Hallo,
vom Viren-Scan wurde nichts gefunden. Daher nur Log-Files von OTL und Rootkit-Scan von Gmer.
OTL Code:
OTL logfile created on: 22.05.2013 21:52:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,92% Memory free
15,89 Gb Paging File | 14,17 Gb Available in Paging File | 89,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 409,36 Gb Free Space | 62,53% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,58 Gb Free Space | 91,66% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.22 21:47:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL\OTL.exe
PRC - [2013.05.15 20:10:54 | 002,833,448 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2012.11.28 18:34:08 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012.11.28 18:24:16 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2012.04.24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2011.05.10 13:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 20:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.24 13:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.08.25 06:07:40 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.15 19:34:51 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.15 19:34:37 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.15 19:34:32 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013.04.07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll
MOD - [2013.01.14 13:17:31 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013.01.14 13:17:30 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013.01.14 13:05:04 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.14 13:04:34 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.14 13:04:18 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.14 13:04:14 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.14 13:04:10 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.29 01:18:56 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012.11.28 18:34:08 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012.11.28 18:24:16 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.11 12:39:46 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010.11.11 12:38:44 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.04.07 10:54:58 | 001,455,408 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV - [2013.05.15 20:10:54 | 002,833,448 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013.05.14 22:14:46 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.14 23:30:52 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV - [2012.12.28 14:14:40 | 000,277,640 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.05.10 13:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.01.12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.10.13 19:19:12 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_3A60B698)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.01.26 20:17:25 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.13 17:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.12.12 17:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.11.28 18:31:18 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.11.28 18:31:17 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.11.28 18:30:00 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.11.28 18:30:00 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.11.28 18:24:36 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2012.11.28 18:24:36 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 13:00:18 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.06 00:46:36 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.12.24 13:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.17 03:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.13 05:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.28 12:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://start.iminent.com/?appId=8F12A87A-9448-4699-A46C-45E0746116A8&ref=toolbox&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {151B4122-7806-4500-B0A3-3714509409FF}
IE - HKCU\..\SearchScopes\{151B4122-7806-4500-B0A3-3714509409FF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://start.iminent.com/?appId=8F12A87A-9448-4699-A46C-45E0746116A8&ref=toolbox&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..browser.startup.homepage: "hxxp://start.iminent.com/?appId=8F12A87A-9448-4699-A46C-45E0746116A8"
FF - prefs.js..browser.search.selectedEngine: "StartWeb"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013.05.15 19:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.03.22 20:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.01.26 20:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.15 19:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.15 19:38:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121210144246.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121210144246.dll File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" File not found
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe File not found
O4 - HKLM..\RunOnce: [SPUpdSentinel] C:\Program Files (x86)\Common Files\Umbrella\umbrella_bkp.exe (Iminent)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99570B6D-ADD6-42B4-BF76-49AB0BC826BF}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1FC3ADE-985C-47E7-835E-7A3AFFCAD50E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE071901-064F-433F-89E5-D3CD5EF4C8E8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{220bc55c-6763-11e2-b41e-dc0ea1795853}\Shell - "" = AutoRun
O33 - MountPoints2\{220bc55c-6763-11e2-b41e-dc0ea1795853}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.22 21:49:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\gmr
[2013.05.22 21:47:20 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\OTL
