 | 000,003,180 | ---- | M] () -- C:\Windows\cdplayer.ini
[2013.01.13 13:37:49 | 000,652,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.13 13:37:49 | 000,135,860 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.13 13:37:49 | 000,009,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.13 13:37:49 | 000,006,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.12 10:31:06 | 000,002,097 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2013.01.06 12:08:31 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.01.06 12:08:30 | 000,123,904 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.23 17:24:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.23 17:22:33 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.21 21:05:31 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.05 18:54:55 | 000,000,080 | ---- | C] () -- C:\Users\***\AppData\Local\X-Plane Installer.prf
[2012.02.23 19:21:58 | 000,004,529 | ---- | C] () -- C:\Users\***\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.pdf
[2012.02.23 19:19:58 | 000,010,231 | ---- | C] () -- C:\Users\***\******_t***_elster_2048 - ALT.pfx
[2012.02.01 18:34:29 | 000,000,216 | ---- | C] () -- C:\Windows\w32dasm8.ini
[2011.11.11 16:55:32 | 000,000,186 | ---- | C] () -- C:\Windows\KLETT.INI
[2011.11.11 16:52:04 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE
[2011.02.16 21:19:09 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.16 21:19:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.08.25 20:04:45 | 000,038,434 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2010.04.15 17:04:42 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.04.02 19:32:23 | 000,610,304 | ---- | C] () -- C:\Users\***\AppData\Local\filesync.metadata
[2010.04.02 18:57:43 | 000,027,503 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.02.09 17:58:28 | 103,082,663 | ---- | C] () -- C:\Users\***\Archiv.CTF
[2009.05.12 18:25:11 | 000,010,599 | ---- | C] () -- C:\Users\***\******_t***_elster_2048.pfx
[2008.11.27 11:37:16 | 002,327,552 | ---- | C] () -- C:\Users\***\AppData\Local\cooliris-win-ie-release-1.9.0.16396.msi
[2008.05.14 16:16:33 | 000,000,016 | ---- | C] () -- C:\Users\***\persistent_state
[2008.04.04 21:08:36 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2008.04.04 21:08:36 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2008.04.04 21:08:36 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2007.12.01 21:49:34 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.12.01 18:15:12 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini
[2007.12.01 18:15:11 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc
[2007.10.05 12:30:14 | 000,009,327 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2007.10.02 08:25:20 | 000,021,858 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2007.10.01 16:52:53 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.09.27 16:26:47 | 000,123,904 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.27 15:17:33 | 000,044,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2007.09.27 15:17:33 | 000,044,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2007.09.27 15:01:17 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.08.14 06:30:52 | 001,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty

< End of report >
         
Gmer.txt:
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-23 18:46:23
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.SB4I 149,05GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\***\AppData\Local\Temp\fwliipob.sys


---- Kernel code sections - GMER 2.0 ----

.text   C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                             section is writeable [0x8C807340, 0x2941C7, 0xE8000020]
.reloc  C:\Windows\system32\drivers\acedrv11.sys                                                                             section is executable [0xA0928600, 0x25B0C, 0xE0000060]

---- Registry - GMER 2.0 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efec164                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efec164@001ca44d8cf8                             0x21 0x8F 0x28 0x27 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efec164@001963e05807                             0x7D 0x32 0x8C 0xA4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197efec164@402ba1fc3e30                             0x1A 0x3C 0x8E 0x72 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                               0x91 0xE1 0x33 0xF9 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                  C:\Program Files\Alcohol Soft\Alcohol 120\
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x8A 0xD9 0xDF 0x75 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xD7 0x78 0xCC 0x0E ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x5C 0x5B 0xDE 0xEA ...
Reg     HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197efec164 (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197efec164@001ca44d8cf8                                 0x21 0x8F 0x28 0x27 ...
Reg     HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197efec164@001963e05807                                 0x7D 0x32 0x8C 0xA4 ...
Reg     HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197efec164@402ba1fc3e30                                 0x1A 0x3C 0x8E 0x72 ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                   0x91 0xE1 0x33 0xF9 ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Program Files\Alcohol Soft\Alcohol 120\
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      1
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x8A 0xD9 0xDF 0x75 ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD7 0x78 0xCC 0x0E ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x5C 0x5B 0xDE 0xEA ...

---- EOF - GMER 2.0 ----
         
Könnt ihr mir weiterhelfen?

Schonmal vielen Dank und einen schönen Abend.

Beste Grüße,

Torben

Alt 24.01.2013, 09:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA





Zitat:
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Warum bitte eine Professional (Business) Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________

__________________

Alt 24.01.2013, 10:28   #3
TB-Mobil
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Hallo,

also der PC ist mein Privat-PC.
Beim Kauf war das Betriebssystem aber vorinstalliert. Eine Auswahl ob ich lieber "Home" oder "Business" haben möchte gab es nicht.
War mir auch ehrlich gesagt egal.
Also es gibt daher keinen bestimmten Grund warum ich eine Business-Version hab.
Die war einfach dabei

Viele Grüße,

Torben
__________________

Alt 24.01.2013, 10:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Ok, danke für die Erklärung

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.01.2013, 14:41   #5
TB-Mobil
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Malwarebytes hat keine Funde mehr angezeigt.

Avira Anti-Virus kann ich heute Nacht mal durchlaufen lassen und bei Funden dann das Log-File posten.

Sonst hab ich keine Logs von irgendwelchen Programmen.
Nur die, die ich schon gepostet hab.

Wenn du sonst noch Programme hast, die ich laufen lassen soll, dann immer her damit

Viele Grüße,

Torben


Alt 24.01.2013, 14:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Zitat:
Malwarebytes hat keine Funde mehr angezeigt.
Hatte es denn schon mal Funde oder auch niemals?
__________________
--> GVU-Trojaner unter Windows VISTA

Alt 24.01.2013, 18:05   #7
TB-Mobil
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Hallo,

nein, Malwarebytes hat bei mir nie etwas angezeigt.

Ich hab jedoch vorher mit der Kaspersky Rescue Disk (unter Linux) nen Scan laufen lassen und dabei wurde ein paar Dateien gefunden.
Die wurden gelöscht.
An die Logs zu speichern hab ich da noch nicht gedacht.
Und da von der Kaspersky Rescue Disk gebootet wurde und die ganze System nur "temporär" vorhanden war, gibts leider auch keine automatisch gespeicherten Logs.

Da sich mein PC aber immer noch "merkwürdig" verhält (extrem viele svchost-Dienste gestartet, Windows-Fehlermeldungen beim Start "Server ausgelastet"), bin ich mir nicht sicher ob wirklich alles weg ist.

Beste Grüße,

Torben

Kleines Update:

Avira Anti-Virus hat nix gefunden.
Hab grad eine vollständige Systemprüfung durchgeführt.

Alt 24.01.2013, 21:29   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.01.2013, 06:27   #9
TB-Mobil
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Guten Morgen,

ich bin erst heute Abend wieder an dem betroffenen PC.
Werde die Logs dann aber so schnell wie möglich posten.

