Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner eingefangen... (https://www.trojaner-board.de/134958-gvu-trojaner-eingefangen.html)

S2k13 14.05.2013 22:43
GVU Trojaner eingefangen...
 
Hallo,
leider habe ich mir einen GVU-Trojaner eingefangen und werde aufgefordert meinen PC gegen Geld freischalten zu lassen.

Abgesicherter Modus funktioniert. Habe OLT Gelände und ausgeführt. Die Files kann ich Posten, wenn GMER durch ist (beide Programme habe ich aus Einträgen in diesem Forum).

Benötige Hilfe!
Gruß,
S2k13

markusg 14.05.2013 22:44
Hi
kannst auch erst mal ohne Gmer posten.

S2k13 14.05.2013 22:46
Hallo,
nutze auf dem PC Win7 und bin nicht Admin.
Gruß,
S2k13

Hallo.
OK. Das Luft aber gerade auf dem PC. Dem Post erfasse ich mit dem Smartphone.

Kann ich GMER einfach so stören oder beenden?

Gruß,

S2k13

markusg 14.05.2013 22:47
ist ok, poste das otl log

S2k13 14.05.2013 22:56
Hallo.

OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 5/14/2013 10:56:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\******\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.86 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 81.75% Memory free
5.72 Gb Paging File | 5.24 Gb Available in Paging File | 91.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 223.93 Gb Free Space | 75.12% Space Free | Partition Type: NTFS
 
Computer Name: CE05278 | User Name: ****** | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/14 22:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2011/08/03 11:57:20 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/08/03 11:57:18 | 001,846,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/03/24 03:48:00 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2013/04/20 18:17:11 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/03 16:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/05/17 19:43:42 | 006,775,632 | ---- | M] (Autonomy Corporation plc) [Auto | Stopped] -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2012/01/13 10:17:42 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011/10/18 19:24:32 | 000,355,496 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2011/08/03 11:57:20 | 000,357,808 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/08/03 11:57:20 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/08/03 11:57:20 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/08/03 11:57:18 | 001,897,960 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/08/03 11:57:18 | 001,846,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/06/20 10:33:30 | 000,129,904 | ---- | M] (SAP AG) [Auto | Stopped] -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc)
SRV - [2011/05/13 10:05:12 | 001,589,760 | ---- | M] (SAP, Walldorf) [Auto | Stopped] -- C:\Program Files\SAP\SAPSPrint\sapsprint.exe -- (SAPSprint)
SRV - [2011/03/24 03:48:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/03/24 03:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/02/18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/02/07 18:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/04/20 13:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010/04/20 13:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/04/07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/09/29 17:25:38 | 000,099,768 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/01/16 11:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130513.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 11:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130513.004\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/09 10:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 10:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/06/27 16:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/05/21 06:53:28 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/05/17 19:43:42 | 000,045,384 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2012/01/13 10:08:24 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/01/13 10:07:32 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011/08/03 11:57:20 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/08/03 11:57:20 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/08/03 11:57:20 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/24 03:48:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011/03/24 03:48:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011/01/13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011/01/13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/08/30 20:15:54 | 000,247,808 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/08/24 15:31:07 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2010/08/24 15:31:06 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/08/24 15:31:06 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2010/08/02 16:42:44 | 000,111,192 | ---- | M] (Deterministic Networks, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dnelwf.sys -- (DNE)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/02/27 08:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/21 06:14:48 | 000,485,944 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/12/10 02:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/11/02 18:43:16 | 000,129,304 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA)
DRV - [2009/10/27 01:53:16 | 000,126,080 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2009/10/26 07:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/10/05 06:05:56 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/28 07:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/09/17 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://sso.******.com/authent/authent_form.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC DE 47 C0 15 47 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B32C20FF-2324-4BCC-B0C3-56B5EA1A7212}: "URL" = hxxp://www.google.de/search?q=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_197.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\******\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\******\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/20 18:17:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/20 18:17:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/11/20 23:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2013/03/22 16:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\ffld4oo5.default\extensions
[2013/04/20 18:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/20 18:17:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/20 18:17:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/20 18:17:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/20 18:17:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/20 18:17:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/20 18:17:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/20 18:17:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\******\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Capexpenses\jre\jre6_14-b08\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Autonomy Corporation plc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\0jmlje.dat (Microsoft Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = C:\Program Files\Yammer\Yammer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: bcdtravel-portal.net ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: ******.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ******.de ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: sdm.de ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: skillwsa.com ([cgcontent] https in Local intranet)
O15 - HKLM\..Trusted Domains: sumtotalsystems.com ([******] https in Local intranet)
O15 - HKCU\..Trusted Domains: libri.biz ([mayersche] * in Trusted sites)
O15 - HKCU\..Trusted Domains: mercateo.com ([www] * in Trusted sites)
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://sslgw1.beiersdorfgroup.com/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.150.97 194.145.226.26 10.44.24.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.******.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66DE07F5-59E8-4DAB-AE13-3F68856E3D1E}: DhcpNameServer = 217.237.150.97 194.145.226.26 10.44.24.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB412C7A-0B3D-4464-BB51-5C2564CA9CF8}: DhcpNameServer = 205.223.229.84 205.223.229.9
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{52585696-3f2c-11e2-bf01-cc52af4d54db}\Shell - "" = AutoRun
O33 - MountPoints2\{52585696-3f2c-11e2-bf01-cc52af4d54db}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/14 22:56:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013/05/14 22:16:12 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\0jmlje.dat
[2013/05/14 22:16:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/05/14 22:16:10 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Users\******\1508452.dll
[2013/04/20 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/14 22:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013/05/14 22:54:01 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe
[2013/05/14 22:50:15 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/14 22:50:14 | 2305,560,576 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/14 22:48:56 | 000,012,400 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 22:48:56 | 000,012,400 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 22:46:33 | 000,000,463 | ---- | M] () -- C:\WINDOWS\SMSCFG.INI
[2013/05/14 22:44:14 | 095,023,320 | ---- | M] () -- C:\ProgramData\ejlmj0.pad
[2013/05/14 22:44:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/14 22:42:25 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/05/14 22:16:18 | 000,001,039 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/14 21:55:58 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727UA.job
[2013/05/14 21:55:58 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/14 18:10:28 | 000,003,134 | RHS- | M] () -- C:\Users\******\ntuser.pol
[2013/05/14 18:10:18 | 000,065,871 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/05/14 16:43:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727Core.job
[2013/05/13 14:31:56 | 000,001,832 | ---- | M] () -- C:\Users\******\AppData\Local\SLC_******.prx
[2013/05/09 11:53:51 | 000,000,939 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk
[2013/05/08 08:30:45 | 000,620,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/08 08:30:45 | 000,109,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/24 09:24:20 | 000,087,975 | ---- | M] () -- C:\Users\******\Desktop\Bestätigung Bären Zarten.pdf
[2013/04/18 15:12:22 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Connected BackupPC.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/14 22:53:59 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe
[2013/05/14 22:42:25 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/05/14 22:16:18 | 000,001,039 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/14 22:16:15 | 095,023,320 | ---- | C] () -- C:\ProgramData\ejlmj0.pad
[2013/04/24 09:24:19 | 000,087,975 | ---- | C] () -- C:\Users\******\Desktop\Bestätigung Bären Zarten.pdf
[2013/04/05 17:20:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\BSD
[2013/04/05 17:20:45 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Audio Units
[2013/04/05 17:20:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Calibrators
[2013/04/05 17:19:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\AccountTypes
[2013/03/09 17:05:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automatic Filter
[2013/03/09 17:05:13 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Audio
[2013/03/09 17:05:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/03/09 17:05:13 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bundle
[2013/03/09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automator
[2013/03/09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Authentication
[2013/03/09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Audio Unit Effect
[2013/03/09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Applications
[2013/03/09 17:04:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/03/09 17:04:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/03/09 17:04:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\CMMs
[2013/03/09 17:02:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeu.DAT
[2013/03/09 17:01:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Brother
[2013/03/09 17:01:55 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Bass Reduction
[2013/03/09 17:01:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/03/09 17:01:55 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2013/02/07 17:28:06 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/11/02 10:36:35 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2012/05/26 09:34:10 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\PrintBrmUi.exe
[2011/12/24 22:15:00 | 008,414,449 | ---- | C] () -- C:\Users\******\Kalimba.mp3
[2011/11/04 14:03:26 | 000,038,274 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft Access 97-2003.ADR
[2011/10/20 21:46:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/10/20 21:46:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011/10/19 20:33:09 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011/10/19 20:33:09 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011/10/19 20:33:09 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011/10/19 20:33:09 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011/10/19 20:33:08 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011/10/12 08:40:06 | 000,001,832 | ---- | C] () -- C:\Users\******\AppData\Local\SLC_******.prx
[2011/10/09 16:06:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2011/09/27 10:16:57 | 000,003,134 | RHS- | C] () -- C:\Users\******\ntuser.pol
[2011/09/19 11:46:33 | 000,065,871 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/19 11:09:05 | 000,000,463 | ---- | C] () -- C:\WINDOWS\SMSCFG.INI
[2011/09/19 11:01:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\iglhsip32.dll
[2011/09/19 11:01:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\iglhcp32.dll
[2011/09/19 11:01:41 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011/09/19 11:01:39 | 000,104,796 | ---- | C] () -- C:\WINDOWS\System32\igfcg575m.bin
[2011/09/19 11:01:39 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/09/19 11:01:33 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011/09/19 11:01:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/09/19 10:58:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/11/08 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Audacity
[2011/12/31 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FreeCommander
[2012/04/21 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia
[2012/04/21 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia Suite
[2012/04/21 15:17:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PC Suite
[2011/09/19 11:16:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PwrMgr
[2011/11/14 06:27:46 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Research In Motion
[2013/05/13 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\SAP
[2012/12/07 11:04:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\webex
[2011/11/09 12:46:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Yammer
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Hallo nochmal...

hier auch die Datei Extras.txt:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 5/14/2013 10:56:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\******\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.86 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 81.75% Memory free
5.72 Gb Paging File | 5.24 Gb Available in Paging File | 91.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 223.93 Gb Free Space | 75.12% Space Free | Partition Type: NTFS
 
Computer Name: CE05278 | User Name: ****** | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DefaultInboundAction" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"WMI-ASYNC-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-WINMGMT-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|
"{09F5B492-B063-4B93-8EBD-38D4743435FD}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2701|LPort=2702|LPort=135|Name=SCCM Remote Tools Ports: 2701, 2702, 135 TCP|
"{B483CEAD-A6E5-42B0-A8D4-D802CCA932EA}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=2701|LPort=2702|Name=SCCM Remote Tools Ports: 2701, 2702 UDP|
"{01E18610-24E5-40A6-9703-35F80723C770}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|Name=HTTP Port 80 TCP|
"{8AF05D1E-3B7A-422B-9C20-21510E74B651}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=443|Name=HTTPS Port 443 TCP|
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|
"RemoteSvcAdmin-NP-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|
"RemoteSvcAdmin-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|
"{51B4D0A8-126E-45B8-9C80-3E6B40E1C1F4}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2701|LPort=2702|Name=ITICS - Configuration Manager Remote Control (TCP-In)|
"{D56B5CE0-9E71-45DA-8863-6529B1062D42}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=2701|LPort=2702|Name=ITICS - Configuration Manager Remote Control (UDP-In)|
"RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall" = 1
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall" = 1
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032EA77E-FDD3-4D99-912D-E668F84D5ED7}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{0400E566-AEDD-42A8-B9AB-B560AC5458BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0B0AB6DD-6214-4853-B739-9B176C3992C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12163AB1-1042-41F0-9F50-A7F53348234B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{36007D0F-F750-4FDC-AB7C-7B093B6317CB}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{44F0B3BE-3799-4D83-B546-924A80758F71}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{487FB238-C88D-400F-98C1-E133160F8A0D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{629D089E-403C-47CC-9A15-11C8B556548C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{658A0A81-960D-48F8-845A-78481E021A99}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{70D5CA81-12D7-49D7-BA24-5F41A58AB3BD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{87AD4968-D917-4AC6-ACA9-C014D88D83BE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8A356BD9-9115-4DDF-AEC1-2546C3F18D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91D5D309-D666-463F-B0E5-B0A9D8B859C7}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{93C47987-99F2-4293-A19D-F514E6340D72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A50E08C3-D14B-4B7C-AD56-B9462D2BEA5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE750F66-85C9-496A-BB76-235E602E0666}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E49BD542-BA91-492F-878D-DC1EC697445C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{E5A6B54D-5E5C-424C-9858-18B59F1B872D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F565E8DB-8CDE-4352-AEA4-E6D377EDAAB6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09EC91EF-05C1-429D-9E0F-5BDE74EF97A1}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{0B9884B8-74AA-4C4D-9E9C-1083C6D487C2}" = protocol=17 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{167FBD7F-E857-4015-900D-0C4BF8E788BA}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{1F82AD68-3493-42A0-B7EC-91A62816D049}" = protocol=17 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{2F6BE8DF-FBEA-47EE-9F48-0777A5E32E42}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{36E53F1F-51D4-4ED2-9071-CF5D41B74D26}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3908232F-E3B5-424B-8013-60AD2BEA1147}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{3F013A5D-1C5A-41F0-86A1-4F2083DD4CA1}" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{45031986-F702-46E1-A447-6F9FDC144042}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4AA06FE1-ABA1-4555-8503-4B260ABEABFF}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{4CC5BE61-2949-469F-9518-CADE18B2B377}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57D6E9CD-ABE5-4EA5-9993-4711B546B665}" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{5B3FE120-F8DE-4EF9-A9D7-D825416890C2}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{5BC87ADC-0488-4E6B-BF61-E0797F731C82}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C3588C1-ABA1-4481-969D-59ED66D98D3C}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5D566964-0A4B-4889-BAA9-4B41505E021D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{5D8613BD-DE97-4C09-BE41-317610338DFE}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5EFAE97E-C7B8-4645-B6E5-F3C44CD81BCD}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5FA72524-9CAD-4C1F-8B21-C3F92DB5D680}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{630D2D0A-EDCB-4C64-975B-182BE686226E}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{64C04D5D-D0EE-4E4B-A373-9CEA85BC3BC6}" = protocol=6 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{6DE140B1-313C-4E92-B5E4-35E5B036FF7E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{6F16A36F-0321-4A5F-B3B2-41996C208225}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe |
"{75A64427-DBD7-4C00-8D5D-4DEAC027AA57}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{80F8F348-A87A-468B-AD18-1447AD44D545}" = protocol=6 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{8671EA06-1CF3-4F03-B3DB-5BCECC316D26}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{86DE013C-8E54-4D7E-9D71-BD1F15FB7931}" = protocol=17 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{8D68A0DE-40AD-44BC-8325-77149FFE783B}" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{94AB952C-5831-4D60-A7DF-E26C8B88FE68}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{A403430A-4A7E-4CC1-AD84-46559E77600E}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{A8D3E784-0264-472D-9232-E3DE9EB151B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{B0C5ABE8-578C-4820-B126-15A0D07D8938}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{B1D83057-C77C-408C-8DDB-A320719B1013}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{BE71E780-EB36-49C7-A30D-23E5300F2A9B}" = protocol=6 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{BFED75E7-14DF-4108-B887-B73591119EEE}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C1659CB1-073A-40AD-B12C-1BCEF8561680}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3D1BF0E-7AC3-4B52-918E-1120C91B228B}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{C6CF85A0-0690-45D8-8E65-2891EE9F0F7D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{DEF5A49A-69AF-4C41-ABE5-18280DCB2070}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{E38DFBC9-FB14-47F5-8987-6F22FC9384CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{F24D8945-BC9F-43CA-BBD4-536D15795174}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{F581CF35-A36A-4B2A-8542-7D1EDC219F67}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{52C96806-0824-4597-82BA-FC62F80E83C8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{600AD822-5E9A-4FB2-977A-B55BE8625E43}C:\program files\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"TCP Query User{75F833AC-F0D2-4BD4-8BB9-CAB003022839}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BE0FD395-2829-446C-9163-DA390A75E979}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DB92465B-D35D-4198-BE0E-62846CEE4153}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{ED2C8A29-45CB-4638-90EF-34D4B9636703}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"UDP Query User{483A06B3-0473-493B-B8D3-0401F26910C3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{54A371FB-5213-4780-95F1-AC0D27B59804}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5DFA13BF-BF26-4856-B0AB-EB977414FF25}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"UDP Query User{990334A0-611E-4544-9786-4513D211F481}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{D779D4E2-20DB-4DAB-975A-19B74C990D7F}C:\program files\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"UDP Query User{D7E3C2B8-2DA2-4E71-8F34-62B1A182DABD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on
"{0009FEDA-0005-0409-0000-1111CAB70015}" = CE Templates & Tools 7.5.2
"{0009FEDA-0007-0409-0000-1111CAB70015}" = CE Templates & Tools
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{10114C8C-0409-0001-2011-CABE8BEFC0FE}" = Capexpenses_Core_V1.0
"{1011ABB1-0409-0005-2012-CABE8BEFABB1}" = Capexpenses Classic 2.0
"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express
"{13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{17FA7788-DA17-41EB-912C-FEB4FE0221E9}_is1" = ******** Maps Template for PowerPoint 2007 7.03
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F5436B3-188E-4C95-9ECF-3AF1D6488657}" = Ghostscript
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = Connected Backup/PC Agent
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5192F4D1-5173-4450-84AD-EAF6C695A86A}" = Internet Explorer
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5E2E4797-502A-4FFD-81EC-F9BA8BF0C581}" = Symantec Endpoint Protection
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78401D0D-DD35-46F1-9539-E44566DDACBF}" = DNE Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{85BE320B-A37D-42DA-B9BE-20A40B6A05E3}" = Cisco AnyConnect Secure Mobility Client
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BA33573-9E98-4971-84E9-BC9AA2EB0600}_is1" = ******** Flags Template for PowerPoint 2007 7.03
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90a40bf2-b776-4d93-9ef4-7b6ec74ba072}" = Check Point SSL Network Extender
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{972E6F25-7FFF-454A-B320-AD3579E00E53}" = CGShortcuts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A81EB5BC-F764-308A-B979-0F8F078DAB29}" = Yammer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2817391-97C2-4A88-A952-14920594BD62}" = Short Movie Creator
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BB26BFF5-5BB1-43D1-8D04-83A536D2EDD9}" = ExplorerSettings
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 4.65
"Access" = Microsoft Office Access 2007
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"FreeCommander_is1" = FreeCommander 2009.02b
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"internal_ss-1280x1024-sta_loc_pla" = internal_ss-1280x1024-sta_loc_pla Screen Saver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAP_JNet" = SAP JNet
"SAP_NwBC" = SAP Netweaver Business Client 3.0
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPConsole" = SAP Console 7.10
"SAPGUI710" = SAP GUI for Windows 7.20
"SAPPdfPrint" = SAP PDFPRINT
"SAPSPrint" = SAP Print Service
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 2.0.5
"Yammer" = Yammer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ARIS Express 2.3" = ARIS Express 2.3
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2013 16:36:21 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 16:36:21 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9484
 
Error - 14.05.2013 16:36:21 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9484
 
Error - 14.05.2013 16:36:22 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 16:36:22 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10764
 
Error - 14.05.2013 16:36:22 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10764
 
Error - 14.05.2013 16:36:23 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 16:36:23 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11856
 
Error - 14.05.2013 16:36:23 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11856
 
Error - 14.05.2013 16:46:21 | Computer Name = CE05278.corp.********.com | Source = Symantec AntiVirus | ID = 16711731
Description =      Security Risk Found!Trojan.Malscript in File: C:\ProgramData\ejlmj0.js
 by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description: The file
 was deleted successfully.   
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 03.05.2013 08:38:23 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 03.05.2013 08:38:23 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
 connection was forcibly closed by the remote host. 
 