[2013.05.15 19:38:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2013.05.12 22:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.28 15:19:39 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\jmdp
[2013.04.28 15:19:38 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\ARFC
========== Files - Modified Within 30 Days ==========
[2013.05.22 21:25:57 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.05.22 21:25:57 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.05.22 21:25:57 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.05.22 21:25:57 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.05.22 21:25:57 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.05.22 21:24:06 | 000,022,240 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 21:24:06 | 000,022,240 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 21:19:24 | 000,560,166 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.05.22 21:19:06 | 000,000,266 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2013.05.22 21:18:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.22 21:18:22 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 02:14:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.05.15 20:06:14 | 000,428,824 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.15 19:38:36 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
========== Files Created - No Company Name ==========
[2013.05.15 19:38:36 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.15 19:38:36 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.19 21:04:45 | 000,000,153 | ---- | C] () -- C:\ProgramData\2895432.reg
[2013.02.19 21:04:45 | 000,000,059 | ---- | C] () -- C:\ProgramData\2895432.bat
[2013.02.19 21:04:44 | 095,023,320 | ---- | C] () -- C:\ProgramData\2895432.pad
[2013.01.25 17:49:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\9yIjFC7.pad
[2013.01.05 16:18:09 | 000,004,919 | ---- | C] () -- C:\ProgramData\rznaopga.sea
[2012.12.12 17:41:24 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.12.12 17:38:16 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012.12.12 17:38:14 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012.12.08 17:01:33 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.11.29 10:42:04 | 000,003,072 | ---- | C] () -- C:\Users\User\AppData\Local\file__0.localstorage
[2012.11.28 18:34:11 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.11.28 18:34:11 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.11.28 18:34:11 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.11.28 18:34:11 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.11.28 18:34:06 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.11.28 18:24:36 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2012.11.28 18:24:36 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2012.11.28 18:24:36 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2012.11.28 18:24:36 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2012.11.28 18:24:36 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2012.11.28 18:19:34 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
[2012.11.28 18:19:34 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2012.11.28 18:19:34 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
[2012.11.28 18:19:34 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
[2012.11.28 18:19:34 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
[2012.11.28 18:19:34 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini
[2012.11.28 18:17:33 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012.11.28 17:59:19 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.11.28 17:59:17 | 000,206,952 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.11.28 17:59:16 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.02.09 04:07:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ahihv
[2012.12.05 01:45:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ArcSyncConfig
[2013.01.05 16:17:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Carambis
[2013.01.03 18:28:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013.01.05 16:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\dll-files.com
[2013.02.03 21:12:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations
[2013.04.07 19:06:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DriverFinder
[2013.01.05 16:51:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EasyCapture
[2013.02.03 21:13:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileOpen
[2013.02.19 19:26:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxoys
[2013.02.18 05:12:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Izumab
[2012.12.05 13:29:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lenovo
[2013.01.03 18:56:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LucasArts
[2013.02.18 05:12:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Moabr
[2013.02.19 21:00:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Neefzi
[2013.02.03 21:13:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro
[2013.04.03 19:01:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF
[2013.01.12 03:27:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++
[2013.01.26 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2013.02.18 05:12:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Utnoy
[2013.01.05 18:00:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >
Extras OTL Code:
OTL Extras logfile created on: 22.05.2013 21:52:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,92% Memory free
15,89 Gb Paging File | 14,17 Gb Available in Paging File | 89,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 409,36 Gb Free Space | 62,53% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,58 Gb Free Space | 91,66% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12080875-A778-4F47-9E86-33D520AED1EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1547EFA0-1219-4E1B-83E8-07A285CE3297}" = rport=10243 | protocol=6 | dir=out | app=system |