Vielen Dank schonmal und viele Grüße,

Torben

Alt 25.01.2013, 11:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Ok, dann bis heute Abend
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.01.2013, 17:20   #11
TB-Mobil
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Hallo,

ich hab das System grad wie beschrieben gescannt.
Keine Funde.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.25.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: TB-MOBIL [administrator]

25.01.2013 17:53:28
mbar-log-2013-01-25 (17-53-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31229
Time elapsed: 27 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Viele Grüße,

Torben

Alt 26.01.2013, 18:16   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.01.2013, 12:31   #13
TB-Mobil
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Hallo und wünsche einen schönen Sonntag,

also die beiden Logs sind hier:

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-27 11:36:34
-----------------------------
11:36:34.811    OS Version: Windows 6.0.6002 Service Pack 2
11:36:34.811    Number of processors: 2 586 0xF0D
11:36:34.811    ComputerName: TB-MOBIL  UserName: ***
11:37:12.704    Initialize success
11:39:37.688    AVAST engine defs: 13012700
11:40:10.089    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:40:10.089    Disk 0 Vendor: HITACHI_ SB4I Size: 152627MB BusType: 3
11:40:10.105    Disk 0 MBR read successfully
11:40:10.120    Disk 0 MBR scan
11:40:10.136    Disk 0 unknown MBR code
11:40:10.152    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         5476 MB offset 2048
11:40:10.167    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        98712 MB offset 11216896
11:40:10.198    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        48437 MB offset 213379072
11:40:10.198    Disk 0 scanning sectors +312578048
11:40:10.276    Disk 0 scanning C:\Windows\system32\drivers
11:40:23.536    Service scanning
11:40:57.638    Modules scanning
11:41:05.594    Disk 0 trace - called modules:
11:41:05.625    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
11:41:05.625    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8625f710]
11:41:05.625    3 CLASSPNP.SYS[88aa28b3] -> nt!IofCallDriver -> [0x8521f818]
11:41:05.641    5 acpi.sys[82e486bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85717030]
11:41:06.405    AVAST engine scan C:\Windows
11:41:13.020    AVAST engine scan C:\Windows\system32
11:45:33.278    AVAST engine scan C:\Windows\system32\drivers
11:45:49.096    AVAST engine scan C:\Users\***
12:22:03.499    AVAST engine scan C:\ProgramData
12:26:09.880    Scan finished successfully
12:55:02.089    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
12:55:02.089    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
tdss:
Code:
ATTFilter
13:18:15.0155 1648  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:18:15.0419 1648  ============================================================
13:18:15.0419 1648  Current date / time: 2013/01/27 13:18:15.0419
13:18:15.0419 1648  SystemInfo:
13:18:15.0419 1648  
13:18:15.0419 1648  OS Version: 6.0.6002 ServicePack: 2.0
13:18:15.0419 1648  Product type: Workstation
13:18:15.0419 1648  ComputerName: TB-MOBIL
13:18:15.0420 1648  UserName: ***
13:18:15.0420 1648  Windows directory: C:\Windows
13:18:15.0420 1648  System windows directory: C:\Windows
13:18:15.0420 1648  Processor architecture: Intel x86
13:18:15.0420 1648  Number of processors: 2
13:18:15.0420 1648  Page size: 0x1000
13:18:15.0420 1648  Boot type: Normal boot
13:18:15.0420 1648  ============================================================
13:18:16.0094 1648  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:18:16.0096 1648  ============================================================
13:18:16.0096 1648  \Device\Harddisk0\DR0:
13:18:16.0098 1648  MBR partitions:
13:18:16.0098 1648  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAB2800, BlocksNum 0xC0CC000
13:18:16.0098 1648  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCB7E800, BlocksNum 0x5E9A800
13:18:16.0098 1648  ============================================================
13:18:16.0237 1648  C: <-> \Device\Harddisk0\DR0\Partition1
13:18:16.0276 1648  D: <-> \Device\Harddisk0\DR0\Partition2
13:18:16.0276 1648  ============================================================
13:18:16.0277 1648  Initialize success
13:18:16.0277 1648  ============================================================
13:19:37.0671 2224  ============================================================
13:19:37.0671 2224  Scan started
13:19:37.0671 2224  Mode: Manual; SigCheck; TDLFS; 
13:19:37.0671 2224  ============================================================
13:19:38.0171 2224  ================ Scan system memory ========================
13:19:38.0171 2224  System memory - ok
13:19:38.0171 2224  ================ Scan services =============================
13:19:38.0935 2224  [ 27F954120BABB8A00F8745D8F5BC9B82 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
13:19:39.0138 2224  acedrv11 - ok
13:19:39.0185 2224  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:19:39.0216 2224  ACPI - ok
13:19:39.0325 2224  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:19:39.0356 2224  adp94xx - ok
13:19:39.0387 2224  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:19:39.0403 2224  adpahci - ok
13:19:39.0434 2224  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:19:39.0465 2224  adpu160m - ok
13:19:39.0497 2224  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:19:39.0528 2224  adpu320 - ok
13:19:39.0559 2224  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:19:39.0668 2224  AeLookupSvc - ok
13:19:39.0762 2224  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
13:19:39.0809 2224  AFD - ok
13:19:39.0871 2224  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
13:19:39.0933 2224  AgereModemAudio - ok
13:19:40.0136 2224  [ A19871AE65A769C65034B4DC44C29023 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
13:19:40.0230 2224  AgereSoftModem - ok
13:19:40.0261 2224  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:19:40.0277 2224  agp440 - ok
13:19:40.0323 2224  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:19:40.0339 2224  aic78xx - ok
13:19:40.0401 2224  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
13:19:40.0526 2224  ALG - ok
13:19:40.0557 2224  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:19:40.0573 2224  aliide - ok
13:19:40.0604 2224  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:19:40.0620 2224  amdagp - ok
13:19:40.0635 2224  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
13:19:40.0651 2224  amdide - ok
13:19:40.0667 2224  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:19:40.0854 2224  AmdK7 - ok
13:19:40.0869 2224  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:19:40.0963 2224  AmdK8 - ok
13:19:41.0462 2224  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:19:41.0478 2224  AntiVirSchedulerService - ok
13:19:41.0525 2224  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:19:41.0540 2224  AntiVirService - ok
13:19:41.0571 2224  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
13:19:41.0618 2224  Appinfo - ok
13:19:41.0805 2224  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:19:41.0837 2224  Apple Mobile Device - ok
13:19:41.0868 2224  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:19:41.0930 2224  AppMgmt - ok
13:19:41.0961 2224  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
13:19:41.0977 2224  arc - ok
13:19:41.0977 2224  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:19:41.0993 2224  arcsas - ok
13:19:42.0461 2224  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:19:42.0523 2224  aspnet_state - ok
13:19:42.0570 2224  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:42.0617 2224  AsyncMac - ok
13:19:42.0663 2224  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:19:42.0679 2224  atapi - ok
13:19:42.0757 2224  [ 293E8CC3C246A89F4CCA75B024AD757F ] ATSWPDRV        C:\Windows\system32\DRIVERS\ATSwpDrv.sys
13:19:42.0788 2224  ATSWPDRV - ok
13:19:42.0851 2224  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:19:42.0913 2224  AudioEndpointBuilder - ok
13:19:42.0913 2224  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:19:42.0944 2224  Audiosrv - ok
13:19:43.0022 2224  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:19:43.0038 2224  avgntflt - ok
13:19:43.0100 2224  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:19:43.0116 2224  avipbb - ok
13:19:43.0163 2224  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:19:43.0178 2224  avkmgr - ok
13:19:43.0209 2224  [ 0B92CCF7BFCBE2B33838434F2F50CB61 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:19:43.0272 2224  b57nd60x - ok
13:19:43.0365 2224  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:19:43.0412 2224  BBSvc - ok
13:19:43.0428 2224  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:19:43.0475 2224  Beep - ok
13:19:43.0537 2224  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
13:19:43.0599 2224  BFE - ok
13:19:43.0693 2224  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
13:19:43.0771 2224  BITS - ok
13:19:43.0771 2224  blbdrive - ok
13:19:43.0865 2224  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:19:43.0880 2224  Bonjour Service - ok
13:19:43.0927 2224  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:19:43.0974 2224  bowser - ok
13:19:44.0005 2224  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:19:44.0052 2224  BrFiltLo - ok
13:19:44.0083 2224  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:19:44.0145 2224  BrFiltUp - ok