Error - 03.05.2013 08:38:23 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CCvcConfig::CCvcConfig File: .\vpnconfig.cpp Line: 553 Invoked
 Function: CCvcConfig::readConfigParamFromFile Return Code: -33030135 (0xFE080009)
Description:
 CVCCONFIG_ERROR_UNEXPECTED
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::connectTransport File: .\IPC\SocketTransport.cpp
Line:
 732 Invoked Function: ::WSAConnect Return Code: 10051 (0x00002743) Description: A
socket operation was attempted to an unreachable network. 
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::performDNSRequest File: .\IP\DNSRequest.cpp Line:
 395 Invoked Function: CUdpTransport::connectTransport Return Code: -31522804 (0xFE1F000C)
Description:
 SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::Query File: .\IP\DNSRequest.cpp Line: 306 Invoked
 Function: CDNSRequest::performDNSRequest Return Code: -31522804 (0xFE1F000C) Description:
 SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 801 Invoked Function: DNSRequest::Query Return Code: -31522804 (0xFE1F000C) Description:
 SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 193 Invoked Function: CNetEnvironment::testNetwork Return Code: -31522804 (0xFE1F000C)
Description:
 SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 03.05.2013 13:38:44 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 53.254.11.194.in-addr.arpa via DNS
 server 192.168.0.1
 
[ Media Center Events ]
Error - 18.03.2013 05:36:03 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 10:35:42 - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server) 
 
Error - 18.03.2013 05:36:27 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 10:36:24 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server) 
 
Error - 27.03.2013 06:19:12 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:19:12 - Failed to retrieve Directory (Error: Unable to connect
to the remote server) 
 
Error - 27.03.2013 06:20:15 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:19:54 - Failed to retrieve MCESpotlight (Error: Unable to connect
 to the remote server) 
 
Error - 27.03.2013 06:20:57 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:20:36 - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server) 
 
Error - 27.03.2013 06:21:22 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:21:18 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server) 
 
Error - 02.04.2013 05:40:36 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:40:35 - Failed to retrieve Directory (Error: Unable to connect
to the remote server) 
 
Error - 02.04.2013 05:41:39 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:41:18 - Failed to retrieve MCESpotlight (Error: Unable to connect
 to the remote server) 
 
Error - 02.04.2013 05:42:21 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:42:00 - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server) 
 
Error - 02.04.2013 05:42:49 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:42:42 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server) 
 
[ OSession Events ]
Error - 02.05.2012 05:52:33 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1685 seconds with 720 seconds of active time.  This session ended with a
crash.
 
Error - 27.06.2012 10:17:54 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7225
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 12.09.2012 09:54:22 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 419 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 12.09.2012 13:04:45 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 12174
 seconds with 1620 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.05.2013 16:46:44 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10016
Description =
 
Error - 14.05.2013 16:49:56 | Computer Name = CE05278.corp.********.com | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume C:.
 
Error - 14.05.2013 16:50:15 | Computer Name = CE05278.corp.********.com | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:49:23 on ?14.?05.?2013 was unexpected.
 
Error - 14.05.2013 16:50:20 | Computer Name = CE05278.corp.********.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain CORP due to the following:  %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 14.05.2013 16:50:20 | Computer Name = CE05278.corp.********.com | Source = Service Control Manager | ID = 7001
Description = The SAPSprint service depends on the Print Spooler service which failed
 to start because of the following error:  %%1068
 
Error - 14.05.2013 16:50:21 | Computer Name = CE05278.corp.********.com | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  discache  eeCtrl  lenovo.smi  SPBBCDrv  spldr  SRTSP  SRTSPX  SYMTDI  TPPWRIF  Wanarpv6
 
Error - 14.05.2013 16:50:39 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
 
Error - 14.05.2013 16:51:01 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
 
Error - 14.05.2013 16:51:02 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
 
Error - 14.05.2013 16:51:03 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
--- --- ---

markusg 14.05.2013 23:00
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\0jmlje.dat (Microsoft Corporation)
[2013/05/14 22:16:12 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\0jmlje.dat
[2013/05/14 22:16:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/05/14 22:16:10 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Users\******\1508452.dll
[2013/05/14 22:44:14 | 095,023,320 | ---- | M] () -- C:\ProgramData\ejlmj0.pad
[2013/05/14 22:16:18 | 000,001,039 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

S2k13 14.05.2013 23:06
OK, der Neustart steht an und ich bin dann mal kurz weg. Danach poste ich den Inhalt des genannten Files.
Bis gleich,
S2k13

markusg 14.05.2013 23:08
und den Upload, solche Zwischenposts kannst du aber schon weglassen :d

S2k13 14.05.2013 23:16
Hallo,

hier der Inhalt der Datei:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
C:\ProgramData\0jmlje.dat moved successfully.
File C:\ProgramData\0jmlje.dat not found.
C:\ProgramData\rundll32.exe moved successfully.
File C:\Users\******\1508452.dll not found.
C:\ProgramData\ejlmj0.pad moved successfully.
C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 902623 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: ******
->Temp folder emptied: 515729823 bytes
->Temporary Internet Files folder emptied: 79544816 bytes
->Java cache emptied: 164293389 bytes
->FireFox cache emptied: 112444198 bytes
->Google Chrome cache emptied: 405889500 bytes
->Apple Safari cache emptied: 45069312 bytes
->Flash cache emptied: 57983 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 133758081 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6711886567 bytes

Total Files Cleaned = 7,791.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05152013_000308

Files\Folders moved on Reboot...
File\Folder C:\Users\******\AppData\Local\Temp\~DF1093D3A25D7AB203.TMP not found!
File\Folder C:\Users\******\AppData\Local\Temp\~DF3B550A7803C60A4F.TMP not found!
File\Folder C:\Users\******\AppData\Local\Temp\~DF402F512C8993E1F6.TMP not found!
File\Folder C:\Users\******\AppData\Local\Temp\~DF5F32D82E020CDF60.TMP not found!
File\Folder C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\58V9DXTF\ads[2].htm not found!
File\Folder C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CFAF0O4\134958-gvu-trojaner-eingefangen[2].html not found!
File\Folder C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CFAF0O4\ads[4].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Eine Frage habe ich noch... Wenn ich das Verzeichnis MovedFiles in ein zip-Archiv packe und dann hochlade, enthält dies jedoch noch personenbezogene Infos. Soll das so sein? Ich würde es gerne vermeiden...

Viele Grüße,
S2k13

markusg 14.05.2013 23:21
die sehe ich nur und lösche die dann

S2k13 14.05.2013 23:27
Hi,
leider klappt der Link nicht. Meldung: "Internet Explorer cannot display the webpage"...
Gibt es eine Alternative?
VG,
S2k13

markusg 14.05.2013 23:27
ja, geht irgendwie grad nich
File-Upload.net - Ihr kostenloser File Hoster!
da hochladen, download und löschlink als private nachicht an mich

markusg 14.05.2013 23:30
Uploadchannel geht auch wieder

S2k13 14.05.2013 23:32
Hallo,
die PM is eben raus.
Ist der PC jetzt wieder vollständig sauber? Gibt es weiteres zu beachten, um künftig sicher surfen zu können?
Danke vorab.
Gruß,
S2k13

markusg 14.05.2013 23:32
geladen und gelöscht, thx
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

S2k13 14.05.2013 23:38
Hallo,

TDSSKILLER ist gelaufen. Hier das Log:

00:35:04.0243 2644 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:35:04.0373 2644 ============================================================
00:35:04.0373 2644 Current date / time: 2013/05/15 00:35:04.0373
00:35:04.0373 2644 SystemInfo:
00:35:04.0373 2644
00:35:04.0373 2644 OS Version: 6.1.7601 ServicePack: 1.0
00:35:04.0373 2644 Product type: Workstation
00:35:04.0373 2644 ComputerName: CE05278
00:35:04.0373 2644 UserName: ******
00:35:04.0373 2644 Windows directory: C:\WINDOWS
00:35:04.0373 2644 System windows directory: C:\WINDOWS
00:35:04.0373 2644 Processor architecture: Intel x86
00:35:04.0373 2644 Number of processors: 4
00:35:04.0373 2644 Page size: 0x1000
00:35:04.0373 2644 Boot type: Normal boot
00:35:04.0373 2644 ============================================================
00:35:04.0870 2644 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
00:35:04.0872 2644 ============================================================
00:35:04.0872 2644 \Device\Harddisk0\DR0:
00:35:04.0872 2644 MBR partitions:
00:35:04.0872 2644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
00:35:04.0872 2644 ============================================================
00:35:04.0898 2644 C: <-> \Device\Harddisk0\DR0\Partition1
00:35:04.0899 2644 ============================================================
00:35:04.0899 2644 Initialize success
00:35:04.0899 2644 ============================================================
00:35:51.0144 2720 ============================================================
00:35:51.0144 2720 Scan started
00:35:51.0144 2720 Mode: Manual; SigCheck; TDLFS;
00:35:51.0144 2720 ============================================================
00:35:51.0823 2720 ================ Scan system memory ========================
00:35:51.0823 2720 System memory - ok
00:35:51.0823 2720 ================ Scan services =============================
00:35:51.0987 2720 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\WINDOWS\system32\drivers\1394ohci.sys
00:35:52.0083 2720 1394ohci - ok
00:35:52.0117 2720 [ A3AC25D2C9EEB18384A88DEB392C355D ] 5U877 C:\WINDOWS\system32\DRIVERS\5U877.sys
00:35:52.0145 2720 5U877 - ok
00:35:52.0187 2720 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
00:35:52.0203 2720 ACPI - ok
00:35:52.0235 2720 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\WINDOWS\system32\drivers\acpipmi.sys
00:35:52.0272 2720 AcpiPmi - ok
00:35:52.0312 2720 [ 8C729FF9B5C47730EA54E841E2D8B617 ] acsock C:\WINDOWS\system32\DRIVERS\acsock.sys
00:35:52.0336 2720 acsock - ok
00:35:52.0463 2720 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:35:52.0473 2720 AdobeARMservice - ok
00:35:52.0514 2720 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\WINDOWS\system32\DRIVERS\adp94xx.sys
00:35:52.0553 2720 adp94xx - ok
00:35:52.0570 2720 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\WINDOWS\system32\DRIVERS\adpahci.sys
00:35:52.0635 2720 adpahci - ok
00:35:52.0668 2720 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
00:35:52.0689 2720 adpu320 - ok
00:35:52.0714 2720 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
00:35:52.0746 2720 AeLookupSvc - ok
00:35:52.0794 2720 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\WINDOWS\system32\drivers\afd.sys
00:35:52.0853 2720 AFD - ok
00:35:53.0002 2720 [ 530772AAD100461044E8B3B304AB7A5D ] AgentService C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
00:35:53.0184 2720 AgentService - ok
00:35:53.0229 2720 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
00:35:53.0246 2720 agp440 - ok
00:35:53.0313 2720 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\WINDOWS\system32\DRIVERS\djsvs.sys
00:35:53.0332 2720 aic78xx - ok
00:35:53.0371 2720 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\WINDOWS\System32\alg.exe
00:35:53.0409 2720 ALG - ok
00:35:53.0455 2720 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\WINDOWS\system32\drivers\aliide.sys
00:35:53.0472 2720 aliide - ok
00:35:53.0517 2720 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\WINDOWS\system32\drivers\amdagp.sys
00:35:53.0537 2720 amdagp - ok
00:35:53.0571 2720 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\WINDOWS\system32\drivers\amdide.sys
00:35:53.0588 2720 amdide - ok
00:35:53.0614 2720 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\WINDOWS\system32\DRIVERS\amdk8.sys
00:35:53.0648 2720 AmdK8 - ok
00:35:53.0665 2720 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\WINDOWS\system32\DRIVERS\amdppm.sys
00:35:53.0717 2720 AmdPPM - ok
00:35:53.0771 2720 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
00:35:53.0789 2720 amdsata - ok
00:35:53.0811 2720 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\WINDOWS\system32\DRIVERS\amdsbs.sys
00:35:53.0832 2720 amdsbs - ok
00:35:53.0848 2720 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
00:35:53.0859 2720 amdxata - ok
00:35:53.0895 2720 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\WINDOWS\system32\drivers\appid.sys
00:35:53.0931 2720 AppID - ok
00:35:53.0948 2720 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
00:35:53.0993 2720 AppIDSvc - ok
00:35:54.0034 2720 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\WINDOWS\System32\appinfo.dll
00:35:54.0075 2720 Appinfo - ok
00:35:54.0176 2720 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:35:54.0186 2720 Apple Mobile Device - ok
00:35:54.0233 2720 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:35:54.0263 2720 AppMgmt - ok
00:35:54.0302 2720 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\WINDOWS\system32\DRIVERS\arc.sys
00:35:54.0321 2720 arc - ok
00:35:54.0331 2720 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\WINDOWS\system32\DRIVERS\arcsas.sys
00:35:54.0378 2720 arcsas - ok
00:35:54.0455 2720 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:35:54.0492 2720 aspnet_state - ok
00:35:54.0508 2720 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:35:54.0556 2720 AsyncMac - ok
00:35:54.0603 2720 [ 338C86357871C167A96AB976519BF59E ] atapi C:\WINDOWS\system32\drivers\atapi.sys
00:35:54.0621 2720 atapi - ok
00:35:54.0659 2720 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\WINDOWS\System32\Audiosrv.dll
00:35:54.0697 2720 AudioEndpointBuilder - ok
00:35:54.0704 2720 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
00:35:54.0731 2720 Audiosrv - ok
00:35:54.0766 2720 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
00:35:54.0795 2720 AxInstSV - ok
00:35:54.0828 2720 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\WINDOWS\system32\DRIVERS\bxvbdx.sys
00:35:54.0871 2720 b06bdrv - ok
00:35:54.0888 2720 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\WINDOWS\system32\DRIVERS\b57nd60x.sys
00:35:54.0930 2720 b57nd60x - ok
00:35:54.0981 2720 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
00:35:55.0023 2720 BDESVC - ok
00:35:55.0035 2720 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:35:55.0070 2720 Beep - ok
00:35:55.0121 2720 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\WINDOWS\System32\bfe.dll
00:35:55.0158 2720 BFE - ok
00:35:55.0194 2720 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\WINDOWS\System32\qmgr.dll
00:35:55.0243 2720 BITS - ok
00:35:55.0263 2720 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\WINDOWS\system32\DRIVERS\blbdrive.sys
00:35:55.0287 2720 blbdrive - ok
00:35:55.0351 2720 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:35:55.0365 2720 Bonjour Service - ok
00:35:55.0397 2720 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
00:35:55.0410 2720 bowser - ok
00:35:55.0433 2720 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\WINDOWS\system32\DRIVERS\BrFiltLo.sys
00:35:55.0479 2720 BrFiltLo - ok
00:35:55.0489 2720 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\WINDOWS\system32\DRIVERS\BrFiltUp.sys
00:35:55.0532 2720 BrFiltUp - ok
00:35:55.0567 2720 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\WINDOWS\System32\browser.dll
00:35:55.0589 2720 Browser - ok
00:35:55.0604 2720 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\WINDOWS\System32\Drivers\Brserid.sys
00:35:55.0637 2720 Brserid - ok
00:35:55.0649 2720 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\WINDOWS\System32\Drivers\BrSerWdm.sys
00:35:55.0683 2720 BrSerWdm - ok
00:35:55.0705 2720 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
00:35:55.0734 2720 BrUsbMdm - ok
00:35:55.0749 2720 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\WINDOWS\System32\Drivers\BrUsbSer.sys
00:35:55.0795 2720 BrUsbSer - ok
00:35:55.0835 2720 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\WINDOWS\system32\drivers\BthEnum.sys
00:35:55.0880 2720 BthEnum - ok
00:35:55.0904 2720 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
00:35:55.0935 2720 BTHMODEM - ok
00:35:55.0953 2720 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
00:35:55.0990 2720 BthPan - ok
00:35:56.0010 2720 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
00:35:56.0046 2720 BTHPORT - ok
00:35:56.0082 2720 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\WINDOWS\system32\bthserv.dll
00:35:56.0131 2720 bthserv - ok
00:35:56.0159 2720 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
00:35:56.0185 2720 BTHUSB - ok
00:35:56.0204 2720 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\WINDOWS\system32\DRIVERS\btwavdt.sys
00:35:56.0224 2720 btwavdt - ok
00:35:56.0235 2720 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\WINDOWS\system32\DRIVERS\btwrchid.sys
00:35:56.0250 2720 btwrchid - ok
00:35:56.0307 2720 [ 73F7E0619D6CE8480F3A575619FC974F ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
00:35:56.0317 2720 ccEvtMgr - ok
00:35:56.0390 2720 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\WINDOWS\system32\CCM\CcmExec.exe
00:35:56.0413 2720 CcmExec - ok
00:35:56.0431 2720 [ 73F7E0619D6CE8480F3A575619FC974F ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
00:35:56.0440 2720 ccSetMgr - ok
00:35:56.0469 2720 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
00:35:56.0513 2720 cdfs - ok
00:35:56.0570 2720 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:35:56.0658 2720 cdrom - ok
00:35:56.0693 2720 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\WINDOWS\System32\certprop.dll
00:35:56.0732 2720 CertPropSvc - ok
00:35:56.0767 2720 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\WINDOWS\system32\DRIVERS\circlass.sys
00:35:56.0790 2720 circlass - ok
00:35:56.0814 2720 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\WINDOWS\system32\CLFS.sys
00:35:56.0830 2720 CLFS - ok
00:35:56.0855 2720 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:35:56.0890 2720 clr_optimization_v2.0.50727_32 - ok
00:35:56.0907 2720 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:35:56.0920 2720 CmBatt - ok
00:35:56.0958 2720 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\WINDOWS\system32\drivers\cmdide.sys
00:35:56.0975 2720 cmdide - ok
00:35:57.0012 2720 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\WINDOWS\system32\Drivers\cng.sys
00:35:57.0035 2720 CNG - ok
00:35:57.0084 2720 [ A0CDCA3E0936081C796B3A2059CDC940 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT32.sys
00:35:57.0102 2720 CnxtHdAudService - ok
00:35:57.0114 2720 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:35:57.0125 2720 Compbatt - ok
00:35:57.0172 2720 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\WINDOWS\system32\drivers\CompositeBus.sys
00:35:57.0199 2720 CompositeBus - ok
00:35:57.0212 2720 COMSysApp - ok
00:35:57.0285 2720 [ CD58FB9264F97BBB45C4154C61D9BDDD ] cpextender C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
00:35:57.0302 2720 cpextender - ok
00:35:57.0319 2720 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
00:35:57.0336 2720 crcdisk - ok
00:35:57.0381 2720 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
00:35:57.0403 2720 CryptSvc - ok
00:35:57.0436 2720 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\WINDOWS\system32\drivers\csc.sys
00:35:57.0468 2720 CSC - ok
00:35:57.0511 2720 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\WINDOWS\System32\cscsvc.dll
00:35:57.0532 2720 CscService - ok
00:35:57.0566 2720 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
00:35:57.0599 2720 CVirtA - ok
00:35:57.0668 2720 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
00:35:57.0720 2720 CVPND - ok
00:35:57.0751 2720 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
00:35:57.0771 2720 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
00:35:57.0771 2720 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
00:35:57.0811 2720 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:35:57.0854 2720 DcomLaunch - ok
00:35:57.0880 2720 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
00:35:57.0931 2720 defragsvc - ok
00:35:57.0971 2720 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\WINDOWS\system32\Drivers\dfsc.sys
00:35:58.0007 2720 DfsC - ok
00:35:58.0073 2720 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
00:35:58.0096 2720 Dhcp - ok
00:35:58.0113 2720 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\WINDOWS\system32\drivers\discache.sys
00:35:58.0150 2720 discache - ok
00:35:58.0175 2720 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:35:58.0187 2720 Disk - ok
00:35:58.0230 2720 [ 649B8029D3550C66E2DF09FFF4992705 ] DNE C:\WINDOWS\system32\DRIVERS\dnelwf.sys
00:35:58.0241 2720 DNE - ok
00:35:58.0268 2720 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:35:58.0300 2720 Dnscache - ok
00:35:58.0328 2720 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
00:35:58.0370 2720 dot3svc - ok
00:35:58.0395 2720 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
00:35:58.0404 2720 DozeHDD - ok
00:35:58.0431 2720 [ 092AE9D762B115A2A05BE187BC3FFAB7 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
00:35:58.0491 2720 DozeSvc - ok
00:35:58.0527 2720 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\WINDOWS\system32\dps.dll
00:35:58.0570 2720 DPS - ok
00:35:58.0603 2720 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:35:58.0622 2720 drmkaud - ok
00:35:58.0653 2720 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
00:35:58.0679 2720 DXGKrnl - ok
00:35:58.0698 2720 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\WINDOWS\system32\DRIVERS\e1e6032.sys
00:35:58.0735 2720 e1express - ok
00:35:58.0760 2720 [ A13F07A0422E4A04E7FF6F6F3B05E729 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k6232.sys
00:35:58.0773 2720 e1kexpress - ok
00:35:58.0806 2720 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:35:58.0842 2720 EapHost - ok
00:35:58.0904 2720 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\WINDOWS\system32\DRIVERS\evbdx.sys
00:35:59.0100 2720 ebdrv - ok
00:35:59.0142 2720 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:35:59.0156 2720 eeCtrl - ok
00:35:59.0181 2720 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\WINDOWS\System32\lsass.exe
00:35:59.0203 2720 EFS - ok
00:35:59.0255 2720 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\WINDOWS\ehome\ehRecvr.exe
00:35:59.0346 2720 ehRecvr - ok
00:35:59.0370 2720 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\WINDOWS\ehome\ehsched.exe
00:35:59.0418 2720 ehSched - ok
00:35:59.0456 2720 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\WINDOWS\system32\DRIVERS\elxstor.sys
00:35:59.0494 2720 elxstor - ok
00:35:59.0563 2720 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:35:59.0573 2720 EraserUtilRebootDrv - ok
00:35:59.0601 2720 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\WINDOWS\system32\drivers\errdev.sys
00:35:59.0630 2720 ErrDev - ok
00:35:59.0654 2720 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\WINDOWS\system32\es.dll
00:35:59.0693 2720 EventSystem - ok
00:35:59.0706 2720 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\WINDOWS\system32\drivers\exfat.sys
00:35:59.0750 2720 exfat - ok
00:35:59.0763 2720 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
00:35:59.0794 2720 fastfat - ok
00:35:59.0845 2720 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\WINDOWS\system32\fxssvc.exe
00:35:59.0871 2720 Fax - ok
00:35:59.0893 2720 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:35:59.0913 2720 fdc - ok
00:35:59.0939 2720 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\WINDOWS\system32\fdPHost.dll
00:36:00.0015 2720 fdPHost - ok
00:36:00.0037 2720 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\WINDOWS\system32\fdrespub.dll
00:36:00.0080 2720 FDResPub - ok
00:36:00.0093 2720 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
00:36:00.0105 2720 FileInfo - ok
00:36:00.0122 2720 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
00:36:00.0154 2720 Filetrace - ok
00:36:00.0162 2720 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:36:00.0191 2720 flpydisk - ok
00:36:00.0215 2720 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:36:00.0229 2720 FltMgr - ok
00:36:00.0261 2720 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\WINDOWS\system32\FntCache.dll
00:36:00.0300 2720 FontCache - ok
00:36:00.0359 2720 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:36:00.0369 2720 FontCache3.0.0.0 - ok
00:36:00.0378 2720 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
00:36:00.0397 2720 FsDepends - ok
00:36:00.0425 2720 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:36:00.0436 2720 Fs_Rec - ok
00:36:00.0472 2720 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
00:36:00.0489 2720 fvevol - ok
00:36:00.0531 2720 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
00:36:00.0550 2720 gagp30kx - ok
00:36:00.0605 2720 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:36:00.0613 2720 GEARAspiWDM - ok
00:36:00.0652 2720 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
00:36:00.0705 2720 gpsvc - ok
00:36:00.0793 2720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:36:00.0804 2720 gupdate - ok
00:36:00.0815 2720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:36:00.0824 2720 gupdatem - ok
00:36:00.0893 2720 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:36:00.0921 2720 gusvc - ok
00:36:00.0953 2720 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\WINDOWS\system32\drivers\hcw85cir.sys
00:36:00.0977 2720 hcw85cir - ok
00:36:01.0028 2720 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
00:36:01.0075 2720 HdAudAddService - ok
00:36:01.0107 2720 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\WINDOWS\system32\drivers\HDAudBus.sys
00:36:01.0132 2720 HDAudBus - ok
00:36:01.0163 2720 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
00:36:01.0198 2720 HECI - ok
00:36:01.0232 2720 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
00:36:01.0250 2720 HidBatt - ok
00:36:01.0265 2720 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
00:36:01.0299 2720 HidBth - ok
00:36:01.0321 2720 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\WINDOWS\system32\DRIVERS\hidir.sys
00:36:01.0351 2720 HidIr - ok
00:36:01.0374 2720 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\WINDOWS\system32\hidserv.dll
00:36:01.0423 2720 hidserv - ok
00:36:01.0475 2720 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\WINDOWS\system32\drivers\hidusb.sys
00:36:01.0492 2720 HidUsb - ok
00:36:01.0530 2720 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
00:36:01.0593 2720 hkmsvc - ok
00:36:01.0635 2720 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
00:36:01.0682 2720 HomeGroupListener - ok
00:36:01.0712 2720 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
00:36:01.0738 2720 HomeGroupProvider - ok
00:36:01.0783 2720 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
00:36:01.0850 2720 HpSAMD - ok
00:36:01.0900 2720 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\WINDOWS\system32\XAudio32.dll
00:36:01.0919 2720 HsfXAudioService - ok
00:36:01.0941 2720 [ C761B4A8391F5E47F7C51A691CE773F4 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
00:36:01.0986 2720 HSF_DPV - ok
00:36:02.0000 2720 [ 50B42EF358A2E5363BE6B77138A22391 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
00:36:02.0022 2720 HSXHWAZL - ok
00:36:02.0061 2720 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
00:36:02.0091 2720 HTTP - ok
00:36:02.0108 2720 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
00:36:02.0118 2720 hwpolicy - ok
00:36:02.0162 2720 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
00:36:02.0191 2720 i8042prt - ok
00:36:02.0217 2720 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
00:36:02.0232 2720 iaStor - ok
00:36:02.0276 2720 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
00:36:02.0356 2720 iaStorV - ok
00:36:02.0385 2720 [ 400D7095D5AE08970F839BCAC1843106 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
00:36:02.0394 2720 IBMPMDRV - ok
00:36:02.0424 2720 [ 06AF18300C5B511A3D85C3E0B7909C10 ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
00:36:02.0432 2720 IBMPMSVC - ok
00:36:02.0514 2720 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:36:02.0541 2720 IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:36:02.0541 2720 IDriverT - detected UnsignedFile.Multi.Generic (1)
00:36:02.0588 2720 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:36:02.0648 2720 idsvc - ok
00:36:02.0798 2720 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
00:36:02.0993 2720 igfx - ok
00:36:03.0027 2720 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\WINDOWS\system32\DRIVERS\iirsp.sys
00:36:03.0045 2720 iirsp - ok
00:36:03.0069 2720 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
00:36:03.0129 2720 IKEEXT - ok
00:36:03.0155 2720 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys
00:36:03.0182 2720 Impcd - ok
00:36:03.0207 2720 [ 07D73EC613B1D3F177B914DC7F5E879B ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
00:36:03.0235 2720 IntcDAud - ok
00:36:03.0268 2720 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
00:36:03.0285 2720 intelide - ok
00:36:03.0319 2720 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:36:03.0345 2720 intelppm - ok
00:36:03.0366 2720 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\WINDOWS\system32\ipbusenum.dll
00:36:03.0497 2720 IPBusEnum - ok
00:36:03.0516 2720 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:36:03.0563 2720 IpFilterDriver - ok
00:36:03.0601 2720 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
00:36:03.0630 2720 iphlpsvc - ok
00:36:03.0662 2720 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\WINDOWS\system32\drivers\IPMIDrv.sys
00:36:03.0696 2720 IPMIDRV - ok
00:36:03.0717 2720 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
00:36:03.0758 2720 IPNAT - ok
00:36:03.0818 2720 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:36:03.0835 2720 iPod Service - ok
00:36:03.0864 2720 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
00:36:03.0894 2720 IRENUM - ok
00:36:03.0921 2720 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
00:36:03.0939 2720 isapnp - ok
00:36:03.0973 2720 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\WINDOWS\system32\drivers\msiscsi.sys
00:36:04.0001 2720 iScsiPrt - ok
00:36:04.0031 2720 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
00:36:04.0040 2720 IviRegMgr - ok
00:36:04.0080 2720 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\WINDOWS\system32\drivers\kbdclass.sys
00:36:04.0091 2720 kbdclass - ok
00:36:04.0122 2720 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\WINDOWS\system32\drivers\kbdhid.sys
00:36:04.0149 2720 kbdhid - ok
00:36:04.0165 2720 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\WINDOWS\system32\lsass.exe
00:36:04.0177 2720 KeyIso - ok
00:36:04.0206 2720 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
00:36:04.0218 2720 KSecDD - ok
00:36:04.0249 2720 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
00:36:04.0262 2720 KSecPkg - ok
00:36:04.0290 2720 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
00:36:04.0343 2720 KtmRm - ok
00:36:04.0393 2720 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
00:36:04.0443 2720 LanmanServer - ok
00:36:04.0472 2720 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
00:36:04.0505 2720 LanmanWorkstation - ok
00:36:04.0557 2720 [ 70481DABD9ADAB51A6933C5893B82925 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
00:36:04.0565 2720 LENOVO.CAMMUTE - ok
00:36:04.0594 2720 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
00:36:04.0601 2720 LENOVO.MICMUTE - ok
00:36:04.0609 2720 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
00:36:04.0618 2720 lenovo.smi - ok
00:36:04.0625 2720 [ D0DAF6A22037F6DEE706A095C647AA41 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
00:36:04.0633 2720 LENOVO.TPKNRSVC - ok
00:36:04.0647 2720 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
00:36:04.0656 2720 Lenovo.VIRTSCRLSVC - ok
00:36:04.0737 2720 [ 3AA70DCFB4ECB5FCFE6B9FF7CEC3A5EA ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
00:36:04.0785 2720 LiveUpdate - ok
00:36:04.0827 2720 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
00:36:04.0862 2720 lltdio - ok
00:36:04.0892 2720 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
00:36:04.0936 2720 lltdsvc - ok
00:36:04.0955 2720 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
00:36:04.0995 2720 lmhosts - ok
00:36:05.0017 2720 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\WINDOWS\system32\DRIVERS\lsi_fc.sys
00:36:05.0078 2720 LSI_FC - ok
00:36:05.0100 2720 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\WINDOWS\system32\DRIVERS\lsi_sas.sys
00:36:05.0188 2720 LSI_SAS - ok
00:36:05.0211 2720 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\WINDOWS\system32\DRIVERS\lsi_sas2.sys
00:36:05.0229 2720 LSI_SAS2 - ok
00:36:05.0239 2720 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\WINDOWS\system32\DRIVERS\lsi_scsi.sys
00:36:05.0258 2720 LSI_SCSI - ok
00:36:05.0270 2720 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\WINDOWS\system32\drivers\luafv.sys
00:36:05.0302 2720 luafv - ok
00:36:05.0342 2720 [ 35F6FF391C59BF8FAC3D0A5572FCB9EA ] LV_Tracker C:\WINDOWS\system32\DRIVERS\LV_Tracker.sys
00:36:05.0357 2720 LV_Tracker - ok
00:36:05.0388 2720 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\WINDOWS\system32\Mcx2Svc.dll
00:36:05.0408 2720 Mcx2Svc - ok
00:36:05.0476 2720 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
00:36:05.0497 2720 MDM ( UnsignedFile.Multi.Generic ) - warning
00:36:05.0497 2720 MDM - detected UnsignedFile.Multi.Generic (1)
00:36:05.0506 2720 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:36:05.0529 2720 mdmxsdk - ok
00:36:05.0554 2720 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\WINDOWS\system32\DRIVERS\megasas.sys
00:36:05.0571 2720 megasas - ok
00:36:05.0593 2720 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\WINDOWS\system32\DRIVERS\MegaSR.sys
00:36:05.0668 2720 MegaSR - ok
00:36:05.0703 2720 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\WINDOWS\system32\mmcss.dll
00:36:05.0741 2720 MMCSS - ok
00:36:05.0770 2720 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\WINDOWS\system32\drivers\modem.sys
00:36:05.0818 2720 Modem - ok
00:36:05.0856 2720 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\WINDOWS\system32\DRIVERS\monitor.sys
00:36:05.0882 2720 monitor - ok
00:36:05.0920 2720 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\WINDOWS\system32\drivers\mouclass.sys
00:36:05.0932 2720 mouclass - ok
00:36:05.0967 2720 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:36:05.0995 2720 mouhid - ok
00:36:06.0026 2720 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
00:36:06.0038 2720 mountmgr - ok
00:36:06.0096 2720 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:36:06.0120 2720 MozillaMaintenance - ok
00:36:06.0158 2720 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\WINDOWS\system32\drivers\mpio.sys
00:36:06.0180 2720 mpio - ok
00:36:06.0197 2720 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
00:36:06.0230 2720 mpsdrv - ok
00:36:06.0261 2720 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
00:36:06.0311 2720 MpsSvc - ok
00:36:06.0345 2720 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
00:36:06.0382 2720 MRxDAV - ok
00:36:06.0402 2720 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:36:06.0426 2720 mrxsmb - ok
00:36:06.0448 2720 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
00:36:06.0463 2720 mrxsmb10 - ok
00:36:06.0475 2720 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
00:36:06.0488 2720 mrxsmb20 - ok
00:36:06.0519 2720 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\WINDOWS\system32\drivers\msahci.sys
00:36:06.0538 2720 msahci - ok
00:36:06.0571 2720 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\WINDOWS\system32\drivers\msdsm.sys
00:36:06.0590 2720 msdsm - ok
00:36:06.0606 2720 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\WINDOWS\System32\msdtc.exe
00:36:06.0649 2720 MSDTC - ok
00:36:06.0677 2720 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:36:06.0702 2720 Msfs - ok
00:36:06.0719 2720 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
00:36:06.0749 2720 mshidkmdf - ok
00:36:06.0779 2720 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
00:36:06.0790 2720 msisadrv - ok
00:36:06.0834 2720 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
00:36:06.0877 2720 MSiSCSI - ok
00:36:06.0881 2720 msiserver - ok
00:36:06.0908 2720 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:36:06.0947 2720 MSKSSRV - ok
00:36:06.0963 2720 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:36:06.0996 2720 MSPCLOCK - ok
00:36:07.0007 2720 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:36:07.0049 2720 MSPQM - ok
00:36:07.0068 2720 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
00:36:07.0081 2720 MsRPC - ok
00:36:07.0115 2720 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\WINDOWS\system32\drivers\mssmbios.sys
00:36:07.0126 2720 mssmbios - ok
00:36:07.0144 2720 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
00:36:07.0175 2720 MSTEE - ok
00:36:07.0184 2720 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\WINDOWS\system32\DRIVERS\MTConfig.sys
00:36:07.0202 2720 MTConfig - ok
00:36:07.0212 2720 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
00:36:07.0224 2720 Mup - ok
00:36:07.0262 2720 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\WINDOWS\system32\qagentRT.dll
00:36:07.0301 2720 napagent - ok
00:36:07.0320 2720 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
00:36:07.0352 2720 NativeWifiP - ok
00:36:07.0480 2720 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130513.004\NAVENG.SYS
00:36:07.0490 2720 NAVENG - ok
00:36:07.0525 2720 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130513.004\NAVEX15.SYS
00:36:07.0560 2720 NAVEX15 - ok
00:36:07.0615 2720 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
00:36:07.0641 2720 NDIS - ok
00:36:07.0662 2720 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
00:36:07.0693 2720 NdisCap - ok
00:36:07.0706 2720 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:36:07.0739 2720 NdisTapi - ok
00:36:07.0770 2720 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:36:07.0794 2720 Ndisuio - ok
00:36:07.0822 2720 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:36:07.0856 2720 NdisWan - ok
00:36:07.0900 2720 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:36:07.0943 2720 NDProxy - ok
00:36:08.0000 2720 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
00:36:08.0006 2720 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:36:08.0006 2720 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:36:08.0023 2720 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:36:08.0063 2720 NetBIOS - ok
00:36:08.0097 2720 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:36:08.0121 2720 NetBT - ok
00:36:08.0131 2720 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:36:08.0143 2720 Netlogon - ok
00:36:08.0176 2720 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\WINDOWS\System32\netman.dll
00:36:08.0223 2720 Netman - ok
00:36:08.0240 2720 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\WINDOWS\System32\netprofm.dll
00:36:08.0269 2720 netprofm - ok
00:36:08.0299 2720 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:36:08.0317 2720 NetTcpPortSharing - ok
00:36:08.0432 2720 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\WINDOWS\system32\DRIVERS\NETw5s32.sys
00:36:08.0579 2720 NETw5s32 - ok
00:36:08.0677 2720 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\WINDOWS\system32\DRIVERS\netw5v32.sys
00:36:08.0822 2720 netw5v32 - ok
00:36:08.0848 2720 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\WINDOWS\system32\DRIVERS\nfrd960.sys
00:36:08.0867 2720 nfrd960 - ok
00:36:08.0899 2720 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
00:36:08.0925 2720 NlaSvc - ok
00:36:08.0933 2720 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:36:08.0959 2720 Npfs - ok
00:36:08.0987 2720 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\WINDOWS\system32\nsisvc.dll
00:36:09.0012 2720 nsi - ok
00:36:09.0017 2720 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
00:36:09.0058 2720 nsiproxy - ok
00:36:09.0114 2720 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:36:09.0161 2720 Ntfs - ok
00:36:09.0178 2720 [ F9756A98D69098DCA8945D62858A812C ] Null C:\WINDOWS\system32\drivers\Null.sys
00:36:09.0203 2720 Null - ok
00:36:09.0252 2720 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
00:36:09.0271 2720 nvraid - ok
00:36:09.0299 2720 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
00:36:09.0319 2720 nvstor - ok
00:36:09.0355 2720 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
00:36:09.0375 2720 nv_agp - ok
00:36:09.0499 2720 [ 1A128004775CA3E04FDB315563459D3B ] NWSAPAutoWorkstationUpdateSvc C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
00:36:09.0508 2720 NWSAPAutoWorkstationUpdateSvc - ok
00:36:09.0574 2720 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:36:09.0617 2720 odserv - ok
00:36:09.0643 2720 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\WINDOWS\system32\drivers\ohci1394.sys
00:36:09.0672 2720 ohci1394 - ok
00:36:09.0689 2720 [ 99BF0B1BCADF83102CBBBEA4D0D22732 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:36:09.0739 2720 ose - ok
00:36:09.0782 2720 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
00:36:09.0811 2720 p2pimsvc - ok
00:36:09.0852 2720 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
00:36:09.0892 2720 p2psvc - ok
00:36:09.0912 2720 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:36:09.0926 2720 Parport - ok
00:36:09.0963 2720 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
00:36:09.0975 2720 partmgr - ok
00:36:09.0993 2720 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\WINDOWS\system32\DRIVERS\parvdm.sys
00:36:10.0038 2720 Parvdm - ok
00:36:10.0052 2720 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
00:36:10.0068 2720 PcaSvc - ok
00:36:10.0118 2720 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
00:36:10.0143 2720 pccsmcfd - ok
00:36:10.0167 2720 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\WINDOWS\system32\drivers\pci.sys
00:36:10.0182 2720 pci - ok
00:36:10.0210 2720 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\WINDOWS\system32\drivers\pciide.sys
00:36:10.0228 2720 pciide - ok
00:36:10.0253 2720 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:36:10.0277 2720 pcmcia - ok
00:36:10.0296 2720 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\WINDOWS\system32\drivers\pcw.sys
00:36:10.0307 2720 pcw - ok
00:36:10.0328 2720 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
00:36:10.0376 2720 PEAUTH - ok
00:36:10.0410 2720 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
00:36:10.0451 2720 PeerDistSvc - ok
00:36:10.0512 2720 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\WINDOWS\system32\pla.dll
00:36:10.0581 2720 pla - ok
00:36:10.0623 2720 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
00:36:10.0665 2720 PlugPlay - ok
00:36:10.0689 2720 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
00:36:10.0696 2720 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:36:10.0696 2720 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:36:10.0741 2720 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
00:36:10.0781 2720 PNRPAutoReg - ok
00:36:10.0799 2720 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
00:36:10.0812 2720 PNRPsvc - ok
00:36:10.0860 2720 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
00:36:10.0896 2720 PolicyAgent - ok
00:36:10.0935 2720 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\WINDOWS\system32\umpo.dll
00:36:10.0968 2720 Power - ok
00:36:10.0987 2720 [ AF7186CF9909BEF0D86097175175178F ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
00:36:11.0008 2720 Power Manager DBC Service - ok
00:36:11.0042 2720 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:36:11.0067 2720 PptpMiniport - ok
00:36:11.0141 2720 [ 2A4514A9233D35A355F569FF8B8F6240 ] prepdrvr C:\WINDOWS\system32\CCM\prepdrv.sys
00:36:11.0168 2720 prepdrvr - ok
00:36:11.0178 2720 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
00:36:11.0206 2720 Processor - ok
00:36:11.0253 2720 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
00:36:11.0282 2720 ProfSvc - ok
00:36:11.0289 2720 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:36:11.0302 2720 ProtectedStorage - ok
00:36:11.0335 2720 [ 651D3ABC1D82D61B6CFB40CB947B3DB3 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
00:36:11.0344 2720 psadd - ok
00:36:11.0354 2720 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
00:36:11.0391 2720 Psched - ok
00:36:11.0420 2720 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\WINDOWS\system32\DRIVERS\ql2300.sys
00:36:11.0484 2720 ql2300 - ok
00:36:11.0522 2720 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\WINDOWS\system32\DRIVERS\ql40xx.sys
00:36:11.0594 2720 ql40xx - ok
00:36:11.0632 2720 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\WINDOWS\system32\qwave.dll
00:36:11.0671 2720 QWAVE - ok
00:36:11.0687 2720 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
00:36:11.0707 2720 QWAVEdrv - ok
00:36:11.0720 2720 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:36:11.0752 2720 RasAcd - ok
00:36:11.0769 2720 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
00:36:11.0804 2720 RasAgileVpn - ok
00:36:11.0820 2720 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:36:11.0864 2720 RasAuto - ok
00:36:11.0883 2720 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:36:11.0919 2720 Rasl2tp - ok
00:36:11.0964 2720 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:36:12.0005 2720 RasMan - ok
00:36:12.0010 2720 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:36:12.0038 2720 RasPppoe - ok
00:36:12.0047 2720 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
00:36:12.0085 2720 RasSstp - ok
00:36:12.0112 2720 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:36:12.0147 2720 rdbss - ok
00:36:12.0164 2720 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\WINDOWS\system32\DRIVERS\rdpbus.sys
00:36:12.0176 2720 rdpbus - ok
00:36:12.0205 2720 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:36:12.0248 2720 RDPCDD - ok
00:36:12.0276 2720 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
00:36:12.0307 2720 RDPDR - ok
00:36:12.0332 2720 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\WINDOWS\system32\drivers\rdpencdd.sys
00:36:12.0364 2720 RDPENCDD - ok
00:36:12.0378 2720 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\WINDOWS\system32\drivers\rdprefmp.sys
00:36:12.0411 2720 RDPREFMP - ok
00:36:12.0440 2720 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:36:12.0475 2720 RDPWD - ok
00:36:12.0512 2720 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
00:36:12.0526 2720 rdyboost - ok
00:36:12.0581 2720 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\WINDOWS\system32\drivers\regi.sys
00:36:12.0590 2720 regi - ok
00:36:12.0612 2720 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:36:12.0653 2720 RemoteAccess - ok
00:36:12.0672 2720 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:36:12.0717 2720 RemoteRegistry - ok
00:36:12.0741 2720 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
00:36:12.0755 2720 RFCOMM - ok
00:36:12.0786 2720 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\WINDOWS\system32\DRIVERS\rimspe86.sys
00:36:12.0811 2720 rimspci - ok
00:36:12.0851 2720 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
00:36:12.0882 2720 RimUsb - ok
00:36:12.0927 2720 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
00:36:12.0946 2720 RimVSerPort - ok
00:36:12.0956 2720 [ 6A60626412129C713CC30C81870A8095 ] rixdpcie C:\WINDOWS\system32\DRIVERS\rixdpe86.sys
00:36:12.0988 2720 rixdpcie - ok
00:36:13.0020 2720 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
00:36:13.0054 2720 ROOTMODEM - ok
00:36:13.0094 2720 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
00:36:13.0131 2720 RpcEptMapper - ok
00:36:13.0158 2720 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\WINDOWS\system32\locator.exe
00:36:13.0193 2720 RpcLocator - ok
00:36:13.0228 2720 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:36:13.0254 2720 RpcSs - ok
00:36:13.0292 2720 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
00:36:13.0318 2720 rspndr - ok
00:36:13.0350 2720 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\WINDOWS\system32\drivers\vms3cap.sys
00:36:13.0379 2720 s3cap - ok
00:36:13.0389 2720 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\WINDOWS\system32\lsass.exe
00:36:13.0400 2720 SamSs - ok
00:36:13.0486 2720 [ D574EEC31CF2B4DF5BD9B3C17CDB116D ] SAPSprint C:\Program Files\SAP\SAPSPrint\sapsprint.exe
00:36:13.0528 2720 SAPSprint ( UnsignedFile.Multi.Generic ) - warning
00:36:13.0528 2720 SAPSprint - detected UnsignedFile.Multi.Generic (1)
00:36:13.0572 2720 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
00:36:13.0591 2720 sbp2port - ok
00:36:13.0619 2720 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
00:36:13.0652 2720 SCardSvr - ok
00:36:13.0682 2720 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
00:36:13.0712 2720 scfilter - ok
00:36:13.0748 2720 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:36:13.0798 2720 Schedule - ok
00:36:13.0825 2720 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
00:36:13.0847 2720 SCPolicySvc - ok
00:36:13.0897 2720 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\WINDOWS\system32\drivers\sdbus.sys
00:36:13.0918 2720 sdbus - ok
00:36:13.0946 2720 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
00:36:13.0982 2720 SDRSVC - ok
00:36:14.0007 2720 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
00:36:14.0049 2720 secdrv - ok
00:36:14.0076 2720 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\WINDOWS\system32\seclogon.dll
00:36:14.0115 2720 seclogon - ok
00:36:14.0138 2720 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\WINDOWS\System32\sens.dll
00:36:14.0163 2720 SENS - ok
00:36:14.0181 2720 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
00:36:14.0211 2720 SensrSvc - ok
00:36:14.0230 2720 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:36:14.0241 2720 Serenum - ok
00:36:14.0254 2720 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:36:14.0274 2720 Serial - ok
00:36:14.0302 2720 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\WINDOWS\system32\DRIVERS\sermouse.sys
00:36:14.0319 2720 sermouse - ok
00:36:14.0418 2720 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
00:36:14.0440 2720 ServiceLayer - ok
00:36:14.0483 2720 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\WINDOWS\system32\sessenv.dll
00:36:14.0526 2720 SessionEnv - ok
00:36:14.0556 2720 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
00:36:14.0579 2720 sffdisk - ok
00:36:14.0597 2720 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\WINDOWS\system32\drivers\sffp_mmc.sys
00:36:14.0624 2720 sffp_mmc - ok
00:36:14.0655 2720 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
00:36:14.0669 2720 sffp_sd - ok
00:36:14.0689 2720 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
00:36:14.0717 2720 sfloppy - ok
00:36:14.0754 2720 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:36:14.0809 2720 SharedAccess - ok
00:36:14.0846 2720 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:36:14.0874 2720 ShellHWDetection - ok
00:36:14.0918 2720 [ DF6A84DD19D3C0858D707B5E64938D60 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
00:36:14.0930 2720 Shockprf - ok
00:36:14.0972 2720 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\WINDOWS\system32\drivers\sisagp.sys
00:36:14.0990 2720 sisagp - ok
00:36:15.0016 2720 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys
00:36:15.0036 2720 SiSRaid2 - ok
00:36:15.0047 2720 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\WINDOWS\system32\DRIVERS\sisraid4.sys
00:36:15.0098 2720 SiSRaid4 - ok
00:36:15.0119 2720 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\WINDOWS\system32\DRIVERS\smb.sys
00:36:15.0202 2720 Smb - ok
00:36:15.0280 2720 [ 9672E993C5F09BB15ADB757A8AF7765E ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
00:36:15.0331 2720 SmcService - ok
00:36:15.0335 2720 smstsmgr - ok
00:36:15.0354 2720 [ 229B0890AF1A54E2F57099542CD18642 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
00:36:15.0409 2720 SNAC - ok
00:36:15.0448 2720 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
00:36:15.0460 2720 SNMPTRAP - ok
00:36:15.0516 2720 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
00:36:15.0533 2720 SPBBCDrv - ok
00:36:15.0548 2720 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\WINDOWS\system32\drivers\spldr.sys
00:36:15.0559 2720 spldr - ok
00:36:15.0589 2720 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\WINDOWS\System32\spoolsv.exe
00:36:15.0618 2720 Spooler - ok
00:36:15.0694 2720 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
00:36:15.0765 2720 sppsvc - ok
00:36:15.0796 2720 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\WINDOWS\system32\sppuinotify.dll
00:36:15.0826 2720 sppuinotify - ok
00:36:15.0864 2720 [ 14389E87D0D2E25B12BF2CC74CFAEE07 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
00:36:15.0891 2720 SRTSP - ok
00:36:15.0906 2720 [ AED0F68C185FE698A21CEFCD76F0B8A4 ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
00:36:15.0934 2720 SRTSPL - ok
00:36:15.0970 2720 [ 0E2CA6326726477FE29863808BBAD413 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
00:36:15.0986 2720 SRTSPX - ok
00:36:16.0025 2720 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:36:16.0056 2720 srv - ok
00:36:16.0077 2720 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
00:36:16.0102 2720 srv2 - ok
00:36:16.0133 2720 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\WINDOWS\system32\DRIVERS\VSTAZL3.SYS
00:36:16.0163 2720 SrvHsfHDA - ok
00:36:16.0184 2720 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\WINDOWS\system32\DRIVERS\VSTDPV3.SYS
00:36:16.0224 2720 SrvHsfV92 - ok
00:36:16.0234 2720 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\WINDOWS\system32\DRIVERS\VSTCNXT3.SYS
00:36:16.0267 2720 SrvHsfWinac - ok
00:36:16.0279 2720 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
00:36:16.0292 2720 srvnet - ok
00:36:16.0313 2720 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:36:16.0340 2720 SSDPSRV - ok
00:36:16.0355 2720 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
00:36:16.0397 2720 SstpSvc - ok
00:36:16.0414 2720 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\WINDOWS\system32\DRIVERS\stexstor.sys
00:36:16.0431 2720 stexstor - ok
00:36:16.0467 2720 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\WINDOWS\System32\wiaservc.dll
00:36:16.0497 2720 StiSvc - ok
00:36:16.0533 2720 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
00:36:16.0545 2720 storflt - ok
00:36:16.0562 2720 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\WINDOWS\system32\storsvc.dll
00:36:16.0579 2720 StorSvc - ok
00:36:16.0609 2720 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
00:36:16.0628 2720 storvsc - ok
00:36:16.0650 2720 [ 5E8261EDDFD7C1851B78E27705CD7F59 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
00:36:16.0653 2720 SUService ( UnsignedFile.Multi.Generic ) - warning
00:36:16.0653 2720 SUService - detected UnsignedFile.Multi.Generic (1)
00:36:16.0688 2720 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\WINDOWS\system32\drivers\swenum.sys
00:36:16.0699 2720 swenum - ok
00:36:16.0715 2720 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\WINDOWS\System32\swprv.dll
00:36:16.0794 2720 swprv - ok
00:36:16.0854 2720 [ 409EBED03F66E3941E33E412795E6C2C ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
00:36:16.0891 2720 Symantec AntiVirus - ok
00:36:16.0927 2720 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:36:16.0946 2720 SymEvent - ok
00:36:16.0986 2720 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
00:36:16.0996 2720 SYMREDRV - ok
00:36:17.0009 2720 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
00:36:17.0021 2720 SYMTDI - ok
00:36:17.0063 2720 [ 2185CC5BE9922562108CF87F42E4BBAF ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:36:17.0108 2720 SynTP - ok
00:36:17.0157 2720 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\WINDOWS\system32\sysmain.dll
00:36:17.0203 2720 SysMain - ok
00:36:17.0216 2720 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
00:36:17.0265 2720 TabletInputService - ok
00:36:17.0304 2720 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:36:17.0352 2720 TapiSrv - ok
00:36:17.0382 2720 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\WINDOWS\System32\tbssvc.dll
00:36:17.0413 2720 TBS - ok
00:36:17.0464 2720 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
00:36:17.0511 2720 Tcpip - ok
00:36:17.0539 2720 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:36:17.0569 2720 TCPIP6 - ok
00:36:17.0603 2720 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
00:36:17.0623 2720 tcpipreg - ok
00:36:17.0662 2720 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\WINDOWS\system32\drivers\tdpipe.sys
00:36:17.0684 2720 TDPIPE - ok
00:36:17.0715 2720 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\WINDOWS\system32\drivers\tdtcp.sys
00:36:17.0739 2720 TDTCP - ok
00:36:17.0767 2720 [ B459575348C20E8121D6039DA063C704 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
00:36:17.0792 2720 tdx - ok
00:36:17.0819 2720 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\WINDOWS\system32\drivers\termdd.sys
00:36:17.0830 2720 TermDD - ok
00:36:17.0868 2720 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\WINDOWS\System32\termsrv.dll
00:36:17.0920 2720 TermService - ok
00:36:17.0947 2720 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\WINDOWS\system32\themeservice.dll
00:36:17.0962 2720 Themes - ok
00:36:17.0968 2720 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\WINDOWS\system32\mmcss.dll
00:36:17.0992 2720 THREADORDER - ok
00:36:18.0016 2720 [ 50B570E4209F6D401893720FC8DDCE46 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
00:36:18.0024 2720 TPDIGIMN - ok
00:36:18.0035 2720 [ 1F98A2433555DD854CB4E2EDC819DEB4 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
00:36:18.0056 2720 TPHDEXLGSVC - ok
00:36:18.0071 2720 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
00:36:18.0076 2720 TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
00:36:18.0076 2720 TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
00:36:18.0105 2720 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
00:36:18.0113 2720 TPHKSVC - ok
00:36:18.0146 2720 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
00:36:18.0157 2720 TPM - ok
00:36:18.0167 2720 [ C16EC6A5390904D3971179553852025B ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwr32v.sys
00:36:18.0175 2720 TPPWRIF - ok
00:36:18.0213 2720 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\WINDOWS\System32\trkwks.dll
00:36:18.0247 2720 TrkWks - ok
00:36:18.0292 2720 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
00:36:18.0333 2720 TrustedInstaller - ok
00:36:18.0371 2720 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\WINDOWS\system32\DRIVERS\tssecsrv.sys
00:36:18.0402 2720 tssecsrv - ok
00:36:18.0426 2720 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
00:36:18.0451 2720 TsUsbFlt - ok
00:36:18.0485 2720 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
00:36:18.0509 2720 tunnel - ok
00:36:18.0540 2720 [ 8629F69817902D9D0F00EB3247AABA51 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:36:18.0571 2720 TurboBoost - ok
00:36:18.0592 2720 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
00:36:18.0610 2720 uagp35 - ok
00:36:18.0625 2720 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
00:36:18.0675 2720 udfs - ok
00:36:18.0696 2720 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
00:36:18.0728 2720 UI0Detect - ok
00:36:18.0769 2720 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
00:36:18.0787 2720 uliagpkx - ok
00:36:18.0818 2720 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\WINDOWS\system32\drivers\umbus.sys
00:36:18.0830 2720 umbus - ok
00:36:18.0851 2720 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\WINDOWS\system32\DRIVERS\umpass.sys
00:36:18.0876 2720 UmPass - ok
00:36:18.0904 2720 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
00:36:18.0935 2720 UmRdpService - ok
00:36:18.0961 2720 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:36:19.0002 2720 upnphost - ok
00:36:19.0045 2720 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
00:36:19.0061 2720 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
00:36:19.0061 2720 USBAAPL - detected UnsignedFile.Multi.Generic (1)
00:36:19.0089 2720 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:36:19.0121 2720 usbccgp - ok
00:36:19.0177 2720 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\WINDOWS\system32\drivers\usbcir.sys
00:36:19.0199 2720 usbcir - ok
00:36:19.0232 2720 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\WINDOWS\system32\drivers\usbehci.sys
00:36:19.0244 2720 usbehci - ok
00:36:19.0286 2720 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:36:19.0302 2720 usbhub - ok
00:36:19.0329 2720 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\WINDOWS\system32\drivers\usbohci.sys
00:36:19.0352 2720 usbohci - ok
00:36:19.0384 2720 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:36:19.0404 2720 usbprint - ok
00:36:19.0448 2720 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:36:19.0468 2720 usbscan - ok
00:36:19.0504 2720 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
00:36:19.0524 2720 usbser - ok
00:36:19.0547 2720 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:36:19.0571 2720 USBSTOR - ok
00:36:19.0597 2720 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\WINDOWS\system32\drivers\usbuhci.sys
00:36:19.0615 2720 usbuhci - ok
00:36:19.0647 2720 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\WINDOWS\System32\uxsms.dll
00:36:19.0671 2720 UxSms - ok
00:36:19.0698 2720 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\WINDOWS\system32\lsass.exe
00:36:19.0711 2720 VaultSvc - ok
00:36:19.0759 2720 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
00:36:19.0771 2720 vdrvroot - ok
00:36:19.0809 2720 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\WINDOWS\System32\vds.exe
00:36:19.0915 2720 vds - ok
00:36:19.0955 2720 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
00:36:19.0989 2720 vga - ok
00:36:20.0002 2720 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:36:20.0030 2720 VgaSave - ok
00:36:20.0075 2720 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\WINDOWS\system32\drivers\vhdmp.sys
00:36:20.0097 2720 vhdmp - ok
00:36:20.0142 2720 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\WINDOWS\system32\drivers\viaagp.sys
00:36:20.0160 2720 viaagp - ok
00:36:20.0171 2720 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\WINDOWS\system32\DRIVERS\viac7.sys
00:36:20.0196 2720 ViaC7 - ok
00:36:20.0222 2720 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\WINDOWS\system32\drivers\viaide.sys
00:36:20.0238 2720 viaide - ok
00:36:20.0270 2720 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
00:36:20.0284 2720 vmbus - ok
00:36:20.0318 2720 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\WINDOWS\system32\drivers\VMBusHID.sys
00:36:20.0335 2720 VMBusHID - ok
00:36:20.0383 2720 [ 48007916B1D0DAB3E6C0D701DE7C4AFB ] VNA C:\WINDOWS\system32\DRIVERS\vna.sys
00:36:20.0394 2720 VNA - ok
00:36:20.0419 2720 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
00:36:20.0432 2720 volmgr - ok
00:36:20.0447 2720 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
00:36:20.0464 2720 volmgrx - ok
00:36:20.0504 2720 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
00:36:20.0519 2720 volsnap - ok
00:36:20.0562 2720 [ D9CC6202D8A3EC84F1516F6CC3E2E6ED ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
00:36:20.0578 2720 vpnagent - ok
00:36:20.0613 2720 [ 0D8DF4058901616A4E716AB67D472581 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
00:36:20.0659 2720 vpnva - ok
00:36:20.0688 2720 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\WINDOWS\system32\DRIVERS\vsmraid.sys
00:36:20.0710 2720 vsmraid - ok
00:36:20.0754 2720 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\WINDOWS\system32\vssvc.exe
00:36:20.0831 2720 VSS - ok
00:36:20.0843 2720 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\WINDOWS\system32\DRIVERS\vwifibus.sys
00:36:20.0864 2720 vwifibus - ok
00:36:20.0882 2720 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
00:36:20.0896 2720 vwififlt - ok
00:36:20.0936 2720 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
00:36:20.0949 2720 vwifimp - ok
00:36:20.0979 2720 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\WINDOWS\system32\w32time.dll
00:36:21.0009 2720 W32Time - ok
00:36:21.0022 2720 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\WINDOWS\system32\DRIVERS\wacompen.sys
00:36:21.0040 2720 WacomPen - ok
00:36:21.0078 2720 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:36:21.0115 2720 WANARP - ok
00:36:21.0118 2720 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:36:21.0141 2720 Wanarpv6 - ok
00:36:21.0191 2720 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\WINDOWS\system32\wbengine.exe
00:36:21.0257 2720 wbengine - ok
00:36:21.0274 2720 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
00:36:21.0298 2720 WbioSrvc - ok
00:36:21.0331 2720 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
00:36:21.0367 2720 wcncsvc - ok
00:36:21.0381 2720 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
00:36:21.0473 2720 WcsPlugInService - ok
00:36:21.0494 2720 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\WINDOWS\system32\DRIVERS\wd.sys
00:36:21.0511 2720 Wd - ok
00:36:21.0535 2720 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
00:36:21.0554 2720 Wdf01000 - ok
00:36:21.0566 2720 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
00:36:21.0596 2720 WdiServiceHost - ok
00:36:21.0599 2720 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
00:36:21.0614 2720 WdiSystemHost - ok
00:36:21.0657 2720 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\WINDOWS\System32\webclnt.dll
00:36:21.0695 2720 WebClient - ok
00:36:21.0718 2720 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
00:36:21.0754 2720 Wecsvc - ok
00:36:21.0765 2720 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
00:36:21.0790 2720 wercplsupport - ok
00:36:21.0807 2720 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
00:36:21.0901 2720 WerSvc - ok
00:36:21.0930 2720 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\WINDOWS\system32\DRIVERS\wfplwf.sys
00:36:21.0955 2720 WfpLwf - ok
00:36:21.0972 2720 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
00:36:21.0989 2720 WIMMount - ok
00:36:22.0016 2720 [ 253A9C2DF9A2A7B3B23146014959F2CD ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
00:36:22.0050 2720 winachsf - ok
00:36:22.0104 2720 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:36:22.0135 2720 WinDefend - ok
00:36:22.0140 2720 WinHttpAutoProxySvc - ok
00:36:22.0191 2720 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:36:22.0216 2720 Winmgmt - ok
00:36:22.0265 2720 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\WINDOWS\system32\WsmSvc.dll
00:36:22.0334 2720 WinRM - ok
00:36:22.0383 2720 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys
00:36:22.0413 2720 WinUsb - ok
00:36:22.0439 2720 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\WINDOWS\System32\wlansvc.dll
00:36:22.0466 2720 Wlansvc - ok
00:36:22.0504 2720 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\WINDOWS\system32\drivers\wmiacpi.sys
00:36:22.0522 2720 WmiAcpi - ok
00:36:22.0562 2720 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
00:36:22.0599 2720 wmiApSrv - ok
00:36:22.0667 2720 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:36:22.0720 2720 WMPNetworkSvc - ok
00:36:22.0732 2720 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
00:36:22.0764 2720 WPCSvc - ok
00:36:22.0797 2720 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
00:36:22.0828 2720 WPDBusEnum - ok
00:36:22.0848 2720 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
00:36:22.0886 2720 ws2ifsl - ok
00:36:22.0897 2720 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
00:36:22.0933 2720 wscsvc - ok
00:36:22.0936 2720 WSearch - ok
00:36:22.0999 2720 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\WINDOWS\system32\wuaueng.dll
00:36:23.0063 2720 wuauserv - ok
00:36:23.0072 2720 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
00:36:23.0100 2720 WudfPf - ok
00:36:23.0131 2720 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
00:36:23.0155 2720 WUDFRd - ok
00:36:23.0169 2720 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
00:36:23.0203 2720 wudfsvc - ok
00:36:23.0228 2720 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
00:36:23.0276 2720 WwanSvc - ok
00:36:23.0309 2720 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\WINDOWS\system32\DRIVERS\XAudio32.sys
00:36:23.0319 2720 XAudio - ok
00:36:23.0340 2720 ================ Scan global ===============================
00:36:23.0376 2720 [ DAB748AE0439955ED2FA22357533DDDB ] C:\WINDOWS\system32\basesrv.dll
00:36:23.0405 2720 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\WINDOWS\system32\winsrv.dll
00:36:23.0413 2720 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\WINDOWS\system32\winsrv.dll
00:36:23.0438 2720 [ 364455805E64882844EE9ACB72522830 ] C:\WINDOWS\system32\sxssrv.dll
00:36:23.0472 2720 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\WINDOWS\system32\services.exe
00:36:23.0475 2720 [Global] - ok
00:36:23.0475 2720 ================ Scan MBR ==================================
00:36:23.0482 2720 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:36:23.0840 2720 \Device\Harddisk0\DR0 - ok
00:36:23.0841 2720 ================ Scan VBR ==================================
00:36:23.0843 2720 [ AB067BA801D6D37D3CC9E941D574DB4F ] \Device\Harddisk0\DR0\Partition1
00:36:23.0844 2720 \Device\Harddisk0\DR0\Partition1 - ok
00:36:23.0845 2720 ============================================================
00:36:23.0845 2720 Scan finished
00:36:23.0845 2720 ============================================================
00:36:23.0852 4220 Detected object count: 9
00:36:23.0853 4220 Actual detected object count: 9
00:37:07.0565 4220 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:07.0565 4220 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:37:07.0565 4220 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:07.0565 4220 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:37:07.0567 4220 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:07.0567 4220 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:37:07.0568 4220 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:07.0568 4220 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:37:07.0570 4220 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:07.0570 4220 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:37:07.0572 4220 SAPSprint ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:07.0572 4220 SAPSprint ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:37:07.0573 4220 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:07.0573 4220 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:37:07.0574 4220 TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:07.0574 4220 TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:37:07.0576 4220 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:07.0576 4220 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 14.05.2013 23:41
Passt.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

S2k13 14.05.2013 23:47
Hallo,

auf meinem Rechner läuf Symantec Endpoint Protection und ich kann sie nich deaktivieren.

Kann ich ComboFix trotzdem starten?

Gruß,
S2k13

markusg 14.05.2013 23:53
Kannnst du

S2k13 14.05.2013 23:57
ComboFix mahnt das schließen von Symantec Enduser Protection an. Gibt es ein erhebliches Risiko, wenn ich das Fortführen des Suchlaufs mit OK bestätige?
Danke vorab.

markusg 14.05.2013 23:59
bestätige es bitte

S2k13 15.05.2013 00:24
Hallo,

endlich ist auch das Tool durch...

Hier das Log:

Code:
ComboFix 13-05-14.01 - ****** 15.05.2013  1:02.1.4 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1033.18.2932.1524 [GMT 2:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Yammer\Yammer.exe
c:\users\******\1508452.dll
c:\users\******\4.0
c:\users\******\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\******\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-14 bis 2013-05-14  ))))))))))))))))))))))))))))))
.
.
2013-05-14 22:03 . 2013-05-14 22:23        --------        d-----w-        C:\_OTL
2013-04-18 08:50 . 2013-01-24 04:47        196328        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-04-18 08:49 . 2013-03-19 04:48        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2013-04-18 08:49 . 2013-03-19 05:04        3968856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-04-18 08:49 . 2013-03-19 05:04        3913560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-04-18 08:49 . 2013-03-19 02:49        69632        ----a-w-        c:\windows\system32\smss.exe
2013-04-18 08:49 . 2013-02-15 04:34        131584        ----a-w-        c:\windows\system32\aaclient.dll
2013-04-18 08:49 . 2013-02-15 03:25        36864        ----a-w-        c:\windows\system32\tsgqec.dll
2013-04-18 08:49 . 2013-02-15 04:37        3217408        ----a-w-        c:\windows\system32\mstscax.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-07 15:01 . 2012-03-30 05:50        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-05-07 15:01 . 2011-10-20 19:22        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-05 15:22 . 2013-03-09 15:06        57344        ----a-r-        c:\users\******\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2013-04-02 10:44 . 2011-11-08 09:17        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-02 10:43 . 2011-11-08 09:17        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-02 10:43 . 2011-11-08 09:17        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-27 15:25 . 2011-11-22 07:45        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-03-27 15:25 . 2011-11-22 07:45        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-03-27 15:14 . 2011-12-16 09:23        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-03-22 14:27 . 2013-03-22 14:27        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-03-22 14:27 . 2012-12-04 19:55        861088        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-03-22 14:27 . 2011-09-19 09:37        782240        ----a-w-        c:\windows\system32\deployJava1.dll
2013-04-20 16:17 . 2013-04-20 16:17        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-04 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-04 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-04 170520]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-03-24 1254760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-08-03 115624]
"AgentUiRunKey"="c:\program files\Iron Mountain\Connected BackupPC\Agent.exe" [2012-05-17 299856]
"SAP_WUS_UNT"="c:\program files\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe" [2011-06-20 115568]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-01-13 527312]
.
c:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yammer.lnk - c:\program files\Yammer\Yammer.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x]
R3 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x]
S2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
S2 SAPSprint;SAPSprint;c:\program files\SAP\SAPSPrint\sapsprint.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService        REG_MULTI_SZ          HsfXAudioService
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Communicator_Anpassung_UBA]
2010-06-22 15:32        175140        ----a-w-        c:\program files\Microsoft Office Communicator\Communicator-uba-ActiveSetup.EXE
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 17:11]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 17:11]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727Core.job
- c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 21:01]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727UA.job
- c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 21:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://sso.********.com/authent/authent_form.asp
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: libri.biz\mayersche
Trusted Zone: mercateo.com\www
Trusted Zone: bcdtravel-portal.net\www
TCP: DhcpNameServer = 217.237.150.97 194.145.226.26 10.44.24.10
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://sslgw1.beiersdorfgroup.com/CSHELL/extender.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab
FF - ProfilePath - c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ffld4oo5.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-Symantec Antvirus
HKLM_ActiveSetup-{0009FEDA-0005-0409-0000-1111CAB70015} - msiexec
HKLM_ActiveSetup-{0009FEDA-0006-0409-0000-1111CAB70015} - msiexec
HKLM_ActiveSetup-{0009FEDA-0007-0409-0000-1111CAB70015} - msiexec
HKLM_ActiveSetup-{BB26BFF5-5BB1-43D1-8D04-83A536D2EDD9} - msiexec
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4520)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\sppsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\CCM\CcmExec.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\system32\taskhost.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\TpShocks.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\igfxext.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-15  01:16:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-14 23:16
.
Vor Suchlauf: 248.222.674.944 bytes free
Nach Suchlauf: 248.061.083.648 bytes free
.
- - End Of File - - 9AF72EF69D7773EE2BE8B598B10DA85D

markusg 15.05.2013 00:28
siehg gut aus.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.


lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner bereits instaliert ist, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

S2k13 15.05.2013 00:48
Hi,
MalWarebytes Anti-Malware läuft noch...

Die Liste aus CCleaner habe ich bearbeitet. Hier stehen allerdings auch Infos drin, die ich mit ***** unkenntlich gemacht habe.

Code:
7-Zip 4.65                19.09.2011               
[verify-U]_AVS_IE_Add-on        cybits AG        23.03.2013                1.0.0.3 notwendig
Adobe AIR        Adobe Systems Incorporated        18.04.2013                3.7.0.1530 notwendig
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        23.04.2013        6,00MB        11.7.700.169 notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        07.05.2013        6,00MB        11.7.700.197 notwendig
Adobe Reader X (10.1.6) - Deutsch        Adobe Systems Incorporated        25.02.2013        122MB        10.1.6 notwendig
Apple Application Support        Apple Inc.        26.02.2013        62,7MB        2.3.3 notwendig
Apple Mobile Device Support        Apple Inc.        26.02.2013        24,6MB        6.1.0.13 notwendig
Apple Software Update        Apple Inc.        12.02.2012        2,38MB        2.1.3.127 notwendig
ARIS Express 2.3        Software AG        25.01.2012                notwendig
Audacity 1.3.14 (Unicode)        Audacity Team        13.01.2012        40,4MB        notwendig
BlackBerry Desktop Software 7.1        Research In Motion Ltd.        09.01.2013                7.1.0.37 notwendig
Bonjour        Apple Inc.        12.02.2012        1,02MB        3.0.0.10 notwendig
Capexpenses Classic 2.0        *****        14.01.2013        1,73MB        2.00.0000 notwendig
Capexpenses_Core_V1.0        *****        27.09.2011        88,1MB        1.00.0000 notwendig
***** Flags Template for PowerPoint 2007 7.03        *****        27.09.2011        5,32MB        7.030 (10/09/02) notwendig
***** Maps Template for PowerPoint 2007 7.03        *****        27.09.2011        16,5MB        7.030 (10/09/02) notwendig
CCleaner        Piriform        23.04.2013                4.01 notwendig
CE Templates & Tools        *****        14.01.2013        27,5MB        7.5.4.0 notwendig
CE Templates & Tools 7.5.2        *****        02.03.2012        34,9MB        7.5.2.0 notwendig
CGShortcuts        *****        27.09.2011        388KB        1.0.0.0 notwendig
Check Point SSL Network Extender        CheckPoint        29.11.2012        1,10MB        7.01.0000 notwendig
Cisco AnyConnect Secure Mobility Client        Cisco Systems, Inc.        12.04.2013                3.0.5080 notwendig
Cisco Systems VPN Client 5.0.07.0290        Cisco Systems, Inc.        19.09.2011        11,5MB        5.0.6 notwendig
Cisco WebEx Meetings        Cisco WebEx LLC        07.12.2012                notwendig
Conexant 20585 SmartAudio HD        Conexant        19.09.2011                4.95.43.50 notwendig
Connected Backup/PC Agent        Autonomy Corporation plc        18.04.2013        120MB        8.6.2 notwendig
DHTML Editing Component        Microsoft Corporation        19.10.2011        554KB        6.02.0001 notwendig
Dienstprogramm "ThinkPad UltraNav"        Lenovo        19.09.2011                2.13.0 notwendig
DNE Update        Deterministic Networks, Inc.        19.09.2011        777KB        4.0.6.18274 unbekannt
ExplorerSettings        *****        19.09.2011        400KB        1.0.0.1 notwendig
Free M4a to MP3 Converter 7.2        ManiacTools.com        05.01.2013        4,02MB        notwendig
FreeCommander 2009.02b        Marek Jasinski        31.12.2011                2009.02 notwendig
FreeMind                02.08.2012        16,0MB        0.9.0 notwendig
FreePDF (Remove only)                20.10.2011                notwendig
Ghostscript        GPL        19.09.2011        33,7MB        8.71 notwendig
Google Chrome        Google Inc.        20.11.2011                26.0.1410.64 notwendig
Google Earth Plug-in        Google        22.03.2013        80,7MB        7.0.3.8542 notwendig
Google Toolbar for Internet Explorer        Google Inc.        12.01.2013                7.4.3607.2246 notwendig
iCloud        Apple Inc.        16.04.2013        48,3MB        2.1.2.8 notwendig
Image Resizer Powertoy Clone for Windows        Brice Lambson        16.10.2012        132KB        2.1 notwendig
internal_ss-1280x1024-sta_loc_pla Screen Saver                27.09.2011                notwendig
InterVideo WinDVD 8        InterVideo Inc.        19.09.2011        158MB        8.0.20.178 notwendig
iTunes        Apple Inc.        26.02.2013        186MB        11.0.2.26 notwendig
Java 7 Update 17        Oracle        22.03.2013        130MB        7.0.170 notwendig
Java(TM) 6 Update 29        Oracle        19.09.2011        97,0MB        6.0.290 notwendig
Lenovo Auto Scroll Utility                19.09.2011                1.00 notwendig
Lenovo System Interface Driver                19.09.2011                1.05 notwendig
LiveUpdate 3.3 (Symantec Corporation)        Symantec Corporation        21.05.2012                3.3.0.102 notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300        Malwarebytes Corporation        15.05.2013        19,2MB        1.75.0.1300 notwendig
Microsoft .NET Framework 1.1        Microsoft        09.10.2011        34,8MB        1.1.4322 notwendig
Microsoft Conferencing Add-in for Microsoft Office Outlook        Microsoft Corporation        25.06.2012        26,7MB        8.0.6362.202 notwendig
Microsoft Office Access 2007        Microsoft Corporation        18.11.2011                12.0.6425.1000 notwendig
Microsoft Office Access Runtime (English) 2007        Microsoft Corporation        17.01.2013        217MB        12.0.6425.1000 notwendig
Microsoft Office Communicator 2007 R2        Microsoft Corporation        10.03.2012        53,1MB        3.5.6907.244 notwendig
Microsoft Office File Validation Add-In        Microsoft Corporation        05.02.2012        7,91MB        14.0.5130.5003 notwendig
Microsoft Office Language Pack 2007 - German/Deutsch        Microsoft Corporation        19.09.2011                12.0.6425.1000 notwendig
Microsoft Office Live Meeting 2007        Microsoft Corporation        09.11.2011        117MB        8.0.6362.202 notwendig
Microsoft Office Standard 2007        Microsoft Corporation        19.09.2011                12.0.6425.1000 notwendig
Microsoft Office Visio Viewer 2007        Microsoft Corporation        05.02.2012        20,9MB        12.0.4518.1014 notwendig
Microsoft redistributable runtime DLLs VS2005 SP1(x86)        SAP        19.10.2011        4,28MB        8.0.50727.4053 notwendig
Microsoft redistributable runtime DLLs VS2008 SP1(x86)        SAP AG        19.10.2011        8,89MB        9.0 notwendig
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs        Microsoft Corporation        19.09.2011        124KB        12.0.4518.1014 notwendig
Microsoft Silverlight        Microsoft Corporation        21.03.2013        118MB        5.1.20125.0 notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        19.09.2011        300KB        8.0.61001 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        06.11.2011        2,06MB        9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        05.07.2012        234KB        9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        09.03.2013        226KB        9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        07.11.2011        600KB        9.0.30729.6161 notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        09.03.2013        12,2MB        10.0.40219 notwendig
Mozilla Firefox 20.0.1 (x86 de)        Mozilla        22.04.2013        44,7MB        20.0.1 notwendig
Mozilla Maintenance Service        Mozilla        22.04.2013        330KB        20.0.1 notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        19.09.2011        37,0KB        4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        19.09.2011        1,33MB        4.20.9876.0 notwendig
Nikon Message Center 2        Nikon        09.03.2013        9,42MB        2.1.0 notwendig
Nikon Movie Editor        Nikon        05.04.2013        30,7MB        2.7.0 notwendig
Nokia Connectivity Cable Driver        Nokia        03.11.2012        3,35MB        7.1.92.0 notwendig
Nokia Suite        Nokia        03.11.2012                3.6.36.0 notwendig
On Screen Display                19.09.2011                6.24.00 notwendig
PC Connectivity Solution        Nokia        03.11.2012        15,0MB        12.0.48.0 notwendig
Picture Control Utility        Nikon        05.04.2013        27,2MB        1.4.11 notwendig
QuickTime        Apple Inc.        13.11.2012        73,1MB        7.73.80.64 notwendig
RedMon - Redirection Port Monitor                20.10.2011 notwendig               
Safari        Apple Inc.        22.05.2012        104MB        5.34.57.2 notwendig
SAP Business Explorer        SAP AG        19.10.2011                7.20 notwendig
SAP Console 7.10        SAP AG        19.10.2011                notwendig
SAP GUI for Windows 7.20        SAP        19.10.2011                7.20 Compilation 3 notwendig
SAP JNet        SAP AG        19.10.2011                notwendig
SAP Netweaver Business Client 3.0        SAP AG        19.10.2011 notwendig               
SAP PDFPRINT        SAP AG        19.10.2011                notwendig
SAP Print Service        SAP AG        19.10.2011                notwendig
SAPSetup Automatic Workstation Update Service        SAP AG        19.10.2011                notwendig
Short Movie Creator        Nikon        05.04.2013        67,9MB        1.3.1 notwendig
Symantec Endpoint Protection        Symantec Corporation        21.05.2012        441MB        11.0.7000.975 notwendig
System Update        Lenovo        19.09.2011        11,7MB        4.00.0046 notwendig
ThinkPad Bluetooth with Enhanced Data Rate Software        Broadcom Corporation        21.10.2011        88,4MB        6.2.1.100 notwendig
ThinkPad Energie-Manager                19.09.2011                3.48 notwendig
ThinkPad FullScreen Magnifier                19.09.2011                2.24 notwendig
ThinkPad Modem Adapter        Conexant Systems        19.09.2011                7.80.5.0 notwendig
ThinkPad Power Management Driver                19.09.2011                1.60.0.4 notwendig
ThinkPad UltraNav Driver                19.09.2011        46,4MB        15.2.20.0 notwendig
ThinkVantage Communications Utility        Lenovo        19.09.2011        2,43MB        1.41 notwendig
ThinkVantage System für aktiven Festplattenschutz        Lenovo        19.09.2011        8,77MB        1.74 notwendig
ThinkVantage System Update                                notwendig
ViewNX 2        Nikon        09.03.2013        53,1MB        2.4.0 notwendig
VLC media player 2.0.5        VideoLAN        18.02.2013                2.0.5 notwendig
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)        Nokia        03.11.2012                05/31/2012 7.1.2.0 notwendig
Yammer        Yammer Inc.        22.02.2012                300222 notwendig
Überwachungstool für die Intel® Turbo-Boost-Technik        Intel        19.09.2011        960KB        1.0.186.3 notwendig
Im Grunde alles notwendig bzw. 1x unbekannt...

Hallo,

jetzt ist auch ANti-Malware durchgelaufen. Hier das Log:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.14.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
sklose :: CE05278 [Administrator]

15.05.2013 01:32:30
mbam-log-2013-05-15 (01-32-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349817
Laufzeit: 1 Stunde(n), 9 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Gibt es noch weiteres zu tun oder ist der PC nun wieder sicher?

Danke im Voraus für das Feedback!

Gruß,

S2k13

markusg 15.05.2013 13:48
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Google Toolbar : sollte man drauf verzichten, is nur ein zusätzliches Risiko und sie verlangsamen den Browser
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

S2k13 15.05.2013 18:42
Hallo,

danke auch für die weiteren Hinweise. AdwCleaner spuckt folgendes Log aus:
AdwCleaner Logfile:
Code:
# AdwCleaner v2.300 - Logfile created 05/15/2013 at 19:27:18
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : ****** - CE05278
# Boot Mode : Normal
# Running from : C:\Users\******\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (de)

File : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ffld4oo5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2100] : homepage = "hxxp://www.startfenster.com",

*************************

AdwCleaner[S1].txt - [1573 octets] - [15/05/2013 19:27:18]

########## EOF - C:\AdwCleaner[S1].txt - [1633 octets] ##########
--- --- ---


Hallo nochmal,

gibt es noch weitere Schritte, die ich gehen muss, um meinen Rechner wieder komplett schadfrei zu bekommen?

Sorry, habe die Frage im letzten Thread vergessen :stirn:

CU
S2K13

markusg 15.05.2013 21:11
Neustarten bitte.
Hitman Pro - Download - Filepony

Hitmanpro laden, doppelklicken.
Auf Scan.
Nichts löschen.
Auf weiter, Log als XML speichern und posten, bzw packen und anhängen.

S2k13 15.05.2013 22:12
Hallo,
Neustart erledigt & HitmanPro ausgeführt. Hier das Log:

S2k13 15.05.2013 22:12
Wie geht's denn weiter...?
CU
S2k13

markusg 16.05.2013 17:00
du bist hier nicht der einzige, und ich werd dir schon sagen wies weiter geht :-)

markusg 16.05.2013 17:00
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

S2k13 17.05.2013 09:28
Hallo,

hier das OTL-Log:OTL Logfile:
Code:
OTL logfile created on: 17.05.2013 09:56:33 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\******\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,86 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 56,00% Memory free
5,72 Gb Paging File | 4,47 Gb Available in Paging File | 78,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 222,82 Gb Free Space | 74,75% Space Free | Partition Type: NTFS
Drive E: | 1,90 Gb Total Space | 1,52 Gb Free Space | 80,20% Space Free | Partition Type: FAT
 
Computer Name: CE05278 | User Name: ****** | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.14 22:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.13 02:54:40 | 001,088,424 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.10.03 16:51:04 | 000,725,400 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.10.03 16:50:54 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.10.03 16:50:46 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.05.17 19:43:42 | 006,775,632 | ---- | M] (Autonomy Corporation plc) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2012.05.17 19:43:26 | 000,299,856 | ---- | M] (Autonomy Corporation plc) -- C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2012.01.13 10:17:42 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.01.11 17:11:58 | 005,153,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2011.11.02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011.10.30 16:44:36 | 000,571,392 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
PRC - [2011.10.18 19:24:32 | 000,355,496 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2011.08.03 11:57:20 | 001,471,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011.08.03 11:57:20 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011.08.03 11:57:20 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011.08.03 11:57:18 | 001,897,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011.08.03 11:57:18 | 001,846,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011.06.20 10:33:38 | 000,115,568 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
PRC - [2011.06.20 10:33:30 | 000,129,904 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
PRC - [2011.05.13 10:05:12 | 001,589,760 | ---- | M] (SAP, Walldorf) -- C:\Program Files\SAP\SAPSPrint\sapsprint.exe
PRC - [2011.03.31 19:31:34 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011.03.24 03:48:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.03.08 13:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.03.08 13:20:58 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2010.12.14 15:57:20 | 000,136,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010.10.29 20:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010.06.29 15:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2010.04.20 13:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010.04.20 13:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010.04.20 13:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.09.18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009.08.11 16:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.13 02:55:38 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.10.13 02:55:38 | 000,092,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
MOD - [2012.10.13 02:55:22 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.10.13 02:55:22 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.10.13 02:55:20 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.10.13 02:55:18 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.10.13 02:55:18 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.10.13 02:55:16 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.10.13 02:55:16 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.10.13 02:55:14 | 008,506,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.10.13 02:55:14 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.10.13 02:55:12 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.10.13 02:55:12 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.10.13 02:55:08 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.10.13 02:55:04 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.10.13 02:55:04 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.10.13 02:55:02 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.10.13 02:54:34 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012.10.13 02:53:56 | 000,605,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.10.13 02:31:20 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.10.13 02:31:20 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.10.13 02:30:34 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2011.03.24 03:48:00 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009.08.11 16:10:04 | 000,132,384 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 19:07:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.20 18:17:11 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.03 16:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.05.17 19:43:42 | 006,775,632 | ---- | M] (Autonomy Corporation plc) [Auto | Running] -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2012.01.13 10:17:42 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011.10.18 19:24:32 | 000,355,496 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2011.08.03 11:57:20 | 000,357,808 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011.08.03 11:57:20 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011.08.03 11:57:20 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011.08.03 11:57:18 | 001,897,960 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011.08.03 11:57:18 | 001,846,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011.06.20 10:33:30 | 000,129,904 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc)
SRV - [2011.05.13 10:05:12 | 001,589,760 | ---- | M] (SAP, Walldorf) [Auto | Running] -- C:\Program Files\SAP\SAPSPrint\sapsprint.exe -- (SAPSprint)
SRV - [2011.03.24 03:48:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011.03.24 03:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.02.18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.02.07 18:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.04.20 13:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010.04.20 13:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.09.29 17:25:38 | 000,099,768 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.09.18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009.09.18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\******\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.01.16 11:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130515.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.16 11:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130515.008\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.09 10:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 10:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.06.27 16:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.05.21 06:53:28 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.05.17 19:43:42 | 000,045,384 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2012.01.13 10:08:24 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012.01.13 10:07:32 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011.08.03 11:57:20 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011.08.03 11:57:20 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011.08.03 11:57:20 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011.03.24 03:48:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011.03.24 03:48:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.01.13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.01.13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.08.30 20:15:54 | 000,247,808 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.08.24 15:31:07 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2010.08.24 15:31:06 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010.08.24 15:31:06 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2010.08.02 16:42:44 | 000,111,192 | ---- | M] (Deterministic Networks, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dnelwf.sys -- (DNE)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.02.27 08:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.01.21 06:14:48 | 000,485,944 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.12.10 02:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009.11.02 18:43:16 | 000,129,304 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA)
DRV - [2009.10.27 01:53:16 | 000,126,080 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2009.10.26 07:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.10.05 06:05:56 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009.09.28 07:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009.09.18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009.09.17 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009.04.29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://sso.********.com/authent/authent_form.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC DE 47 C0 15 47 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B32C20FF-2324-4BCC-B0C3-56B5EA1A7212}: "URL" = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\******\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\******\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.20 18:17:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.20 18:17:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.11.20 23:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2013.03.22 16:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\ffld4oo5.default\extensions
[2013.04.20 18:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.20 18:17:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.20 18:17:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.20 18:17:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.20 18:17:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.20 18:17:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.20 18:17:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.20 18:17:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Silverlight (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.05.15 01:12:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Capexpenses\jre\jre6_14-b08\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Autonomy Corporation plc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: bcdtravel-portal.net ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: ********.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ********.de ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: sdm.de ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: skillwsa.com ([cgcontent] https in Local intranet)
O15 - HKLM\..Trusted Domains: sumtotalsystems.com ([********] https in Local intranet)
O15 - HKCU\..Trusted Domains: libri.biz ([mayersche] * in Trusted sites)
O15 - HKCU\..Trusted Domains: mercateo.com ([www] * in Trusted sites)
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://sslgw1.beiersdorfgroup.com/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.********.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66DE07F5-59E8-4DAB-AE13-3F68856E3D1E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB412C7A-0B3D-4464-BB51-5C2564CA9CF8}: DhcpNameServer = 205.223.229.84 205.223.229.9
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007 R2
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: >{AEF48F3F-3C9A-4B0B-82FA-0DC1374008BA} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: Communicator_Anpassung_UBA - C:\Program Files\Microsoft Office Communicator\Communicator-uba-ActiveSetup.EXE /s
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 22:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.15 19:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.15 17:38:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013.05.15 01:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.05.15 01:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.15 01:33:13 | 004,346,816 | ---- | C] (Piriform Ltd) -- C:\Users\******\Desktop\ccsetup401.exe
[2013.05.15 01:31:03 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2013.05.15 01:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.15 01:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.15 01:30:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.05.15 01:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.15 01:30:24 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Programs
[2013.05.15 01:29:49 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\******\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.15 01:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.05.15 01:12:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.15 01:00:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.15 01:00:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.15 01:00:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.15 00:54:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.15 00:54:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.15 00:45:16 | 005,066,131 | R--- | C] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe
[2013.05.15 00:34:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe
[2013.05.15 00:03:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.14 22:56:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.04.20 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 09:56:50 | 000,000,463 | ---- | M] () -- C:\WINDOWS\SMSCFG.INI
[2013.05.17 09:52:44 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 09:51:58 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.17 09:50:51 | 2305,560,576 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 06:57:14 | 000,012,400 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 06:57:14 | 000,012,400 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 06:43:00 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727UA.job
[2013.05.16 06:43:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.16 06:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.15 23:22:23 | 000,000,866 | ---- | M] () -- C:\Users\******\Desktop\HitmanPro_20130515_2310.zip
[2013.05.15 20:58:40 | 000,620,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.15 20:58:40 | 000,109,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.15 19:12:48 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.15 17:36:30 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727Core.job
[2013.05.15 01:38:53 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.15 01:33:16 | 004,346,816 | ---- | M] (Piriform Ltd) -- C:\Users\******\Desktop\ccsetup401.exe
[2013.05.15 01:30:41 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.15 01:29:56 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\******\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.15 01:12:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.15 00:45:18 | 005,066,131 | R--- | M] (Swearware) -- C:\Users\******\Desktop\ComboFix.exe
[2013.05.15 00:34:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\******\Desktop\tdsskiller.exe
[2013.05.14 23:16:20 | 000,377,856 | ---- | M] () -- C:\Users\******\Desktop\llikksn3.exe
[2013.05.14 22:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2013.05.14 22:54:01 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe
[2013.05.14 18:10:28 | 000,003,134 | RHS- | M] () -- C:\Users\******\ntuser.pol
[2013.05.14 18:10:18 | 000,065,871 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.05.13 14:31:56 | 000,001,832 | ---- | M] () -- C:\Users\******\AppData\Local\SLC_******.prx
[2013.05.09 11:53:51 | 000,000,939 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk
[2013.04.24 09:24:20 | 000,087,975 | ---- | M] () -- C:\Users\******\Desktop\Bestätigung Bären Zarten.pdf
[2013.04.18 15:12:22 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Connected BackupPC.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.15 23:10:52 | 000,000,866 | ---- | C] () -- C:\Users\******\Desktop\HitmanPro_20130515_2310.zip
[2013.05.15 19:12:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.15 19:12:48 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.15 19:07:20 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.15 01:38:53 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.15 01:30:41 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.15 01:00:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.15 01:00:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.15 01:00:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.15 01:00:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.15 01:00:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.14 23:16:20 | 000,377,856 | ---- | C] () -- C:\Users\******\Desktop\llikksn3.exe
[2013.05.14 22:53:59 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe
[2013.04.24 09:24:19 | 000,087,975 | ---- | C] () -- C:\Users\******\Desktop\Bestätigung Bären Zarten.pdf
[2013.04.05 17:20:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\BSD
[2013.04.05 17:20:45 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Audio Units
[2013.04.05 17:20:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Calibrators
[2013.04.05 17:19:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\AccountTypes
[2013.03.09 17:05:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automatic Filter
[2013.03.09 17:05:13 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Audio
[2013.03.09 17:05:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013.03.09 17:05:13 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bundle
[2013.03.09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automator
[2013.03.09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Authentication
[2013.03.09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Audio Unit Effect
[2013.03.09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Applications
[2013.03.09 17:04:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013.03.09 17:04:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013.03.09 17:04:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\CMMs
[2013.03.09 17:02:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeu.DAT
[2013.03.09 17:01:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Brother
[2013.03.09 17:01:55 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Bass Reduction
[2013.03.09 17:01:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2013.03.09 17:01:55 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2013.02.07 17:28:06 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.11.02 10:36:35 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2012.05.26 09:34:10 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\PrintBrmUi.exe
[2011.12.24 22:15:00 | 008,414,449 | ---- | C] () -- C:\Users\******\Kalimba.mp3
[2011.11.04 14:03:26 | 000,038,274 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft Access 97-2003.ADR
[2011.10.20 21:46:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.10.20 21:46:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.10.19 20:33:09 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011.10.19 20:33:09 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011.10.19 20:33:09 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011.10.19 20:33:09 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011.10.19 20:33:08 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011.10.12 08:40:06 | 000,001,832 | ---- | C] () -- C:\Users\******\AppData\Local\SLC_******.prx
[2011.10.09 16:06:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2011.09.27 10:16:57 | 000,003,134 | RHS- | C] () -- C:\Users\******\ntuser.pol
[2011.09.19 11:46:33 | 000,065,871 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.09.19 11:09:05 | 000,000,463 | ---- | C] () -- C:\WINDOWS\SMSCFG.INI
[2011.09.19 11:01:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\iglhsip32.dll
[2011.09.19 11:01:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\iglhcp32.dll
[2011.09.19 11:01:41 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011.09.19 11:01:39 | 000,104,796 | ---- | C] () -- C:\WINDOWS\System32\igfcg575m.bin
[2011.09.19 11:01:39 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011.09.19 11:01:33 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011.09.19 11:01:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011.09.19 10:58:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.08 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Audacity
[2011.12.31 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FreeCommander
[2012.04.21 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia
[2012.04.21 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia Suite
[2012.04.21 15:17:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PC Suite
[2011.09.19 11:16:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PwrMgr
[2011.11.14 06:27:46 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Research In Motion
[2013.05.13 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\SAP
[2012.12.07 11:04:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\webex
[2011.11.09 12:46:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Yammer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.05.15 01:12:10 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.05.26 10:06:11 | 000,000,000 | ---D | M] -- C:\boot
[2011.09.27 11:04:11 | 000,000,000 | ---D | M] -- C:\CGShortcut
[2011.09.19 11:09:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.09 15:50:06 | 000,000,000 | ---D | M] -- C:\hp_LJ_P1005_P1500_Full_Solution_ROW
[2011.09.19 11:27:51 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.15 01:38:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.15 22:50:53 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013.05.15 01:16:57 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.09.19 11:09:03 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.05.17 10:00:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.27 10:16:41 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.15 19:23:45 | 000,000,000 | ---D | M] -- C:\Windows
[2013.05.15 00:23:37 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 04:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,620 | ---- | C] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011.11.20 23:01:47 | 000,001,072 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727Core.job
[2011.11.20 23:01:48 | 000,001,124 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727UA.job
[2012.05.27 19:11:13 | 000,001,094 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012.05.27 19:11:13 | 000,001,098 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.05.15 19:07:20 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_d8ed431bab2df657\iaStor.sys
[2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_80ef422561cb0bbe\iaStor.sys
[2010.01.15 05:06:56 | 000,433,176 | ---- | M] (Intel Corporation) MD5=39F7C9AEEE865FE8E98CF3EDD2B4BB4A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1b3a88aa8e74fd2e\iaStor.sys
[2010.01.15 05:06:56 | 000,433,176 | ---- | M] (Intel Corporation) MD5=39F7C9AEEE865FE8E98CF3EDD2B4BB4A -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c91aefea01737b8d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.08.03 11:57:22 | 000,087,456 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2011.08.03 11:57:22 | 000,107,936 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
 
< %USERPROFILE%\*.* >
[2011.12.24 22:15:00 | 008,414,449 | ---- | M] () -- C:\Users\******\Kalimba.mp3
[2013.05.17 10:15:36 | 006,291,456 | -HS- | M] () -- C:\Users\******\NTUSER.DAT
[2013.05.17 10:15:36 | 000,262,144 | -HS- | M] () -- C:\Users\******\ntuser.dat.LOG1
[2011.09.27 10:16:43 | 000,000,000 | -HS- | M] () -- C:\Users\******\ntuser.dat.LOG2
[2011.09.27 10:28:20 | 000,065,536 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011.09.27 10:28:20 | 000,524,288 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011.09.27 10:28:20 | 000,524,288 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.09.27 10:16:43 | 000,000,020 | -HS- | M] () -- C:\Users\******\ntuser.ini
[2013.05.14 18:10:28 | 000,003,134 | RHS- | M] () -- C:\Users\******\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
[2013.05.15 01:18:38 | 000,000,000 | ---- | M] () -- C:\Users\******\Local Settings\Temp\i4jd8438810573058418693.exe
[2013.05.15 22:46:16 | 000,028,077 | ---- | M] () -- C:\Users\******\Local Settings\Temp\i4jdel0.exe
[9 C:\Users\******\Local Settings\Temp\*.tmp files -> C:\Users\******\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
[2013.05.15 01:22:25 | 000,001,536 | ---- | M] () -- C:\Users\******\Local Settings\Temp\NOSEventMessages.dll
[9 C:\Users\******\Local Settings\Temp\*.tmp files -> C:\Users\******\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---

Viele Grüße,

S2k13

S2k13 17.05.2013 09:30
...und das Extras-Log (vom 14.05. - es gab kein Neueres...):

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 5/14/2013 10:56:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\******\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.86 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 81.75% Memory free
5.72 Gb Paging File | 5.24 Gb Available in Paging File | 91.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 223.93 Gb Free Space | 75.12% Space Free | Partition Type: NTFS
 
Computer Name: CE05278 | User Name: ****** | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DefaultInboundAction" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"WMI-ASYNC-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-WINMGMT-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|
"{09F5B492-B063-4B93-8EBD-38D4743435FD}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2701|LPort=2702|LPort=135|Name=SCCM Remote Tools Ports: 2701, 2702, 135 TCP|
"{B483CEAD-A6E5-42B0-A8D4-D802CCA932EA}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=2701|LPort=2702|Name=SCCM Remote Tools Ports: 2701, 2702 UDP|
"{01E18610-24E5-40A6-9703-35F80723C770}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|Name=HTTP Port 80 TCP|
"{8AF05D1E-3B7A-422B-9C20-21510E74B651}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=443|Name=HTTPS Port 443 TCP|
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|
"RemoteSvcAdmin-NP-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|
"RemoteSvcAdmin-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|
"{51B4D0A8-126E-45B8-9C80-3E6B40E1C1F4}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2701|LPort=2702|Name=ITICS - Configuration Manager Remote Control (TCP-In)|
"{D56B5CE0-9E71-45DA-8863-6529B1062D42}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=2701|LPort=2702|Name=ITICS - Configuration Manager Remote Control (UDP-In)|
"RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall" = 1
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall" = 1
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032EA77E-FDD3-4D99-912D-E668F84D5ED7}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{0400E566-AEDD-42A8-B9AB-B560AC5458BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0B0AB6DD-6214-4853-B739-9B176C3992C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12163AB1-1042-41F0-9F50-A7F53348234B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{36007D0F-F750-4FDC-AB7C-7B093B6317CB}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{44F0B3BE-3799-4D83-B546-924A80758F71}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{487FB238-C88D-400F-98C1-E133160F8A0D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{629D089E-403C-47CC-9A15-11C8B556548C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{658A0A81-960D-48F8-845A-78481E021A99}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{70D5CA81-12D7-49D7-BA24-5F41A58AB3BD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{87AD4968-D917-4AC6-ACA9-C014D88D83BE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8A356BD9-9115-4DDF-AEC1-2546C3F18D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91D5D309-D666-463F-B0E5-B0A9D8B859C7}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{93C47987-99F2-4293-A19D-F514E6340D72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A50E08C3-D14B-4B7C-AD56-B9462D2BEA5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE750F66-85C9-496A-BB76-235E602E0666}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E49BD542-BA91-492F-878D-DC1EC697445C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{E5A6B54D-5E5C-424C-9858-18B59F1B872D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F565E8DB-8CDE-4352-AEA4-E6D377EDAAB6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09EC91EF-05C1-429D-9E0F-5BDE74EF97A1}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{0B9884B8-74AA-4C4D-9E9C-1083C6D487C2}" = protocol=17 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{167FBD7F-E857-4015-900D-0C4BF8E788BA}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{1F82AD68-3493-42A0-B7EC-91A62816D049}" = protocol=17 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{2F6BE8DF-FBEA-47EE-9F48-0777A5E32E42}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{36E53F1F-51D4-4ED2-9071-CF5D41B74D26}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3908232F-E3B5-424B-8013-60AD2BEA1147}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{3F013A5D-1C5A-41F0-86A1-4F2083DD4CA1}" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{45031986-F702-46E1-A447-6F9FDC144042}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4AA06FE1-ABA1-4555-8503-4B260ABEABFF}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{4CC5BE61-2949-469F-9518-CADE18B2B377}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57D6E9CD-ABE5-4EA5-9993-4711B546B665}" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{5B3FE120-F8DE-4EF9-A9D7-D825416890C2}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{5BC87ADC-0488-4E6B-BF61-E0797F731C82}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C3588C1-ABA1-4481-969D-59ED66D98D3C}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5D566964-0A4B-4889-BAA9-4B41505E021D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{5D8613BD-DE97-4C09-BE41-317610338DFE}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5EFAE97E-C7B8-4645-B6E5-F3C44CD81BCD}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5FA72524-9CAD-4C1F-8B21-C3F92DB5D680}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{630D2D0A-EDCB-4C64-975B-182BE686226E}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{64C04D5D-D0EE-4E4B-A373-9CEA85BC3BC6}" = protocol=6 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{6DE140B1-313C-4E92-B5E4-35E5B036FF7E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{6F16A36F-0321-4A5F-B3B2-41996C208225}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe |
"{75A64427-DBD7-4C00-8D5D-4DEAC027AA57}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{80F8F348-A87A-468B-AD18-1447AD44D545}" = protocol=6 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{8671EA06-1CF3-4F03-B3DB-5BCECC316D26}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{86DE013C-8E54-4D7E-9D71-BD1F15FB7931}" = protocol=17 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{8D68A0DE-40AD-44BC-8325-77149FFE783B}" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{94AB952C-5831-4D60-A7DF-E26C8B88FE68}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{A403430A-4A7E-4CC1-AD84-46559E77600E}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{A8D3E784-0264-472D-9232-E3DE9EB151B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{B0C5ABE8-578C-4820-B126-15A0D07D8938}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{B1D83057-C77C-408C-8DDB-A320719B1013}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{BE71E780-EB36-49C7-A30D-23E5300F2A9B}" = protocol=6 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{BFED75E7-14DF-4108-B887-B73591119EEE}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C1659CB1-073A-40AD-B12C-1BCEF8561680}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3D1BF0E-7AC3-4B52-918E-1120C91B228B}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{C6CF85A0-0690-45D8-8E65-2891EE9F0F7D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{DEF5A49A-69AF-4C41-ABE5-18280DCB2070}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{E38DFBC9-FB14-47F5-8987-6F22FC9384CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{F24D8945-BC9F-43CA-BBD4-536D15795174}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{F581CF35-A36A-4B2A-8542-7D1EDC219F67}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{52C96806-0824-4597-82BA-FC62F80E83C8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{600AD822-5E9A-4FB2-977A-B55BE8625E43}C:\program files\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"TCP Query User{75F833AC-F0D2-4BD4-8BB9-CAB003022839}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BE0FD395-2829-446C-9163-DA390A75E979}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DB92465B-D35D-4198-BE0E-62846CEE4153}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{ED2C8A29-45CB-4638-90EF-34D4B9636703}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"UDP Query User{483A06B3-0473-493B-B8D3-0401F26910C3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{54A371FB-5213-4780-95F1-AC0D27B59804}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5DFA13BF-BF26-4856-B0AB-EB977414FF25}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"UDP Query User{990334A0-611E-4544-9786-4513D211F481}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{D779D4E2-20DB-4DAB-975A-19B74C990D7F}C:\program files\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"UDP Query User{D7E3C2B8-2DA2-4E71-8F34-62B1A182DABD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on
"{0009FEDA-0005-0409-0000-1111CAB70015}" = CE Templates & Tools 7.5.2
"{0009FEDA-0007-0409-0000-1111CAB70015}" = CE Templates & Tools
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{10114C8C-0409-0001-2011-CABE8BEFC0FE}" = Capexpenses_Core_V1.0
"{1011ABB1-0409-0005-2012-CABE8BEFABB1}" = Capexpenses Classic 2.0
"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express
"{13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{17FA7788-DA17-41EB-912C-FEB4FE0221E9}_is1" = ******** Maps Template for PowerPoint 2007 7.03
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F5436B3-188E-4C95-9ECF-3AF1D6488657}" = Ghostscript
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = Connected Backup/PC Agent
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5192F4D1-5173-4450-84AD-EAF6C695A86A}" = Internet Explorer
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5E2E4797-502A-4FFD-81EC-F9BA8BF0C581}" = Symantec Endpoint Protection
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78401D0D-DD35-46F1-9539-E44566DDACBF}" = DNE Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{85BE320B-A37D-42DA-B9BE-20A40B6A05E3}" = Cisco AnyConnect Secure Mobility Client
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BA33573-9E98-4971-84E9-BC9AA2EB0600}_is1" = ******** Flags Template for PowerPoint 2007 7.03
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90a40bf2-b776-4d93-9ef4-7b6ec74ba072}" = Check Point SSL Network Extender
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{972E6F25-7FFF-454A-B320-AD3579E00E53}" = CGShortcuts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A81EB5BC-F764-308A-B979-0F8F078DAB29}" = Yammer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2817391-97C2-4A88-A952-14920594BD62}" = Short Movie Creator
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BB26BFF5-5BB1-43D1-8D04-83A536D2EDD9}" = ExplorerSettings
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 4.65
"Access" = Microsoft Office Access 2007
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"FreeCommander_is1" = FreeCommander 2009.02b
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"internal_ss-1280x1024-sta_loc_pla" = internal_ss-1280x1024-sta_loc_pla Screen Saver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAP_JNet" = SAP JNet
"SAP_NwBC" = SAP Netweaver Business Client 3.0
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPConsole" = SAP Console 7.10
"SAPGUI710" = SAP GUI for Windows 7.20
"SAPPdfPrint" = SAP PDFPRINT
"SAPSPrint" = SAP Print Service
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 2.0.5
"Yammer" = Yammer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ARIS Express 2.3" = ARIS Express 2.3
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2013 16:36:21 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 16:36:21 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9484
 
Error - 14.05.2013 16:36:21 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9484
 
Error - 14.05.2013 16:36:22 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 16:36:22 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10764
 
Error - 14.05.2013 16:36:22 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10764
 
Error - 14.05.2013 16:36:23 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.05.2013 16:36:23 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11856
 
Error - 14.05.2013 16:36:23 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11856
 
Error - 14.05.2013 16:46:21 | Computer Name = CE05278.corp.********.com | Source = Symantec AntiVirus | ID = 16711731
Description =      Security Risk Found!Trojan.Malscript in File: C:\ProgramData\ejlmj0.js
 by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description: The file
 was deleted successfully.   
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 03.05.2013 08:38:23 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 03.05.2013 08:38:23 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
 connection was forcibly closed by the remote host. 
 
Error - 03.05.2013 08:38:23 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CCvcConfig::CCvcConfig File: .\vpnconfig.cpp Line: 553 Invoked
 Function: CCvcConfig::readConfigParamFromFile Return Code: -33030135 (0xFE080009)
Description:
 CVCCONFIG_ERROR_UNEXPECTED
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::connectTransport File: .\IPC\SocketTransport.cpp
Line:
 732 Invoked Function: ::WSAConnect Return Code: 10051 (0x00002743) Description: A
socket operation was attempted to an unreachable network. 
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::performDNSRequest File: .\IP\DNSRequest.cpp Line:
 395 Invoked Function: CUdpTransport::connectTransport Return Code: -31522804 (0xFE1F000C)
Description:
 SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::Query File: .\IP\DNSRequest.cpp Line: 306 Invoked
 Function: CDNSRequest::performDNSRequest Return Code: -31522804 (0xFE1F000C) Description:
 SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 801 Invoked Function: DNSRequest::Query Return Code: -31522804 (0xFE1F000C) Description:
 SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 193 Invoked Function: CNetEnvironment::testNetwork Return Code: -31522804 (0xFE1F000C)
Description:
 SOCKETTRANSPORT_ERROR_CONNECT
 
Error - 03.05.2013 13:38:44 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 53.254.11.194.in-addr.arpa via DNS
 server 192.168.0.1
 
[ Media Center Events ]
Error - 18.03.2013 05:36:03 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 10:35:42 - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server) 
 
Error - 18.03.2013 05:36:27 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 10:36:24 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server) 
 
Error - 27.03.2013 06:19:12 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:19:12 - Failed to retrieve Directory (Error: Unable to connect
to the remote server) 
 
Error - 27.03.2013 06:20:15 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:19:54 - Failed to retrieve MCESpotlight (Error: Unable to connect
 to the remote server) 
 
Error - 27.03.2013 06:20:57 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:20:36 - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server) 
 
Error - 27.03.2013 06:21:22 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:21:18 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server) 
 
Error - 02.04.2013 05:40:36 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:40:35 - Failed to retrieve Directory (Error: Unable to connect
to the remote server) 
 
Error - 02.04.2013 05:41:39 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:41:18 - Failed to retrieve MCESpotlight (Error: Unable to connect
 to the remote server) 
 
Error - 02.04.2013 05:42:21 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:42:00 - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server) 
 
Error - 02.04.2013 05:42:49 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:42:42 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server) 
 
[ OSession Events ]
Error - 02.05.2012 05:52:33 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1685 seconds with 720 seconds of active time.  This session ended with a
crash.
 
Error - 27.06.2012 10:17:54 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7225
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 12.09.2012 09:54:22 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 419 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 12.09.2012 13:04:45 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 12174
 seconds with 1620 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.05.2013 16:46:44 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10016
Description =
 
Error - 14.05.2013 16:49:56 | Computer Name = CE05278.corp.********.com | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume C:.
 
Error - 14.05.2013 16:50:15 | Computer Name = CE05278.corp.********.com | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:49:23 on ?14.?05.?2013 was unexpected.
 
Error - 14.05.2013 16:50:20 | Computer Name = CE05278.corp.********.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain CORP due to the following:  %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 14.05.2013 16:50:20 | Computer Name = CE05278.corp.********.com | Source = Service Control Manager | ID = 7001
Description = The SAPSprint service depends on the Print Spooler service which failed
 to start because of the following error:  %%1068
 
Error - 14.05.2013 16:50:21 | Computer Name = CE05278.corp.********.com | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  discache  eeCtrl  lenovo.smi  SPBBCDrv  spldr  SRTSP  SRTSPX  SYMTDI  TPPWRIF  Wanarpv6
 
Error - 14.05.2013 16:50:39 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
 
Error - 14.05.2013 16:51:01 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
 
Error - 14.05.2013 16:51:02 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
 
Error - 14.05.2013 16:51:03 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
--- --- ---


Viele Grüße,

S2k13

markusg 17.05.2013 11:41
hi
Internet Explorer*10 herunterladen
instaliere mal den internet explorer 10, auch wenn du einen anderen Browser nutzt, muss der aktuell sein.
Melden bitte, wenn fertig

S2k13 17.05.2013 13:11
Hallo,

IE10 ist installiert.

Das letzte OTL-Log ist entstanden, indem ich OTL nicht als Admin gestartet hatte. Ich hätte jetzt auch ein neueres Log, welches erzeugt wurde, als ich OTL als Admin habe laufen lassen. Würde dieses Log nochmal weiterhelfen?

VG,
S2k13

markusg 17.05.2013 13:19
Hi,
is ok

otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk =  File not found
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

S2k13 17.05.2013 13:35
Hallo,

hier erstmal das Log vom OTL-Fix:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File move failed. C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk scheduled to be moved on reboot.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: sklose
->Temp folder emptied: 29240403 bytes
->Temporary Internet Files folder emptied: 30368565 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25829691 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 57983 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 197031 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 82.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05172013_142335

Files\Folders moved on Reboot...
File\Folder C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk not found!
C:\Users\sklose\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Die Browser Safari, Chrome und Firefox zeigen die erwarteten Startseiten und haben jeweils keine zusätzlichen Toolbars aktiv. Dazu konnte ich div. MS Office-Programme problemlos öffnen, ebenso wie Accrobat Reader und z. B. iTunes.

Bei den letzten Reboots ist mir lediglich aufgefallen, dass es recht lange dauert, bis der Rechner jetzt wieder richtig verfügbar ist. Sonst habe ich keine weiteren Symptome mehr festgestellt.

VG,

S2k13

markusg 17.05.2013 13:38
Hi,
Frage:
ist der Malwarebytes Hintergrundwächter aktiv, falls ja, mal deaktivieren und gucken, wie der Bot läuft.
weiterhin:
ccleaner öffnen, extras, autostartliste, als txt exportiren und posten

S2k13 17.05.2013 13:46
Hallo,

wei kann ich prüfen, ob der Hintergrundwächter aktiv ist? Nach dem Booten ist ein Prozess aktiv, der mbam.exe ausführt... Reicht das als Info oder muss ich woanders schauen?

Hier die Autostartliste:
Code:
Ja        HKCU:Run        NokiaSuite.exe        Nokia        C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
Ja        HKLM:Run        Adobe ARM        Adobe Systems Incorporated        "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja        HKLM:Run        AgentUiRunKey        Autonomy Corporation plc        "C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e hxxp://localhost:16386/
Ja        HKLM:Run        APSDaemon        Apple Inc.        "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Ja        HKLM:Run        ccApp        Symantec Corporation        "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Ja        HKLM:Run        Cisco AnyConnect Secure Mobility Agent for Windows        Cisco Systems, Inc.        "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
Ja        HKLM:Run        Communicator        Microsoft Corporation        "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
Ja        HKLM:Run        FreePDF Assistant        shbox.de        C:\Program Files\FreePDF_XP\fpassist.exe
Ja        HKLM:Run        HotKeysCmds        Intel Corporation        C:\WINDOWS\system32\hkcmd.exe
Ja        HKLM:Run        IgfxTray        Intel Corporation        C:\WINDOWS\system32\igfxtray.exe
Ja        HKLM:Run        iTunesHelper        Apple Inc.        "C:\Program Files\iTunes\iTunesHelper.exe"
Ja        HKLM:Run        LENOVO.TPKNRRES        Lenovo Group Limited        C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
Ja        HKLM:Run        Nikon Message Center 2        Nikon Corporation        C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
Ja        HKLM:Run        Persistence        Intel Corporation        C:\WINDOWS\system32\igfxpers.exe
Ja        HKLM:Run        PWMTRV                rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
Ja        HKLM:Run        QuickTime Task        Apple Inc.        "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Ja        HKLM:Run        RIMBBLaunchAgent.exe        Research In Motion Limited        C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
Ja        HKLM:Run        SAP_WUS_UNT        SAP AG        "C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe"
Ja        HKLM:Run        SunJavaUpdateSched        Oracle Corporation        "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Ja        HKLM:Run        SynTPEnh        Synaptics Incorporated        %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja        HKLM:Run        TpShocks        Lenovo.        TpShocks.exe
Ja        Startup Common        Bluetooth.lnk        Broadcom Corporation.        C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Ja        Startup User        Yammer.lnk                C:\Program Files\Yammer\Yammer.exe
VG,
S2k13

markusg 17.05.2013 13:50
bHi, habs grad nich instaliert, klicke dich da mal durch die Registerkarten, da müsste es so einen punkt geben.

Dann mal in der Autostart liste alles deaktivieren außer:
ccApp
Cisco AnyConnect
HotKeysCmds
SynTPEnh

bei startup:
Common Bluetooth

dann mal 2 neustarts und gucken, wies läuft

S2k13 17.05.2013 14:19
Hallo,

das Verhalten ist noch ähnlich. Nach Eingabe des Passworts ist der Mauspfeil schon da, aber der Rest bleibt schwarz. Dann kommt die Windowsleiste und hiernach (ca. 1-2 Sekunden) die Programm-Icons.

Sonst verhält sich das System ganz normal. Mit dem etwas längeren Startvorgang könnte ich leben, solange die Verzögerung nicht von Schadsoftware verursacht wird...

VG,
S2k13

markusg 17.05.2013 14:21
deinstaliere malwarebytes mal vollständig. dann sollte mbam.exe nich mehr aktiv sein, manchmal wird dadurch ein solches Problem verursacht

S2k13 17.05.2013 14:26
Hallo,

ich denke, das war's. Der letzte Reboot ging wirklich gewohnt zügig.

Kann ich jetzt die anderen Autostarts wieder aktivieren?

VG,
S2k13

markusg 17.05.2013 14:39
wenn dir da nichts wichtiges fehlt, lass sie aus, bringt noch n bissel mehr arbeitsspeicher etc, den du dann zur verfügung hast.
Probleme festzustellen?
falls nein, öffne otl, bereinigen, pc startet neu, Remover werden gelöscht.
Lösche übrig gebliebene Logs, Setups, von uns verwendete Programme.
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:07 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130