"{189D1603-1CDD-45DB-B1AD-878081189B31}" = rport=138 | protocol=17 | dir=out | app=system |
"{246C262C-7075-465A-BDE6-70E9F681044C}" = lport=138 | protocol=17 | dir=in | app=system |
"{2DB7B03F-D371-4C2C-8E7C-BE6CD94A8310}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{389FC97B-42E9-4658-9C81-EA32A450CEB4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{45A7ED61-4DB1-444E-8C0D-4276B44D3F5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{54340265-BA3F-4C4A-AC40-6FFD0DF24CE4}" = rport=139 | protocol=6 | dir=out | app=system |
"{567B5A16-ACE9-4F63-9B94-2801DD2B80D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{587A8B0D-0504-4207-ADCB-B1CA6911BEA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{741623B5-3C63-4E9A-8E10-FDAC1EDDE605}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D910E1A-44DF-4AF4-B63C-393A28FD78BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F7EA15B-72DD-4384-A22B-0EDF55377797}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{900E7420-55DD-43DA-8996-C67C46AD01B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1AC8513-F8D5-43DF-93B4-80756F83F90A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A33F7681-4016-4145-A663-D62D1EA2934D}" = rport=137 | protocol=17 | dir=out | app=system |
"{A522DC6F-B9FC-4C44-B0E4-5776C3EBEF84}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AFF06A5F-CA25-4535-85D0-09AAAE75B5A1}" = lport=139 | protocol=6 | dir=in | app=system |
"{D84098D9-49CD-4B7A-8E8E-F344CC08FC13}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF83433B-7F9F-4735-9981-D9D47CA70612}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E14F029B-9CC1-40CE-BF50-CDA3BF816881}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E654FAC0-AE65-45AE-8AEB-DEDE41BD6BB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E78401C3-BB56-4DF4-9024-0EB7508CB956}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE267527-9DE9-4866-A250-696B07B91ED2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0E17041-D049-490E-8D12-387FAD865FEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAB6332C-116C-4AE5-813C-83EFFD1CCD25}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043B1C85-3FE4-4215-AFB4-59007DC89E0E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{083BC57D-BCF2-4181-88AB-004FD22035F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{088E4FF8-D8BC-48A5-B859-0197ABE3A9A1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0EBA96E5-4DD5-47CC-8CC9-2F09C890FB97}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{0F3C45B5-2706-40B8-A541-61BFFE3FCCB0}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{0FF4A3DA-6D8B-4534-BC94-0179C7661180}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1E9D3095-5A0C-46A4-B21B-BD3D0F6BAB92}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{24838BCF-3FDA-4D8B-AB2A-155E57318978}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{26359430-76A5-46EB-96B2-783C57C45DB7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{2B14CB2A-E236-4C53-A552-998A9BA4A8A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{2CDA9127-3CCA-4FBC-A1F5-CB2C05771632}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D146BA0-3C3A-4DB3-AF3C-2D67481E7C18}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{331338EE-F519-4A87-9DD8-A202E052C527}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{340C289C-2910-488D-AF75-7BA43A3EFAE2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3733C063-4DB4-47DF-AA73-321F0EC26A93}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{388FBA24-81A6-4A24-A1D5-07FB49BBBA3D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{3A4C726E-4DD5-4722-BB4E-FCB820F16F33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3ECD5E8E-3EE6-4583-A9E5-1D5ABABBE559}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{3FF1B5C3-0C41-47D0-AC38-89664DB0D594}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{422AF11A-9B96-4CFE-97B7-56340B513748}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{44AA8117-342D-491A-86C4-95E712D025B3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{4610E22A-F0B2-47B8-A88F-21359CC8BD7C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46A07633-2A6B-4793-85F0-292E7B648575}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{537D682F-016C-42E5-8A56-9E2FB08CD49A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5625EFF8-C80E-4D08-9C39-20BFCE45F36C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C9627BD-2339-4579-80CC-4740384E4A32}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{674DFF40-2A23-4D15-B5FC-8527E8A5A22C}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{68724D93-EBB7-42BB-BDD4-48A98B7B7F76}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7012B06F-CF02-4684-A598-616B950440AA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{703C7C03-543C-471E-96DC-817B26AFC731}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{773988FC-2A4D-45B1-B2C6-8402087C1DD2}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd9.exe |
"{7746B03B-5EDC-4FF7-9690-5A7868C4B8BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A0F8F6C-4C12-4BD8-B9E0-0FE3506FAAA6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{87F1315E-C8CB-48C5-A993-56AF46F2733C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{890395D3-85FE-4F4E-B3F2-04FF6D5246B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B26F5A5-95E8-4C75-A3CB-0D9BE494D00E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B65B9BE-ADC6-464E-8011-7861D74514D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D0F9DAD-693D-4631-91CE-F5055BF4B2ED}" = protocol=6 | dir=out | app=system |