13:19:44.0192 2224  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
13:19:44.0255 2224  Browser - ok
13:19:44.0270 2224  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:19:44.0348 2224  Brserid - ok
13:19:44.0364 2224  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:19:44.0442 2224  BrSerWdm - ok
13:19:44.0473 2224  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:19:44.0567 2224  BrUsbMdm - ok
13:19:44.0582 2224  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:19:44.0660 2224  BrUsbSer - ok
13:19:44.0723 2224  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
13:19:44.0769 2224  BthEnum - ok
13:19:44.0801 2224  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:19:44.0863 2224  BTHMODEM - ok
13:19:44.0925 2224  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:19:44.0988 2224  BthPan - ok
13:19:45.0097 2224  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
13:19:45.0159 2224  BTHPORT - ok
13:19:45.0206 2224  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
13:19:45.0253 2224  BthServ - ok
13:19:45.0300 2224  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
13:19:45.0331 2224  BTHUSB - ok
13:19:45.0378 2224  [ 636F45A8500C1438CFA7DEE15FC5C184 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
13:19:45.0393 2224  btwaudio - ok
13:19:45.0425 2224  [ BF9256FF01B093A5D90BB7A35EC90410 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
13:19:45.0440 2224  btwavdt - ok
13:19:45.0471 2224  [ 0AB8C1AC177AFB27309E1072FAF34A37 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
13:19:45.0487 2224  btwrchid - ok
13:19:45.0549 2224  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:19:45.0612 2224  cdfs - ok
13:19:45.0659 2224  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:19:45.0705 2224  cdrom - ok
13:19:45.0830 2224  [ 30B37C18E1725EB9F25039E9A1FB9B7E ] CDRPDACC        C:\Program Files\InfinaDyne\Shared\CDRPDACC.SYS
13:19:45.0877 2224  CDRPDACC ( UnsignedFile.Multi.Generic ) - warning
13:19:45.0877 2224  CDRPDACC - detected UnsignedFile.Multi.Generic (1)
13:19:45.0893 2224  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:19:45.0939 2224  CertPropSvc - ok
13:19:45.0971 2224  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:19:46.0033 2224  circlass - ok
13:19:46.0111 2224  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
13:19:46.0142 2224  CLFS - ok
13:19:46.0173 2224  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:46.0189 2224  clr_optimization_v2.0.50727_32 - ok
13:19:46.0236 2224  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:19:46.0283 2224  clr_optimization_v4.0.30319_32 - ok
13:19:46.0329 2224  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:19:46.0392 2224  CmBatt - ok
13:19:46.0423 2224  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:19:46.0454 2224  cmdide - ok
13:19:46.0485 2224  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:19:46.0501 2224  Compbatt - ok
13:19:46.0501 2224  COMSysApp - ok
13:19:46.0548 2224  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:19:46.0563 2224  crcdisk - ok
13:19:46.0579 2224  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:19:46.0657 2224  Crusoe - ok
13:19:46.0688 2224  [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:19:46.0735 2224  CryptSvc - ok
13:19:46.0766 2224  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
13:19:46.0813 2224  CSC - ok
13:19:46.0875 2224  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
13:19:46.0953 2224  CscService - ok
13:19:47.0000 2224  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
13:19:47.0031 2224  CVirtA ( UnsignedFile.Multi.Generic ) - warning
13:19:47.0031 2224  CVirtA - detected UnsignedFile.Multi.Generic (1)
13:19:47.0375 2224  [ E43B83A7629ABCD8D8AFFAF22319AA3A ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
13:19:47.0437 2224  CVPND - ok
13:19:47.0562 2224  [ 36C4244E4FC28ED94F2668D995ECA400 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
13:19:47.0577 2224  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
13:19:47.0577 2224  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
13:19:47.0655 2224  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:19:47.0733 2224  DcomLaunch - ok
13:19:47.0765 2224  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:19:47.0811 2224  DfsC - ok
13:19:47.0921 2224  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
13:19:48.0061 2224  DFSR - ok
13:19:48.0092 2224  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:19:48.0139 2224  Dhcp - ok
13:19:48.0186 2224  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
13:19:48.0201 2224  disk - ok
13:19:48.0420 2224  [ 5F4944CFB8E60F2B02B7CD7419B3C314 ] Diskeeper       C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
13:19:48.0482 2224  Diskeeper ( UnsignedFile.Multi.Generic ) - warning
13:19:48.0482 2224  Diskeeper - detected UnsignedFile.Multi.Generic (1)
13:19:48.0513 2224  [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
13:19:48.0545 2224  DNE - ok
13:19:48.0576 2224  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:19:48.0638 2224  Dnscache - ok
13:19:48.0685 2224  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:19:48.0732 2224  dot3svc - ok
13:19:48.0763 2224  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
13:19:48.0810 2224  DPS - ok
13:19:48.0841 2224  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:19:48.0888 2224  drmkaud - ok
13:19:48.0935 2224  [ C6B2E10CFE79169C72F0269087B9A603 ] dsltestSp5      C:\Windows\system32\Drivers\dsltestSp5.sys
13:19:48.0950 2224  dsltestSp5 - ok
13:19:48.0981 2224  [ 12986452237021FD48B08F8E23F6A7AB ] dvdfab          C:\Windows\system32\drivers\dvdfab.sys
13:19:48.0997 2224  dvdfab - ok
13:19:49.0122 2224  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:19:49.0184 2224  DXGKrnl - ok
13:19:49.0247 2224  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:19:49.0356 2224  E1G60 - ok
13:19:49.0371 2224  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
13:19:49.0418 2224  EapHost - ok
13:19:49.0465 2224  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:19:49.0481 2224  Ecache - ok
13:19:49.0527 2224  [ 075D91E4DE09A6F1EDE77C341803D454 ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
13:19:49.0543 2224  ElbyCDFL - ok
13:19:49.0559 2224  [ AAA8999A169E39FB8B48AE49CD6AC30A ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
13:19:49.0574 2224  ElbyCDIO - ok
13:19:49.0590 2224  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:19:49.0605 2224  elxstor - ok
13:19:49.0699 2224  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:19:49.0761 2224  EMDMgmt - ok
13:19:49.0824 2224  [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
13:19:49.0855 2224  epmntdrv ( UnsignedFile.Multi.Generic ) - warning
13:19:49.0855 2224  epmntdrv - detected UnsignedFile.Multi.Generic (1)
13:19:49.0886 2224  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
13:19:49.0917 2224  EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
13:19:49.0917 2224  EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
13:19:49.0980 2224  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
13:19:50.0027 2224  EventSystem - ok
13:19:50.0073 2224  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
13:19:50.0136 2224  exfat - ok
13:19:50.0229 2224  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:19:50.0276 2224  fastfat - ok
13:19:50.0385 2224  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
13:19:50.0479 2224  Fax - ok
13:19:50.0510 2224  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:19:50.0588 2224  fdc - ok
13:19:50.0635 2224  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:19:50.0682 2224  fdPHost - ok
13:19:50.0729 2224  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:19:50.0807 2224  FDResPub - ok
13:19:50.0822 2224  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:19:50.0838 2224  FileInfo - ok
13:19:50.0869 2224  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:19:50.0931 2224  Filetrace - ok
13:19:51.0165 2224  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:19:51.0228 2224  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:19:51.0228 2224  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:19:51.0259 2224  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:19:51.0337 2224  flpydisk - ok
13:19:51.0384 2224  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:19:51.0415 2224  FltMgr - ok
13:19:51.0493 2224  [ C4C9A48C3339B6335F8F0DB1F47BB668 ] FNF5SVC         C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
13:19:51.0509 2224  FNF5SVC - ok
13:19:51.0571 2224  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
13:19:51.0649 2224  FontCache - ok
13:19:51.0758 2224  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:19:51.0805 2224  FontCache3.0.0.0 - ok
13:19:51.0836 2224  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:19:51.0899 2224  Fs_Rec - ok
13:19:51.0930 2224  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:19:51.0945 2224  gagp30kx - ok
13:19:51.0977 2224  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:19:52.0008 2224  GEARAspiWDM - ok
13:19:52.0055 2224  [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
13:19:52.0070 2224  ggflt - ok
13:19:52.0086 2224  [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
13:19:52.0086 2224  ggsemc - ok
13:19:52.0164 2224  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:19:52.0211 2224  gpsvc - ok
13:19:52.0304 2224  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:19:52.0320 2224  gupdate - ok
13:19:52.0335 2224  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:19:52.0351 2224  gupdatem - ok
13:19:52.0445 2224  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:19:52.0507 2224  HdAudAddService - ok
13:19:52.0647 2224  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:19:52.0710 2224  HDAudBus - ok
13:19:52.0757 2224  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:19:52.0803 2224  HidBth - ok
13:19:52.0866 2224  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:19:52.0944 2224  HidIr - ok
13:19:53.0006 2224  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
13:19:53.0053 2224  hidserv - ok
13:19:53.0115 2224  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:19:53.0162 2224  HidUsb - ok
13:19:53.0209 2224  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:19:53.0271 2224  hkmsvc - ok
13:19:53.0318 2224  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:19:53.0365 2224  HpCISSs - ok
13:19:53.0412 2224  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:19:53.0505 2224  HTTP - ok
13:19:53.0552 2224  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:19:53.0583 2224  i2omp - ok
13:19:53.0630 2224  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:53.0677 2224  i8042prt - ok
13:19:53.0771 2224  [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
13:19:53.0802 2224  IAANTMON - ok
13:19:53.0864 2224  [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
13:19:53.0973 2224  ialm - ok
13:19:54.0067 2224  [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:19:54.0083 2224  iaStor - ok
13:19:54.0145 2224  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:19:54.0176 2224  iaStorV - ok
13:19:54.0317 2224  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:19:54.0348 2224  IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:19:54.0348 2224  IDriverT - detected UnsignedFile.Multi.Generic (1)
13:19:54.0473 2224  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:19:54.0629 2224  idsvc - ok
13:19:54.0675 2224  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:19:54.0707 2224  iirsp - ok
13:19:54.0753 2224  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:19:54.0831 2224  IKEEXT - ok
13:19:54.0956 2224  [ 2BD6633DB50A98534AA3262E0F9F5A14 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:19:55.0034 2224  IntcAzAudAddService - ok
13:19:55.0112 2224  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:19:55.0128 2224  intelide - ok
13:19:55.0143 2224  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:19:55.0190 2224  intelppm - ok
13:19:55.0221 2224  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:19:55.0284 2224  IPBusEnum - ok
13:19:55.0362 2224  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:55.0409 2224  IpFilterDriver - ok
13:19:55.0502 2224  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:19:55.0580 2224  iphlpsvc - ok
13:19:55.0580 2224  IpInIp - ok
13:19:55.0611 2224  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:19:55.0674 2224  IPMIDRV - ok
13:19:55.0736 2224  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:19:55.0799 2224  IPNAT - ok
13:19:55.0908 2224  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:19:55.0955 2224  iPod Service - ok
13:19:55.0986 2224  [ AC76F0667A2798033F7401F95B163BC7 ] IPSSVC          C:\Windows\system32\IPSSVC.EXE
13:19:56.0001 2224  IPSSVC - ok
13:19:56.0064 2224  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:19:56.0111 2224  IRENUM - ok
13:19:56.0142 2224  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:19:56.0173 2224  isapnp - ok
13:19:56.0204 2224  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:19:56.0251 2224  iScsiPrt - ok
13:19:56.0282 2224  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:19:56.0298 2224  iteatapi - ok
13:19:56.0313 2224  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:19:56.0329 2224  iteraid - ok
13:19:56.0360 2224  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:56.0391 2224  kbdclass - ok
13:19:56.0454 2224  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:56.0469 2224  kbdhid - ok
13:19:56.0516 2224  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
13:19:56.0579 2224  KeyIso - ok
13:19:56.0641 2224  [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:19:56.0688 2224  KSecDD - ok
13:19:56.0797 2224  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:19:56.0859 2224  KtmRm - ok
13:19:56.0922 2224  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:19:56.0953 2224  LanmanServer - ok
13:19:57.0047 2224  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:19:57.0093 2224  LanmanWorkstation - ok
13:19:57.0171 2224  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:19:57.0203 2224  lltdio - ok
13:19:57.0281 2224  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:19:57.0343 2224  lltdsvc - ok
13:19:57.0374 2224  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:19:57.0452 2224  lmhosts - ok
13:19:57.0530 2224  [ 515FC18CABEE0158A324B08B1C2667CF ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
13:19:57.0593 2224  LPCFilter - ok
13:19:57.0639 2224  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:19:57.0671 2224  LSI_FC - ok
13:19:57.0686 2224  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:19:57.0702 2224  LSI_SAS - ok
13:19:57.0717 2224  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:19:57.0749 2224  LSI_SCSI - ok
13:19:57.0780 2224  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
13:19:57.0827 2224  luafv - ok
13:19:57.0905 2224  [ 8E17D513D8011B0EE03C355EAAB0E0CC ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv.sys
13:19:57.0951 2224  ManyCam - ok
13:19:58.0014 2224  [ 562D95E00E14A944DEBE655DECBD3F5B ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv.sys
13:19:58.0061 2224  mcaudrv_simple - ok
13:19:58.0092 2224  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
13:19:58.0107 2224  megasas - ok
13:19:58.0139 2224  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
13:19:58.0201 2224  MMCSS - ok
13:19:58.0248 2224  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
13:19:58.0310 2224  Modem - ok
13:19:58.0341 2224  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:19:58.0404 2224  monitor - ok
13:19:58.0435 2224  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:19:58.0435 2224  mouclass - ok
13:19:58.0451 2224  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:19:58.0529 2224  mouhid - ok
13:19:58.0560 2224  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:19:58.0575 2224  MountMgr - ok
13:19:58.0607 2224  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:19:58.0622 2224  mpio - ok
13:19:58.0669 2224  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:19:58.0716 2224  mpsdrv - ok
13:19:58.0825 2224  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:19:58.0887 2224  MpsSvc - ok
13:19:58.0903 2224  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:19:58.0919 2224  Mraid35x - ok
13:19:58.0981 2224  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:19:59.0028 2224  MRxDAV - ok
13:19:59.0075 2224  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:59.0106 2224  mrxsmb - ok
13:19:59.0168 2224  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:59.0215 2224  mrxsmb10 - ok
13:19:59.0246 2224  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:59.0293 2224  mrxsmb20 - ok
13:19:59.0324 2224  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:19:59.0340 2224  msahci - ok
13:19:59.0355 2224  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:19:59.0387 2224  msdsm - ok
13:19:59.0418 2224  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
13:19:59.0480 2224  MSDTC - ok
13:19:59.0543 2224  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:19:59.0589 2224  Msfs - ok
13:19:59.0605 2224  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:19:59.0621 2224  msisadrv - ok
13:19:59.0652 2224  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:19:59.0699 2224  MSiSCSI - ok
13:19:59.0714 2224  msiserver - ok
13:19:59.0777 2224  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:19:59.0839 2224  MSKSSRV - ok
13:19:59.0886 2224  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:59.0917 2224  MSPCLOCK - ok
13:19:59.0917 2224  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:19:59.0979 2224  MSPQM - ok
13:20:00.0011 2224  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:20:00.0042 2224  MsRPC - ok
13:20:00.0073 2224  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:20:00.0089 2224  mssmbios - ok
13:20:00.0089 2224  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:20:00.0151 2224  MSTEE - ok
13:20:00.0182 2224  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
13:20:00.0198 2224  Mup - ok
13:20:00.0229 2224  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
13:20:00.0276 2224  napagent - ok
13:20:00.0354 2224  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:20:00.0401 2224  NativeWifiP - ok
13:20:00.0463 2224  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:20:00.0494 2224  NDIS - ok
13:20:00.0525 2224  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:20:00.0541 2224  NdisTapi - ok
13:20:00.0588 2224  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:20:00.0635 2224  Ndisuio - ok
13:20:00.0681 2224  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:20:00.0744 2224  NdisWan - ok
13:20:00.0791 2224  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:20:00.0822 2224  NDProxy - ok
13:20:00.0884 2224  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:20:00.0915 2224  NetBIOS - ok
13:20:00.0993 2224  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:20:01.0040 2224  netbt - ok
13:20:01.0071 2224  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
13:20:01.0087 2224  Netlogon - ok
13:20:01.0149 2224  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
13:20:01.0212 2224  Netman - ok
13:20:01.0243 2224  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:20:01.0274 2224  NetMsmqActivator - ok
13:20:01.0290 2224  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:20:01.0305 2224  NetPipeActivator - ok
13:20:01.0383 2224  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
13:20:01.0430 2224  netprofm - ok
13:20:01.0446 2224  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:20:01.0446 2224  NetTcpActivator - ok
13:20:01.0461 2224  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:20:01.0477 2224  NetTcpPortSharing - ok
13:20:01.0555 2224  [ EA30BD026A7D1B745A37516880C4AC1B ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
13:20:01.0634 2224  NETw3v32 - ok
13:20:02.0040 2224  [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
13:20:02.0383 2224  NETw5v32 ( UnsignedFile.Multi.Generic ) - warning
13:20:02.0383 2224  NETw5v32 - detected UnsignedFile.Multi.Generic (1)
13:20:02.0445 2224  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:20:02.0461 2224  nfrd960 - ok
13:20:02.0508 2224  nixsrkw - ok
13:20:02.0554 2224  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:20:02.0601 2224  NlaSvc - ok
13:20:02.0648 2224  [ C8F536FB328AFE64A7F18BBFC00B10EE ] nlsvc           C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
13:20:02.0679 2224  nlsvc ( UnsignedFile.Multi.Generic ) - warning
13:20:02.0679 2224  nlsvc - detected UnsignedFile.Multi.Generic (1)
13:20:02.0710 2224  [ 3EE27BCFF781F07A12DF75E8BE852B0E ] nltdi           C:\Windows\system32\drivers\nltdi.sys
13:20:02.0742 2224  nltdi ( UnsignedFile.Multi.Generic ) - warning
13:20:02.0742 2224  nltdi - detected UnsignedFile.Multi.Generic (1)
13:20:02.0820 2224  [ 1BEF5464C06F4AF0C704378824C52ADB ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:20:02.0835 2224  NMIndexingService - ok
13:20:02.0882 2224  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:20:02.0913 2224  Npfs - ok
13:20:02.0976 2224  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
13:20:03.0022 2224  nsi - ok
13:20:03.0069 2224  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:20:03.0132 2224  nsiproxy - ok
13:20:03.0178 2224  NSNDIS5 - ok
13:20:03.0288 2224  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:20:03.0350 2224  Ntfs - ok
13:20:03.0381 2224  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:20:03.0444 2224  ntrigdigi - ok
13:20:03.0490 2224  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
13:20:03.0537 2224  Null - ok
13:20:03.0912 2224  [ E70D10238E1C7463728D56920D1EB186 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:20:04.0302 2224  nvlddmkm - ok
13:20:04.0333 2224  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:20:04.0348 2224  nvraid - ok
13:20:04.0364 2224  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:20:04.0380 2224  nvstor - ok
13:20:04.0395 2224  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:20:04.0411 2224  nv_agp - ok
13:20:04.0426 2224  NwlnkFlt - ok
13:20:04.0426 2224  NwlnkFwd - ok
13:20:04.0567 2224  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:20:04.0598 2224  odserv - ok
13:20:04.0645 2224  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:20:04.0692 2224  ohci1394 - ok
13:20:04.0754 2224  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
13:20:04.0754 2224  OMSI download service ( UnsignedFile.Multi.Generic ) - warning
13:20:04.0754 2224  OMSI download service - detected UnsignedFile.Multi.Generic (1)
13:20:04.0816 2224  [ EAE6208900E2986F66F68B30AEF86E4D ] OpcEnum         C:\Windows\system32\OpcEnum.exe
13:20:04.0848 2224  OpcEnum ( UnsignedFile.Multi.Generic ) - warning
13:20:04.0848 2224  OpcEnum - detected UnsignedFile.Multi.Generic (1)
13:20:04.0879 2224  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:04.0894 2224  ose - ok
13:20:04.0972 2224  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:20:05.0050 2224  p2pimsvc - ok
13:20:05.0066 2224  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:20:05.0097 2224  p2psvc - ok
13:20:05.0144 2224  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:20:05.0191 2224  Parport - ok
13:20:05.0253 2224  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:20:05.0269 2224  partmgr - ok
13:20:05.0300 2224  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:20:05.0362 2224  Parvdm - ok
13:20:05.0425 2224  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:20:05.0472 2224  PcaSvc - ok
13:20:05.0534 2224  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
13:20:05.0550 2224  pci - ok
13:20:05.0565 2224  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:20:05.0581 2224  pciide - ok
13:20:05.0612 2224  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:20:05.0628 2224  pcmcia - ok
13:20:05.0659 2224  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
13:20:05.0706 2224  pcouffin - ok
13:20:05.0768 2224  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:20:05.0862 2224  PEAUTH - ok
13:20:05.0924 2224  [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc             C:\Windows\system32\drivers\pfc.sys
13:20:05.0940 2224  pfc ( UnsignedFile.Multi.Generic ) - warning
13:20:05.0940 2224  pfc - detected UnsignedFile.Multi.Generic (1)
13:20:06.0080 2224  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
13:20:06.0142 2224  pla - ok
13:20:06.0236 2224  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:20:06.0298 2224  PlugPlay - ok
13:20:06.0345 2224  [ 29A26236447E5B5E3FCE5E33168C43E0 ] PMSveH          C:\Program Files\Lenovo\PM Driver\PMSveH.exe
13:20:06.0345 2224  PMSveH ( UnsignedFile.Multi.Generic ) - warning
13:20:06.0345 2224  PMSveH - detected UnsignedFile.Multi.Generic (1)
13:20:06.0392 2224  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:20:06.0423 2224  PNRPAutoReg - ok
13:20:06.0439 2224  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:20:06.0486 2224  PNRPsvc - ok
13:20:06.0548 2224  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:20:06.0595 2224  PolicyAgent - ok
13:20:06.0642 2224  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:20:06.0688 2224  PptpMiniport - ok
13:20:06.0751 2224  [ C9CA089787AA4CA892F2173A8E15C1B0 ] PROCDD          C:\Windows\system32\DRIVERS\PROCDD.SYS
13:20:06.0782 2224  PROCDD - ok
13:20:06.0813 2224  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
13:20:06.0891 2224  Processor - ok
13:20:07.0000 2224  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:20:07.0016 2224  ProfSvc - ok
13:20:07.0047 2224  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:20:07.0063 2224  ProtectedStorage - ok
13:20:07.0110 2224  [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
13:20:07.0156 2224  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
13:20:07.0156 2224  ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
13:20:07.0188 2224  [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
13:20:07.0219 2224  psadd - ok
13:20:07.0281 2224  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:20:07.0328 2224  PSched - ok
13:20:07.0422 2224  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:20:07.0468 2224  ql2300 - ok
13:20:07.0484 2224  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:20:07.0500 2224  ql40xx - ok
13:20:07.0546 2224  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
13:20:07.0578 2224  QWAVE - ok
13:20:07.0624 2224  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:20:07.0671 2224  QWAVEdrv - ok
13:20:07.0734 2224  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:20:07.0812 2224  RasAcd - ok
13:20:07.0890 2224  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
13:20:07.0968 2224  RasAuto - ok
13:20:08.0030 2224  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:20:08.0077 2224  Rasl2tp - ok
13:20:08.0170 2224  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
13:20:08.0233 2224  RasMan - ok
13:20:08.0264 2224  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:20:08.0295 2224  RasPppoe - ok
13:20:08.0326 2224  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:20:08.0373 2224  RasSstp - ok
13:20:08.0451 2224  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:20:08.0482 2224  rdbss - ok
13:20:08.0529 2224  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:20:08.0576 2224  RDPCDD - ok
13:20:08.0623 2224  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
13:20:08.0670 2224  rdpdr - ok
13:20:08.0670 2224  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:20:08.0701 2224  RDPENCDD - ok
13:20:08.0763 2224  [ 79C6DF8477250F5C54F7C5AE1D6B814E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:20:08.0810 2224  RDPWD - ok
13:20:08.0857 2224  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:20:08.0919 2224  RemoteAccess - ok
13:20:08.0982 2224  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:20:09.0044 2224  RemoteRegistry - ok
13:20:09.0075 2224  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:20:09.0138 2224  RFCOMM - ok
13:20:09.0309 2224  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
13:20:09.0356 2224  RichVideo - ok
13:20:09.0387 2224  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
13:20:09.0434 2224  rimmptsk - ok
13:20:09.0481 2224  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
13:20:09.0512 2224  rimsptsk - ok
13:20:09.0543 2224  [ D231B577024AA324AF13A42F3A807D10 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
13:20:09.0574 2224  rismxdp - ok
13:20:09.0606 2224  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
13:20:09.0637 2224  RpcLocator - ok
13:20:09.0699 2224  [ 6684437F3628EF237C354F77D33426D1 ] rpcnet          C:\Windows\system32\rpcnet.exe
13:20:09.0715 2224  rpcnet - ok
13:20:09.0855 2224  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
13:20:09.0933 2224  RpcSs - ok
13:20:09.0980 2224  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:20:10.0011 2224  rspndr - ok
13:20:10.0058 2224  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
13:20:10.0089 2224  s0016bus - ok
13:20:10.0136 2224  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
13:20:10.0152 2224  s0016mdfl - ok
13:20:10.0183 2224  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
13:20:10.0198 2224  s0016mdm - ok
13:20:10.0230 2224  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
13:20:10.0245 2224  s0016mgmt - ok
13:20:10.0276 2224  [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
13:20:10.0292 2224  s0016nd5 - ok
13:20:10.0323 2224  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
13:20:10.0339 2224  s0016obex - ok
13:20:10.0370 2224  [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
13:20:10.0386 2224  s0016unic - ok
13:20:10.0401 2224  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
13:20:10.0417 2224  SamSs - ok
13:20:10.0464 2224  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:20:10.0495 2224  sbp2port - ok
13:20:10.0526 2224  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:20:10.0573 2224  SCardSvr - ok
13:20:10.0729 2224  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
13:20:10.0776 2224  Schedule - ok
13:20:10.0807 2224  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:20:10.0822 2224  SCPolicySvc - ok
13:20:10.0885 2224  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
13:20:10.0932 2224  sdbus - ok
13:20:10.0963 2224  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:20:11.0025 2224  SDRSVC - ok
13:20:11.0166 2224  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:20:11.0197 2224  SeaPort - ok
13:20:11.0228 2224  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:20:11.0306 2224  secdrv - ok
13:20:11.0353 2224  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
13:20:11.0400 2224  seclogon - ok
13:20:11.0446 2224  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
13:20:11.0493 2224  seehcri - ok
13:20:11.0524 2224  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
13:20:11.0587 2224  SENS - ok
13:20:11.0602 2224  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:20:11.0696 2224  Serenum - ok
13:20:11.0727 2224  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:20:11.0774 2224  Serial - ok
13:20:11.0805 2224  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:20:11.0852 2224  sermouse - ok
13:20:11.0930 2224  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:20:11.0977 2224  SessionEnv - ok
13:20:12.0024 2224  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:20:12.0070 2224  sffdisk - ok
13:20:12.0070 2224  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:20:12.0117 2224  sffp_mmc - ok
13:20:12.0148 2224  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:20:12.0180 2224  sffp_sd - ok
13:20:12.0211 2224  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:20:12.0242 2224  sfloppy - ok
13:20:12.0289 2224  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:20:12.0336 2224  SharedAccess - ok
13:20:12.0414 2224  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:20:12.0429 2224  ShellHWDetection - ok
13:20:12.0460 2224  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:20:12.0476 2224  sisagp - ok
13:20:12.0492 2224  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:20:12.0492 2224  SiSRaid2 - ok
13:20:12.0523 2224  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:20:12.0538 2224  SiSRaid4 - ok
13:20:13.0724 2224  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
13:20:14.0005 2224  slsvc - ok
13:20:14.0052 2224  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:20:14.0098 2224  SLUINotify - ok
13:20:14.0145 2224  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:20:14.0192 2224  Smb - ok
13:20:14.0270 2224  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:20:14.0286 2224  SNMPTRAP - ok
13:20:14.0348 2224  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
13:20:14.0364 2224  Sony Ericsson PCCompanion - ok
13:20:14.0395 2224  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
13:20:14.0410 2224  spldr - ok
13:20:14.0457 2224  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
13:20:14.0504 2224  Spooler - ok
13:20:14.0629 2224  [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd            C:\Windows\System32\Drivers\sptd.sys
13:20:14.0676 2224  sptd - ok
13:20:14.0816 2224  [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:20:14.0847 2224  SQLWriter - ok
13:20:14.0925 2224  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:20:15.0003 2224  srv - ok
13:20:15.0066 2224  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:20:15.0112 2224  srv2 - ok
13:20:15.0159 2224  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:20:15.0175 2224  srvnet - ok
13:20:15.0222 2224  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:20:15.0253 2224  SSDPSRV - ok
13:20:15.0331 2224  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
13:20:15.0346 2224  ssmdrv - ok
13:20:15.0409 2224  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:20:15.0440 2224  SstpSvc - ok
13:20:15.0565 2224  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
13:20:15.0643 2224  stisvc - ok
13:20:15.0752 2224  [ 0A7B73E9C30A7F8F4E54DB638611DA39 ] SUService       C:\Program Files\Lenovo\System Update\SUService.exe
13:20:15.0768 2224  SUService ( UnsignedFile.Multi.Generic ) - warning
13:20:15.0768 2224  SUService - detected UnsignedFile.Multi.Generic (1)
13:20:15.0799 2224  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:20:15.0814 2224  swenum - ok
13:20:15.0877 2224  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
13:20:15.0939 2224  swprv - ok
13:20:15.0986 2224  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:20:16.0002 2224  Symc8xx - ok
13:20:16.0002 2224  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:20:16.0017 2224  Sym_hi - ok
13:20:16.0048 2224  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:20:16.0064 2224  Sym_u3 - ok
13:20:16.0111 2224  [ F7A4250BB3E3AFCD4AF100E551509352 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:20:16.0126 2224  SynTP - ok
13:20:16.0189 2224  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
13:20:16.0251 2224  SysMain - ok
13:20:16.0314 2224  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:20:16.0345 2224  TabletInputService - ok
13:20:16.0376 2224  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:20:16.0407 2224  TapiSrv - ok
13:20:16.0470 2224  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
13:20:16.0516 2224  TBS - ok
13:20:16.0594 2224  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:20:16.0641 2224  Tcpip - ok
13:20:16.0672 2224  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:20:16.0735 2224  Tcpip6 - ok
13:20:16.0766 2224  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:20:16.0797 2224  tcpipreg - ok
13:20:16.0860 2224  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:20:16.0891 2224  TDPIPE - ok
13:20:16.0922 2224  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:20:16.0969 2224  TDTCP - ok
13:20:17.0016 2224  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:20:17.0062 2224  tdx - ok
13:20:17.0078 2224  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:20:17.0109 2224  TermDD - ok
13:20:17.0140 2224  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
13:20:17.0187 2224  TermService - ok
13:20:17.0218 2224  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
13:20:17.0234 2224  Themes - ok
13:20:17.0499 2224  [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
13:20:17.0546 2224  ThinkVantage Registry Monitor Service - ok
13:20:17.0577 2224  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:20:17.0608 2224  THREADORDER - ok
13:20:17.0733 2224  [ A2080872EFB7582B43762141AE8D61B9 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
13:20:17.0749 2224  TPHKSVC - ok
13:20:17.0811 2224  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
13:20:17.0842 2224  TrkWks - ok
13:20:17.0952 2224  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:20:17.0998 2224  TrustedInstaller - ok
13:20:18.0092 2224  [ EE5DCB6F4EDE5D0B85C4996462A4E133 ] TSSCoreService  C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
13:20:18.0123 2224  TSSCoreService - ok
13:20:18.0170 2224  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:20:18.0201 2224  tssecsrv - ok
13:20:18.0248 2224  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:20:18.0295 2224  tunmp - ok
13:20:18.0342 2224  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:20:18.0404 2224  tunnel - ok
13:20:18.0716 2224  [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler   c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
13:20:18.0810 2224  TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
13:20:18.0810 2224  TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
13:20:18.0903 2224  [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
13:20:18.0950 2224  TVTI2C - ok
13:20:18.0981 2224  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:20:18.0997 2224  uagp35 - ok
13:20:19.0044 2224  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:20:19.0090 2224  udfs - ok
13:20:19.0137 2224  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:20:19.0184 2224  UI0Detect - ok
13:20:19.0215 2224  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:20:19.0246 2224  uliagpkx - ok
13:20:19.0262 2224  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:20:19.0293 2224  uliahci - ok
13:20:19.0324 2224  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:20:19.0356 2224  UlSata - ok
13:20:19.0387 2224  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:20:19.0402 2224  ulsata2 - ok
13:20:19.0465 2224  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:20:19.0512 2224  umbus - ok
13:20:19.0605 2224  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:20:19.0652 2224  UmRdpService - ok
13:20:19.0699 2224  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
13:20:19.0746 2224  upnphost - ok
13:20:19.0808 2224  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
13:20:19.0839 2224  USBAAPL - ok
13:20:19.0886 2224  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:20:19.0917 2224  usbccgp - ok
13:20:19.0995 2224  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:20:20.0073 2224  usbcir - ok
13:20:20.0120 2224  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:20:20.0167 2224  usbehci - ok
13:20:20.0214 2224  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:20:20.0260 2224  usbhub - ok
13:20:20.0323 2224  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:20:20.0385 2224  usbohci - ok
13:20:20.0416 2224  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:20:20.0479 2224  usbprint - ok
13:20:20.0510 2224  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:20:20.0572 2224  USBSTOR - ok
13:20:20.0619 2224  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:20:20.0666 2224  usbuhci - ok
13:20:20.0744 2224  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:20:20.0806 2224  usbvideo - ok
13:20:20.0869 2224  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
13:20:20.0931 2224  UxSms - ok
13:20:21.0025 2224  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
13:20:21.0103 2224  vds - ok
13:20:21.0150 2224  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:20:21.0243 2224  vga - ok
13:20:21.0306 2224  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:20:21.0352 2224  VgaSave - ok
13:20:21.0384 2224  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:20:21.0399 2224  viaagp - ok
13:20:21.0415 2224  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:20:21.0462 2224  ViaC7 - ok
13:20:21.0493 2224  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
13:20:21.0508 2224  viaide - ok
13:20:21.0524 2224  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:20:21.0540 2224  volmgr - ok
13:20:21.0742 2224  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:20:21.0789 2224  volmgrx - ok
13:20:21.0836 2224  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:20:21.0867 2224  volsnap - ok
13:20:21.0898 2224  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:20:21.0914 2224  vsmraid - ok
13:20:22.0242 2224  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
13:20:22.0320 2224  VSS - ok
13:20:22.0460 2224  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
13:20:22.0522 2224  W32Time - ok
13:20:22.0569 2224  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:20:22.0616 2224  WacomPen - ok
13:20:22.0647 2224  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:20:22.0694 2224  Wanarp - ok
13:20:22.0710 2224  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:20:22.0725 2224  Wanarpv6 - ok
13:20:22.0975 2224  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
13:20:23.0068 2224  wbengine - ok
13:20:23.0178 2224  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:20:23.0224 2224  wcncsvc - ok
13:20:23.0287 2224  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:20:23.0334 2224  WcsPlugInService - ok
13:20:23.0380 2224  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
13:20:23.0380 2224  Wd - ok
13:20:23.0443 2224  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:20:23.0490 2224  Wdf01000 - ok
13:20:23.0521 2224  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:20:23.0583 2224  WdiServiceHost - ok
13:20:23.0614 2224  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:20:23.0646 2224  WdiSystemHost - ok
13:20:23.0724 2224  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
13:20:23.0770 2224  WebClient - ok
13:20:23.0817 2224  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:20:23.0880 2224  Wecsvc - ok
13:20:23.0911 2224  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:20:23.0958 2224  wercplsupport - ok
13:20:24.0020 2224  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:20:24.0067 2224  WerSvc - ok
13:20:24.0098 2224  [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
13:20:24.0114 2224  WimFltr - ok
13:20:24.0270 2224  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:20:24.0301 2224  WinDefend - ok
13:20:24.0332 2224  WinHttpAutoProxySvc - ok
13:20:24.0426 2224  Winmgmt - ok
13:20:24.0706 2224  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:20:24.0769 2224  WinRM - ok
13:20:24.0862 2224  [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
13:20:24.0909 2224  WinUSB - ok
13:20:24.0972 2224  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:20:25.0034 2224  Wlansvc - ok
13:20:25.0564 2224  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:20:25.0720 2224  wlidsvc - ok
13:20:25.0783 2224  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:20:25.0845 2224  WmiAcpi - ok
13:20:26.0157 2224  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:20:26.0188 2224  wmiApSrv - ok
13:20:26.0688 2224  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:20:26.0828 2224  WMPNetworkSvc - ok
13:20:26.0890 2224  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:20:26.0922 2224  WPDBusEnum - ok
13:20:27.0000 2224  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
13:20:27.0015 2224  WpdUsb - ok
13:20:28.0092 2224  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:20:28.0154 2224  WPFFontCache_v0400 - ok
13:20:28.0185 2224  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:20:28.0216 2224  ws2ifsl - ok
13:20:28.0263 2224  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
13:20:28.0310 2224  wscsvc - ok
13:20:28.0310 2224  WSearch - ok
13:20:28.0560 2224  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:20:28.0653 2224  wuauserv - ok
13:20:28.0809 2224  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:20:28.0872 2224  WUDFRd - ok
13:20:28.0918 2224  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:20:28.0981 2224  wudfsvc - ok
13:20:29.0028 2224  ================ Scan global ===============================
13:20:29.0090 2224  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:20:29.0230 2224  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:20:29.0262 2224  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:20:29.0308 2224  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:20:29.0324 2224  [Global] - ok
13:20:29.0324 2224  ================ Scan MBR ==================================
13:20:29.0355 2224  [ 1909C09C4A15FD3374690C377F770846 ] \Device\Harddisk0\DR0
13:20:30.0619 2224  \Device\Harddisk0\DR0 - ok
13:20:30.0619 2224  ================ Scan VBR ==================================
13:20:30.0650 2224  [ 23541C72E49FFB011FAFD8E022F5A49D ] \Device\Harddisk0\DR0\Partition1
13:20:30.0650 2224  \Device\Harddisk0\DR0\Partition1 - ok
13:20:30.0666 2224  [ EAA4163EB36EE8BEC489DFB93E5004B2 ] \Device\Harddisk0\DR0\Partition2
13:20:30.0666 2224  \Device\Harddisk0\DR0\Partition2 - ok
13:20:30.0666 2224  ============================================================
13:20:30.0666 2224  Scan finished
13:20:30.0666 2224  ============================================================
13:20:30.0697 3124  Detected object count: 18
13:20:30.0697 3124  Actual detected object count: 18
13:26:05.0176 3124  CDRPDACC ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0176 3124  CDRPDACC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0176 3124  CVirtA ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0176 3124  CVirtA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0176 3124  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0176 3124  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0192 3124  Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124  Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0192 3124  epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124  epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0192 3124  EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124  EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0192 3124  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0192 3124  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0192 3124  NETw5v32 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124  NETw5v32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0192 3124  nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124  nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0192 3124  nltdi ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0192 3124  nltdi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0208 3124  OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124  OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0208 3124  OpcEnum ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124  OpcEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0208 3124  pfc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124  pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0208 3124  PMSveH ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124  PMSveH ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0208 3124  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0208 3124  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:26:05.0208 3124  TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:05.0208 3124  TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Viele Grüße,

Torben

Alt 27.01.2013, 13:08   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.01.2013, 14:05   #15
TB-Mobil
 
GVU-Trojaner unter Windows VISTA - Standard

GVU-Trojaner unter Windows VISTA



Sooo, Combofix ausgeführt.

Log ist hier:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-27.03 - *** 27.01.2013  14:20:57.1.2 - x86
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeA988.dll
c:\programdata\pswi_preloaded.exe
c:\programdata\Taskmgr
c:\programdata\Taskmgr\SP01.int
c:\programdata\Taskmgr\WPO13.int
c:\users\***\AppData\Roaming\inst.exe
c:\users\***\AppData\Roaming\Microsoft\AddIns\CET-Program\CET93.exe
c:\users\***\AppData\Roaming\Microsoft\AddIns\CET-Source\Debug\CET93.exe
c:\users\***\ia_remove.sh1472.tmp
c:\users\***\ia_remove.sh2265.tmp
c:\users\***\ia_remove.sh7038.tmp
c:\users\***\ia_remove.sh8503.tmp
c:\windows\w32dasm8.ini
.
Infizierte Kopie von c:\windows\System32\autochk.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-27 bis 2013-01-27  ))))))))))))))))))))))))))))))
.
.
2013-01-27 13:34 . 2013-01-27 13:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-23 16:23 . 2013-01-23 16:22	859552	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-01-23 16:22 . 2013-01-23 16:22	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-21 20:06 . 2013-01-21 20:06	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-01-21 20:05 . 2013-01-21 20:05	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-21 20:05 . 2013-01-21 20:05	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-21 20:05 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-05 11:59 . 2013-01-05 12:23	--------	d-----w-	c:\program files\Avidemux_2.6.1
2013-01-03 18:28 . 2013-01-03 18:28	--------	d-----w-	c:\program files\Dropbox
2013-01-03 09:07 . 2013-01-03 09:42	--------	d-----w-	c:\users\***\AppData\Roaming\Audacity
2013-01-03 09:07 . 2013-01-03 09:16	--------	d-----w-	c:\program files\Audacity_2.0.2
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-27 13:46 . 2010-12-01 10:24	17408	----a-w-	c:\windows\system32\rpcnetp.exe
2013-01-27 13:46 . 2010-12-01 10:28	58288	----a-w-	c:\windows\system32\rpcnet.dll
2013-01-27 10:05 . 2010-12-01 10:24	17408	----a-w-	c:\windows\system32\rpcnetp.dll
2013-01-23 16:22 . 2010-05-03 15:12	780192	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-20 14:57 . 2012-08-06 15:55	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-20 14:57 . 2011-05-31 15:44	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-15 01:49 . 2013-01-25 18:22	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{17CBB778-17CC-462C-A445-D7033AD6A859}\mpengine.dll
2012-12-17 17:05 . 2012-11-15 17:13	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-17 17:05 . 2012-11-15 17:13	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-07 18:10 . 2010-12-01 10:28	58288	------w-	c:\windows\system32\rpcnet.exe
2012-11-16 17:48 . 2012-11-15 17:13	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-06-27 18:41 . 2011-06-14 20:53	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-17 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2025591093-2054289321-3464103709-1003]
"EnableNotificationsRef"=dword:00000001
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 16:32]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 16:32]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-29 15:02]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-29 15:02]
.
2010-02-02 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2010-02-02 10:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig?hl=de&amp;source=iglk
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: apemap.com
TCP: Interfaces\{AD98FF75-9315-4485-81B0-7FED0807963F}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0geh3hg9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - ExtSQL: !HIDDEN! 2009-06-24 17:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-27 14:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2025591093-2054289321-3464103709-1003\Software\Buhl Data Service\On4u2\nanoPEG-MPEG2\ExtData*]
"OfflineKey"="f2il02yz+PoZfjShe/bLtuIDuYUBXeXUSWODhqNUumuillSxrfUfT0bxarmfYtLp4zQvX/frLlkGRzjW8wFj1YIjNQTkcipaGHiRsqxfWeML3zNdlQAR2qpUclY4tqG7hrq0toHzSqNvyr03dnd293CDD57I+nETnlnnu4AKgI3ULnXKu/K2ZzeRLfLPDBgAPUy1D3ancm3tlUij0+XCew==XkW7KTUw4/ERXZYHib2UcoL0C2ZB96ivDmVp8Hxoud4WhbS+FPwy3zwTLhtuwow5VXDxMiadgorR9F/GSnOdBg=="
"InitTime"=dword:00009cbd
"LastTime"=dword:00009cbd
"Keyindex"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
"MtuAdjustment"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mpDRM\LicenseStore*]
"CheckValue"=dword:c178516b
"37C0668E"="EC05217F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2336)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\IPSSVC.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\LENOVO\HOTKEY\FNF5SVC.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-27  14:56:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-27 13:56
.
Vor Suchlauf: 5.081.128.960 Bytes frei
Nach Suchlauf: 5.658.505.216 Bytes frei
.
- - End Of File - - C3A220F1A5DAB74A28F32AA50B26DC29
         
--- --- ---


Viele Grüße,

Torben

Antwort

Themen zu GVU-Trojaner unter Windows VISTA
audacity, audiograbber, avira, bho, bingbar, bonjour, downloader, dsl, error, excel, firefox, flash player, google, grand theft auto, ida pro, iexplore.exe, install.exe, jdownloader, kaspersky, lenovo, logfile, microsoft office 2003, mozilla, mp3, msiinstaller, object, office 2007, problem, realtek, recuva, registry, registry cleaner, rundll, schach, security, software, svchost.exe, vista, visual studio, windows



Ähnliche Themen: GVU-Trojaner unter Windows VISTA


  1. win32downloader.gen Befall unter Windows Vista Home Premium
    Log-Analyse und Auswertung - 26.09.2013 (15)
  2. GVU Trojaner 2013 unter Vista
    Log-Analyse und Auswertung - 08.07.2013 (33)
  3. GVU Trojaner unter Vista 64Bit
    Log-Analyse und Auswertung - 05.03.2013 (11)
  4. GVU-Trojaner unter Windows VISTA 32 Bit Home Premium
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (19)
  5. GVU-Trojaner blockiert alles! (unter Windows Vista)
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (5)
  6. GVU-Trojaner unter Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (18)
  7. Verschlüsselungstrojaner unter Windows Vista blockiert Bildschirm
    Log-Analyse und Auswertung - 27.07.2012 (18)
  8. GVU Trojaner (mit Webcam?) unter Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (2)
  9. BKA Trojaner unter Vista
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  10. Unter Windows Vista mehrere kleine virtuelle destops ?
    Log-Analyse und Auswertung - 18.07.2010 (1)
  11. Windows Explorer startet unter Vista immer wieder neu
    Alles rund um Windows - 23.03.2010 (1)
  12. bluescreen unter windows vista und windows 7
    Alles rund um Windows - 08.02.2010 (3)
  13. Problem mit Laufwerk unter Windows vista
    Netzwerk und Hardware - 03.04.2009 (2)
  14. Aussetzer unter Windows Vista - Details inside
    Plagegeister aller Art und deren Bekämpfung - 27.01.2009 (4)
  15. Bluescreen unter Windows Vista nach Anmeldung
    Mülltonne - 13.12.2008 (0)
  16. Fehler meldung unter windows vista Help me
    Alles rund um Windows - 22.08.2008 (5)
  17. oblivion unter windows vista
    Alles rund um Windows - 06.08.2007 (7)

Zum Thema GVU-Trojaner unter Windows VISTA - Hallo, ich hab mir den GVU-Trojaner eingefangen. Nach einiger Suche zu dem Problem (anderer Rechner) hab ich mit einer Start-CD und Kaspersky WindowsUnlocker und manuellem Datei-Löschen schon das Gröbste bereinigt - GVU-Trojaner unter Windows VISTA...
Archiv
Du betrachtest: GVU-Trojaner unter Windows VISTA auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.