"{92D33FD0-084C-4155-8BC3-F95C6A2EB8E6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{94218D28-A3A3-4486-BB92-10208E61E611}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99D9E99C-0C44-4CDA-AA9A-4ECAAEBF5BBC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CA2CD37-4074-4244-A370-488ECB062748}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9D7F5426-135C-477B-A05A-C6A957626CAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A3D72CD4-68CC-45A1-9A96-657063FD4D53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A84F9F96-5095-4EF1-97D9-74DCB4B9E218}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9D8922A-1402-4B39-AC20-A10D0702551E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADF0528D-A486-43D0-8880-1DA7A67911B6}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{AEDE721F-DDDD-4144-BE48-247EC9E1B1A1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B787FC1A-0661-450A-A027-ACE13A843F83}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B800E858-039E-4B8E-B977-6F18B3203125}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF2E441E-7488-4C63-8EF2-67D436341D50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D98091DA-6DBD-48AB-81A8-BA932F974920}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E1AC1925-6202-4F1D-9CEF-4002414D5016}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E4400728-23D3-48FA-B711-402528C8B81F}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{ED21013D-4706-4696-BB07-2C1BE3CB448E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EE5D0ED2-DD82-41B0-A5E8-7E96CF992E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{F12E569D-AAF4-4363-8567-E4C9853CCDF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{09E1A218-8F44-4AF2-9CBE-E721E92A6A73}C:\users\user\appdata\roaming\neefzi\koum.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\neefzi\koum.exe |
"TCP Query User{7600AF18-4F9F-47C0-A9B0-01C6CF3FE59D}C:\program files (x86)\lenovo\lenovo directshare\directshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\lenovo directshare\directshare.exe |
"UDP Query User{53F3EC84-A48C-4025-985A-DDBCE3BA4142}C:\users\user\appdata\roaming\neefzi\koum.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\neefzi\koum.exe |
"UDP Query User{E9ACB49A-0D76-4E17-BD0A-31F54519D76F}C:\program files (x86)\lenovo\lenovo directshare\directshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\lenovo directshare\directshare.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029A4933-3F36-4E4F-AEC3-2207AB26463D}" = Broadcom Gigabit NetLink Controller
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{19DA64EF-B234-4AC0-BA1A-B64E338913C9}" = Nitro Reader 3
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{53267D72-6C02-1014-AA47-7BB98049ACF7}" = Strawberry Perl (64-bit)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 266.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{118D6CE9-5F18-42F9-958A-14676A629FDE}" = Iminent
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DAEMON Tools Lite" = DAEMON Tools Lite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"WNLT" = IB Updater Service
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.04.2013 09:03:23 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4976
Error - 21.04.2013 08:47:04 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 21.04.2013 08:47:04 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 85425758
Error - 21.04.2013 08:47:04 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 85425758
Error - 21.04.2013 10:22:35 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 21.04.2013 10:22:35 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5008
Error - 21.04.2013 10:22:35 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008
Error - 21.04.2013 10:22:40 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 21.04.2013 10:22:40 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
Error - 21.04.2013 10:22:40 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
[ System Events ]
Error - 22.03.2013 15:00:37 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
HWiNFO32
Error - 22.03.2013 15:01:36 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 22.03.2013 15:03:54 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
HWiNFO32
Error - 22.03.2013 15:04:53 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 22.03.2013 15:13:31 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
HWiNFO32
Error - 22.03.2013 15:14:31 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 24.03.2013 09:57:05 | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.147.267.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9302.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 29.03.2013 13:07:54 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
HWiNFO32
Error - 29.03.2013 13:08:54 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 31.03.2013 18:38:08 | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.147.718.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9302.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
< End of report >
und Rootkit-Scan gmer: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-22 22:13:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF4Z 698,64GB
Running: i3jl5ghx.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2264] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c11465 2 bytes [C1, 77]
.text C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe[2264] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c114bb 2 bytes [C1, 77]
.text ... * 2
.text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8
.text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038
.text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdf60138
.text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\WINMM.dll!waveOutReset 000007fefac9a38c 5 bytes JMP 000007fefdf602b8
.text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\WINMM.dll!waveOutPause 000007fefacb4b60 5 bytes JMP 000007fefdf60238
.text C:\windows\system32\taskhost.exe[3300] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefacb4ba0 5 bytes JMP 000007fefdf601b8
.text C:\Windows\SysWOW64\jmdp\stij.exe[3548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c11465 2 bytes [C1, 77]
.text C:\Windows\SysWOW64\jmdp\stij.exe[3548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c114bb 2 bytes [C1, 77]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\WINMM.dll!waveOutReset 000007fefac9a38c 5 bytes JMP 000007fefdf602b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\WINMM.dll!waveOutPause 000007fefacb4b60 5 bytes JMP 000007fefdf60238
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefacb4ba0 5 bytes JMP 000007fefdf601b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3648] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdf60138
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3672] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3672] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3672] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038
.text C:\Windows\System32\hkcmd.exe[3704] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038
.text C:\Windows\System32\hkcmd.exe[3704] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdfa00b8
.text C:\Windows\System32\hkcmd.exe[3704] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdfa0038
.text C:\Windows\System32\hkcmd.exe[3704] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdfa0138
.text C:\Windows\System32\igfxpers.exe[3720] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038
.text C:\Windows\System32\igfxpers.exe[3720] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8
.text C:\Windows\System32\igfxpers.exe[3720] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038
.text C:\Windows\System32\igfxpers.exe[3720] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdf60138
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdf600b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdf60038
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdf60138
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\WINMM.dll!waveOutReset 000007fefac9a38c 5 bytes JMP 000007fefdf602b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\WINMM.dll!waveOutPause 000007fefacb4b60 5 bytes JMP 000007fefdf60238
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefacb4ba0 5 bytes JMP 000007fefdf601b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef3456944 5 bytes JMP 000007fefdf604b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\DSOUND.dll!DirectSoundCreate 000007fef3475a84 5 bytes JMP 000007fefdf60438
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\DDRAW.dll!DirectDrawCreate 000007fef34e815c 5 bytes JMP 000007fefdf60338
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3784] C:\windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef34e8968 5 bytes JMP 000007fefdf603b8
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000110002850
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000735fadf9 5 bytes JMP 0000000110003390
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\Windows\SysWOW64\WINMM.dll!waveOutPause 0000000073615484 5 bytes JMP 0000000110003430
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[3156] C:\Windows\SysWOW64\WINMM.dll!waveOutRestart 00000000736154b8 5 bytes JMP 00000001100034d0
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000100462710
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001004627f0
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000100462780
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c11465 2 bytes [C1, 77]
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c114bb 2 bytes [C1, 77]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3148] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000100462850
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3100] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000100352710
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3100] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001003527f0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3100] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000100352780
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3100] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000100352850
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000110002850
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000110002850
.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[2008] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[2008] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\CyberLink\Shared Files\brs.exe[2008] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1860] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000753b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1860] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000753b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1860] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000753b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1860] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000760a9d0b 5 bytes JMP 0000000110002850
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077c11465 2 bytes [C1, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077c114bb 2 bytes [C1, 77]
.text ... * 2
.text c:\PROGRA~1\MICROS~2\msseces.exe[5308] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077956f80 5 bytes JMP 0000000169ff0038
.text c:\PROGRA~1\MICROS~2\msseces.exe[5308] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdfb9940 5 bytes JMP 000007fffdfa00b8
.text c:\PROGRA~1\MICROS~2\msseces.exe[5308] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefdfbbbb0 5 bytes JMP 000007fffdfa0038
.text c:\PROGRA~1\MICROS~2\msseces.exe[5308] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5d7490 5 bytes JMP 000007fffdfa0138
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
---- EOF - GMER 2.1 ----
Danke!
Gruß
nöb |
Lesestoff: