Hello from a new member of this Forum.

Apologise in advance. I'm from Germany and English is not my mother language, so might get some problems for me to understand everything.

I'm on nearly the same problem as the user in thread *browser hijacked* http://forums.spybot.info/showthread.php?68572-browser-hijacked a few days ago. ken545 was the friendly helper there.

Problem:
qvo6.com spam site gets opened in a tab when starting IE or Firefox.
Removing the link from the IE or Firefox setup doesn't help.

I've tried to fix it with spybot with no success.
Did the ERUNT process.
Followed the steps with Adwcleaner, OTL to analyse the problem source from the above thread until the instructions of post #17
http://forums.spybot.info/showthread.php?68572-browser-hijacked&p=441426&viewfull=1#post441426
Did nothing to OTL cause I do not have the *1-click run* problem in my log files. I've stopped there at #17.

This is my DDS.txt as follows, and the other are attached including aswMBR.txt
10719
10720

Virus scanner was disabled when I did the steps from the other thread. Also there is a wanted tool installed that looks like malware, but is not
Extensions\\gacela2@nurago.com: C:\Program Files\Digital Trends Club\ <<---- wanted and known extension, doesn't harm

Looking forward to your kind help

Regards
Peter
-----------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by HEF01 at 14:38:16 on 2013-05-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3060.637 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\cjpcsc.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe
C:\Program Files\HI-epanelLSPService\HI-epanelLSPService.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe
C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe
C:\Program Files\Mobile Partner Manager\AssistantServices.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\LENOVO\HOTKEY\shtctky.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Lenovo\Access Connections\ACTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HI-epanelLSPService\HI-epanel-WatchDog.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Mobile Partner Manager\UIExec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\HEF01\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Users\HEF01\AppData\Local\Akamai\netsession_win.exe
C:\Users\HEF01\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\HEF01\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\Wertpapieranalyse 2012\wm60.exe
C:\Program Files\Bagusoft Password Safe\pwsafe.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\Program Files\Lexware\Quicken\2012\qw.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\HEF01\Downloads\OTL.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyServer = localhost:21320
uProxyOverride = <local>;192.168.*.*
BHO: Digital Trends Club: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - c:\program files\digital trends club\Gacela2.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: loadtbs: {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - LocalServer32 - <no file>
TB: loadtbs: {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - LocalServer32 - <no file>
uRun: [Google Update] "c:\users\hef01\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [SkyDrive] "c:\users\hef01\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Akamai NetSession Interface] "c:\users\hef01\appdata\local\akamai\netsession_win.exe"
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [ACTray] c:\program files\lenovo\access connections\ACTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HI-epanel-WatchDog] "c:\program files\hi-epanellspservice\HI-epanel-WatchDog.exe" /Debug
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FLxHCIm] "c:\program files\fresco logic inc\fresco logic usb3.0 host controller\host\FLxHCIm.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [UIExec] "c:\program files\mobile partner manager\UIExec.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [Del224411197] cmd.exe /Q /D /c del "c:\users\hef01\appdata\local\temp\0.del"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hef01\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\key-or~1.lnk - c:\program files\aidex\keyorganizer\KeyOrganizer.exe
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\hef01\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - c:\program files\digital trends club\Gacela2.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: c:\windows\system32\HI-epanelLSPService.DLL
LSP: bmnet.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.178.36/codebase/DVM_IPCam2.ocx
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{B124AEFE-892C-45A4-BB75-ED6063CFEE11} : DHCPNameServer = 212.166.210.80 212.73.32.67
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\349414D234845434B4D284546423 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\349414F503731323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\5416379724F687D2837323441383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\64259445A51224F6870264F6E60275C414E40273237303 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\64259445A51224F6870264F6E60275C414E40273339303 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\8405531333434343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\D6F63757378696 : DHCPNameServer = 192.168.178.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll
IFEO: avnotify.exe - null.exe
IFEO: ipmgui.exe - null.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hef01\appdata\roaming\mozilla\firefox\profiles\xxhc2iuc.default-1361923398100\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\siz\sizchip-plugin\mozilla-20\npS-Chip-Add-On-Mozilla-2021.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\hef01\appdata\local\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\users\hef01\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-17 21:17; fb_add_on@avm.de; c:\users\hef01\appdata\roaming\mozilla\firefox\profiles\xxhc2iuc.default-1361923398100\extensions\fb_add_on@avm.de
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-1-4 25416]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-3-20 50248]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-3-20 41544]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-12-28 22344]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-25 36000]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2011-4-16 14949]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-3-20 15944]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-3-20 186952]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-3-19 7936]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-6-27 13680]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-5-25 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-5-25 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-25 83392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2012-8-23 104240]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2011-4-16 506288]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-3-20 68168]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-5 48640]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2011-5-30 11976]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-9-8 132864]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\drivers\AmpPal.sys [2012-7-18 143360]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\drivers\avmaura.sys [2013-4-21 105728]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-11-15 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-11-15 29472]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-2-2 388264]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-4 72832]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-4 125696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-30 22856]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\Netwsn00.sys [2012-9-30 10383360]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-4-1 22640]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\drivers\qcfilterlno2k.sys [2010-6-25 5248]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\drivers\qcusbnetlno2k.sys [2011-5-23 375296]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\drivers\qcusbserlno2k.sys [2011-5-23 190848]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2013-4-3 38200]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2012-12-5 25088]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-9 38336]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2012-7-18 509456]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\drivers\AmpPal.sys [2012-7-18 143360]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\drivers\cjusb.sys [2011-4-16 28144]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-9-8 280640]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-4 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-1-4 348160]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2010-11-19 174080]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2010-11-19 38400]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-2-14 49664]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-1-4 9216]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-8 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2012-7-15 26112]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-8 49664]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2012-1-4 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2012-1-4 105856]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver 4\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2013-05-30 11:35:07 -------- d-----w- c:\users\hef01\appdata\roaming\Malwarebytes
2013-05-30 11:34:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-30 11:34:45 -------- d-----w- c:\programdata\Malwarebytes
2013-05-30 11:34:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-30 10:40:44 -------- d-----w- c:\windows\ERUNT
2013-05-30 10:40:30 -------- d-----w- C:\JRT
2013-05-29 23:51:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-29 23:51:02 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-29 23:50:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-28 13:59:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-05-28 13:59:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-05-28 13:59:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-05-28 13:59:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-05-28 13:59:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-05-28 08:29:37 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{71b3c438-1eb4-4750-86c1-59f2f24b38c3}\offreg.dll
2013-05-28 08:07:29 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{71b3c438-1eb4-4750-86c1-59f2f24b38c3}\mpengine.dll
2013-05-23 19:28:00 -------- d-----w- c:\users\hef01\.thumbnails
2013-05-23 19:23:50 -------- d-----w- c:\users\hef01\appdata\local\fontconfig
2013-05-23 19:23:49 -------- d-----w- c:\users\hef01\.gimp-2.8
2013-05-23 19:23:48 -------- d-----w- c:\users\hef01\appdata\local\gegl-0.2
2013-05-23 19:19:41 -------- d-----w- c:\program files\GIMP 2
2013-05-23 19:18:48 -------- d-----w- c:\program files\common files\337
2013-05-23 19:18:45 -------- d-----w- c:\programdata\eSafe
2013-05-23 19:17:41 -------- d-----w- c:\users\hef01\appdata\local\Temp6d0f0d5e9b2f9168be1f2b87cf34f9e2
2013-05-23 19:17:36 -------- d-----w- c:\users\hef01\ChromeExtensions
2013-05-23 19:17:36 -------- d-----w- c:\users\hef01\appdata\local\Tempe46dda8bb39b9c8e8cfd4432b6411a3c
2013-05-23 19:17:36 -------- d-----w- c:\users\hef01\appdata\local\Tempd24b12627639ae220aaee1670257cc72
2013-05-23 19:17:35 -------- d-----w- c:\users\hef01\appdata\roaming\eIntaller
2013-05-21 13:57:00 383616 ----a-w- c:\windows\system32\HI-epanelLSPService64.dll
2013-05-21 13:57:00 316032 ----a-w- c:\windows\system32\HI-epanelLSPService.dll
2013-05-20 15:01:17 -------- d-----w- c:\users\hef01\appdata\roaming\IPCamWizard
2013-05-20 15:01:14 -------- d-----w- c:\program files\IP Camera Wizard
2013-05-15 07:46:43 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 07:46:43 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 07:46:38 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 07:46:29 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 07:46:29 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 07:46:21 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 07:46:20 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 07:46:20 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-14 22:08:09 9195912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-06 23:56:24 59816 ----a-r- c:\users\hef01\appdata\roaming\microsoft\installer\{1d2ff661-4402-4d75-aa40-b23fcaf81d32}\ARPPRODUCTICON.exe
2013-05-06 16:13:26 126976 ----a-w- c:\windows\system32\GPEapSim.dll
2013-05-06 16:09:49 13824 ----a-w- c:\windows\system32\drivers\ZTEusbccid.sys
2013-05-06 16:09:32 -------- d-----w- c:\windows\system32\SupportAppCB
2013-05-06 16:09:20 -------- d-----w- c:\program files\Mobile Partner Manager
2013-05-06 08:07:14 -------- d-----w- c:\program files\common files\SPBA
2013-05-04 00:08:20 39936 ----a-w- c:\windows\system32\capi2032.dll
2013-05-03 22:49:49 62736 ----a-w- c:\program files\common files\system\ole db\msdatl2.dll
2013-05-03 22:49:49 5392 ----a-w- c:\program files\common files\system\ole db\OLEDB32X.DLL
2013-05-03 22:49:41 7952 ----a-w- c:\windows\system32\odbccp32.cpl
2013-05-02 14:15:52 227656 ----a-w- c:\windows\system32\ddBACCTM.cpl
2013-05-02 14:15:50 825672 ----a-w- c:\windows\system32\Ddbaccpl.cpl
2013-05-01 23:19:48 54576 ----a-w- c:\windows\system32\FritzPort.dll
2013-05-01 23:19:48 54576 ----a-w- c:\windows\system32\FritzColorPort.dll
2013-05-01 23:19:48 451888 ----a-w- c:\windows\system32\HHActiveX.dll
2013-05-01 23:19:48 42288 ----a-w- c:\windows\system32\Fridru32.dll
2013-05-01 23:19:47 -------- d-----w- c:\users\hef01\appdata\roaming\FRITZ!fax für FRITZ!Box
2013-05-01 23:19:47 -------- d-----w- c:\programdata\ISDNWatch
2013-05-01 23:19:47 -------- d-----w- c:\program files\FRITZ!
2013-05-01 23:13:14 328704 ----a-w- c:\windows\IsUn0407.exe
2013-05-01 01:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
==================== Find3M ====================
.
2013-05-14 22:08:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 22:08:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-07 07:54:15 532208 ----a-w- c:\windows\system32\SynCOM.dll
2013-05-07 07:54:15 143088 ----a-w- c:\windows\system32\SynTPCo16.dll
2013-05-07 07:54:10 175856 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-05-07 07:54:09 355056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-05-02 00:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-23 04:54:00 3752744 ------w- c:\windows\system32\PWMCP32V.cpl
2013-04-23 04:54:00 2692904 ------w- c:\windows\PWMBTHLV.EXE
2013-04-23 04:54:00 25416 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2013-04-23 04:54:00 19712 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2013-04-21 10:03:07 105728 ----a-w- c:\windows\system32\drivers\avmaura.sys
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 05:28:24 1767424 ----a-w- c:\windows\system32\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-04 03:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-22 00:26:10 4082688 ----a-w- c:\windows\system32\qtintf70.dll
2013-03-19 17:06:54 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-10 17:11:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 17:11:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD75 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8381A000]<< >>UNKNOWN [0x8C200000]<< >>UNKNOWN [0x8C3E5000]<< >>UNKNOWN [0x83FA4000]<< >>UNKNOWN [0x83C2D000]<< >>UNKNOWN [0x8C41D000]<< >>UNKNOWN [0x8C0B5000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83850BC5] -> \Device\Harddisk0\DR0[0x89266A28]
\Driver\Disk[0x89264238] -> IRP_MJ_CREATE -> 0x8C20439F
3 [0x8C20459E] -> ntkrnlpa!IofCallDriver[0x83850BC5] -> [0x8732C950]
\Driver\ACPI[0x8657AE48] -> IRP_MJ_CREATE -> 0x83FAD4CC
5 [0x83FAD3D4] -> ntkrnlpa!IofCallDriver[0x83850BC5] -> \Device\Ide\IAAStorageDevice-1[0x87378028]
\Driver\iaStor[0x87319B00] -> IRP_MJ_CREATE -> 0x8C486F20
kernel: MBR read successfully
_asm { JMP 0x10; }
user & kernel MBR OK
error: Read Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:39:31,37 ===============

Still suffering from that crap.

Nobody able to help ??

Hi Benutzer, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.



Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg

Click the Start Scan button.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg

If a suspicious object is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Hello oldman960,
many thanks for your kind offer to help.
I did the download and scan, with no result on malicious stuff.

Here is the window of TDSSKiller I had at the end of the process and below the report.
10791

21:50:38.0500 14664 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:50:39.0129 14664 ============================================================
21:50:39.0129 14664 Current date / time: 2013/07/01 21:50:39.0129
21:50:39.0129 14664 SystemInfo:
21:50:39.0129 14664
21:50:39.0129 14664 OS Version: 6.1.7601 ServicePack: 1.0
21:50:39.0129 14664 Product type: Workstation
21:50:39.0130 14664 ComputerName: HEF01-THINK
21:50:39.0130 14664 UserName: HEF01
21:50:39.0130 14664 Windows directory: C:\Windows
21:50:39.0130 14664 System windows directory: C:\Windows
21:50:39.0130 14664 Processor architecture: Intel x86
21:50:39.0130 14664 Number of processors: 4
21:50:39.0130 14664 Page size: 0x1000
21:50:39.0130 14664 Boot type: Normal boot
21:50:39.0130 14664 ============================================================
21:50:40.0236 14664 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:50:40.0243 14664 ============================================================
21:50:40.0243 14664 \Device\Harddisk0\DR0:
21:50:40.0243 14664 MBR partitions:
21:50:40.0243 14664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x259AF1
21:50:40.0243 14664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x259B30, BlocksNum 0x55F694D0
21:50:40.0243 14664 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x561C3000, BlocksNum 0x13836F0
21:50:40.0243 14664 ============================================================
21:50:40.0265 14664 C: <-> \Device\Harddisk0\DR0\Partition2
21:50:40.0331 14664 D: <-> \Device\Harddisk0\DR0\Partition3
21:50:40.0513 14664 ============================================================
21:50:40.0513 14664 Initialize success
21:50:40.0513 14664 ============================================================
21:52:17.0155 6752 ============================================================
21:52:17.0155 6752 Scan started
21:52:17.0155 6752 Mode: Manual; SigCheck; TDLFS;
21:52:17.0155 6752 ============================================================
21:52:19.0650 6752 ================ Scan services =============================
21:52:19.0835 6752 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:52:19.0991 6752 1394ohci - ok
21:52:20.0047 6752 [ 400E37A671FFC7FF3E713B72C4E23D3F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
21:52:20.0140 6752 5U877 - ok
21:52:20.0175 6752 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:52:20.0209 6752 ACPI - ok
21:52:20.0242 6752 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:52:20.0331 6752 AcpiPmi - ok
21:52:20.0430 6752 [ 6C4B9E202A497782070CE383CBD5D737 ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
21:52:20.0455 6752 AcPrfMgrSvc - ok
21:52:20.0489 6752 [ B3BF04C7E3E4FB0925BB4F8422763A3D ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
21:52:20.0537 6752 AcSvc - ok
21:52:20.0651 6752 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:52:20.0674 6752 AdobeARMservice - ok
21:52:20.0784 6752 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:52:20.0813 6752 AdobeFlashPlayerUpdateSvc - ok
21:52:20.0869 6752 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:52:20.0983 6752 adp94xx - ok
21:52:21.0015 6752 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:52:21.0068 6752 adpahci - ok
21:52:21.0083 6752 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:52:21.0123 6752 adpu320 - ok
21:52:21.0151 6752 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:52:21.0263 6752 AeLookupSvc - ok
21:52:21.0360 6752 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:52:21.0461 6752 AFD - ok
21:52:21.0525 6752 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:52:21.0560 6752 agp440 - ok
21:52:21.0580 6752 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:52:21.0638 6752 aic78xx - ok
21:52:21.0669 6752 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:52:21.0740 6752 ALG - ok
21:52:21.0750 6752 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:52:21.0780 6752 aliide - ok
21:52:21.0957 6752 [ 8AD87BCFE33EC53BC477C7573CCA4D52 ] AllShare Framework DMS C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe
21:52:21.0987 6752 AllShare Framework DMS - ok
21:52:22.0029 6752 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:52:22.0062 6752 amdagp - ok
21:52:22.0073 6752 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:52:22.0103 6752 amdide - ok
21:52:22.0120 6752 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:52:22.0191 6752 AmdK8 - ok
21:52:22.0238 6752 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:52:22.0275 6752 AmdPPM - ok
21:52:22.0331 6752 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:52:22.0365 6752 amdsata - ok
21:52:22.0407 6752 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:52:22.0444 6752 amdsbs - ok
21:52:22.0460 6752 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:52:22.0494 6752 amdxata - ok
21:52:22.0543 6752 [ BFBC089F347B3935350D37053483AA64 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
21:52:22.0626 6752 AMPPAL - ok
21:52:22.0684 6752 [ BFBC089F347B3935350D37053483AA64 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
21:52:22.0709 6752 AMPPALP - ok
21:52:22.0813 6752 [ 7C98E014AAE992088F7C22B2024191DD ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
21:52:22.0911 6752 AMPPALR3 - ok
21:52:23.0000 6752 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:52:23.0034 6752 AntiVirSchedulerService - ok
21:52:23.0082 6752 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:52:23.0103 6752 AntiVirService - ok
21:52:23.0145 6752 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:52:23.0315 6752 AppID - ok
21:52:23.0386 6752 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:52:23.0499 6752 AppIDSvc - ok
21:52:23.0549 6752 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
21:52:23.0645 6752 Appinfo - ok
21:52:23.0668 6752 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
21:52:23.0775 6752 AppMgmt - ok
21:52:23.0800 6752 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:52:23.0835 6752 arc - ok
21:52:23.0853 6752 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:52:23.0890 6752 arcsas - ok
21:52:23.0905 6752 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:52:24.0071 6752 AsyncMac - ok
21:52:24.0127 6752 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:52:24.0158 6752 atapi - ok
21:52:24.0209 6752 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:52:24.0302 6752 AudioEndpointBuilder - ok
21:52:24.0358 6752 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:52:24.0418 6752 Audiosrv - ok
21:52:24.0474 6752 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:52:24.0507 6752 avgntflt - ok
21:52:24.0564 6752 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:52:24.0603 6752 avipbb - ok
21:52:24.0657 6752 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:52:24.0687 6752 avkmgr - ok
21:52:24.0732 6752 [ D4920FA1E0DC90FF97D970971410EE64 ] avmaura C:\Windows\system32\DRIVERS\avmaura.sys
21:52:24.0795 6752 avmaura - ok
21:52:24.0860 6752 [ 2A37D2DD959166531F7172CD1DE21964 ] avmike C:\Program Files\FRITZ!Fernzugang\avmike.exe
21:52:24.0884 6752 avmike - ok
21:52:24.0971 6752 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
21:52:24.0991 6752 AxAutoMntSrv - ok
21:52:25.0039 6752 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:52:25.0133 6752 AxInstSV - ok
21:52:25.0203 6752 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:52:25.0310 6752 b06bdrv - ok
21:52:25.0330 6752 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:52:25.0395 6752 b57nd60x - ok
21:52:25.0458 6752 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:52:25.0607 6752 BDESVC - ok
21:52:25.0654 6752 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:52:25.0754 6752 Beep - ok
21:52:25.0814 6752 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:52:25.0900 6752 BFE - ok
21:52:25.0948 6752 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:52:26.0049 6752 BITS - ok
21:52:26.0124 6752 [ 66F655B08EED3230E059D197C8A1969B ] bizVSerial C:\Windows\system32\drivers\bizVSerialNT.sys
21:52:26.0144 6752 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
21:52:26.0144 6752 bizVSerial - detected UnsignedFile.Multi.Generic (1)
21:52:26.0159 6752 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:52:26.0222 6752 blbdrive - ok
21:52:26.0278 6752 [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad C:\Windows\system32\drivers\BMLoad.sys
21:52:26.0301 6752 BMLoad ( UnsignedFile.Multi.Generic ) - warning
21:52:26.0301 6752 BMLoad - detected UnsignedFile.Multi.Generic (1)
21:52:26.0347 6752 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:52:26.0442 6752 bowser - ok
21:52:26.0448 6752 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:52:26.0543 6752 BrFiltLo - ok
21:52:26.0598 6752 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:52:26.0635 6752 BrFiltUp - ok
21:52:26.0680 6752 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:52:26.0793 6752 Browser - ok
21:52:26.0841 6752 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:52:26.0944 6752 Brserid - ok
21:52:26.0962 6752 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:52:27.0009 6752 BrSerWdm - ok
21:52:27.0025 6752 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:52:27.0070 6752 BrUsbMdm - ok
21:52:27.0077 6752 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:52:27.0127 6752 BrUsbSer - ok
21:52:27.0177 6752 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:52:27.0370 6752 BthEnum - ok
21:52:27.0391 6752 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:52:27.0429 6752 BTHMODEM - ok
21:52:27.0463 6752 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:52:27.0501 6752 BthPan - ok
21:52:27.0545 6752 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:52:27.0637 6752 BTHPORT - ok
21:52:27.0671 6752 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:52:27.0744 6752 bthserv - ok
21:52:27.0788 6752 [ 79EBA8852D377115E725D241545F3576 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
21:52:27.0819 6752 BTHSSecurityMgr - ok
21:52:27.0831 6752 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:52:27.0874 6752 BTHUSB - ok
21:52:27.0917 6752 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
21:52:27.0946 6752 btusbflt - ok
21:52:27.0980 6752 [ F8B4F60768328FAA2FFE2727F66809F8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:52:28.0012 6752 btwaudio - ok
21:52:28.0041 6752 [ FA7446DD38DE84D4988D1F2EBB854589 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:52:28.0080 6752 btwavdt - ok
21:52:28.0157 6752 [ 5C24AEC670B9CCE7F2AF6DE74677CEB4 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
21:52:28.0233 6752 btwdins - ok
21:52:28.0254 6752 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:52:28.0277 6752 btwl2cap - ok
21:52:28.0291 6752 [ D5862FBC1CBC0404614FD9D85C8D880E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:52:28.0317 6752 btwrchid - ok
21:52:28.0340 6752 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:52:28.0419 6752 cdfs - ok
21:52:28.0470 6752 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:52:28.0575 6752 cdrom - ok
21:52:28.0615 6752 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:52:28.0676 6752 CertPropSvc - ok
21:52:28.0735 6752 [ 17DEE799B508DCF61A3B60DBE1CBAABB ] certsrv C:\Program Files\FRITZ!Fernzugang\certsrv.exe
21:52:28.0753 6752 certsrv - ok
21:52:28.0761 6752 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:52:28.0804 6752 circlass - ok
21:52:28.0867 6752 [ BDF4915D53BDEF80738A30AC3F7CDC76 ] cjpcsc C:\Windows\system32\cjpcsc.exe
21:52:28.0901 6752 cjpcsc - ok
21:52:28.0929 6752 [ 997CBCE9E5DCFD9216452F609AE74B18 ] cjusb C:\Windows\system32\DRIVERS\cjusb.sys
21:52:28.0953 6752 cjusb - ok
21:52:28.0981 6752 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:52:29.0013 6752 CLFS - ok
21:52:29.0058 6752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:29.0098 6752 clr_optimization_v2.0.50727_32 - ok
21:52:29.0153 6752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:52:29.0186 6752 clr_optimization_v4.0.30319_32 - ok
21:52:29.0210 6752 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:52:29.0241 6752 CmBatt - ok
21:52:29.0254 6752 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:52:29.0284 6752 cmdide - ok
21:52:29.0330 6752 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
21:52:29.0400 6752 CNG - ok
21:52:29.0464 6752 [ 2FE437862D0CAA879B3C01EF353EDDA7 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:52:29.0543 6752 CnxtHdAudService - ok
21:52:29.0563 6752 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:52:29.0594 6752 Compbatt - ok
21:52:29.0640 6752 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:52:29.0686 6752 CompositeBus - ok
21:52:29.0707 6752 COMSysApp - ok
21:52:29.0727 6752 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:52:29.0766 6752 crcdisk - ok
21:52:29.0807 6752 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:52:29.0891 6752 CryptSvc - ok
21:52:29.0931 6752 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
21:52:30.0052 6752 CSC - ok
21:52:30.0093 6752 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
21:52:30.0135 6752 CscService - ok
21:52:30.0155 6752 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:52:30.0232 6752 DcomLaunch - ok
21:52:30.0253 6752 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:52:30.0323 6752 defragsvc - ok
21:52:30.0363 6752 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:52:30.0434 6752 DfsC - ok
21:52:30.0491 6752 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:52:30.0583 6752 Dhcp - ok
21:52:30.0616 6752 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:52:30.0684 6752 discache - ok
21:52:30.0699 6752 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:52:30.0734 6752 Disk - ok
21:52:30.0772 6752 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:52:30.0857 6752 Dnscache - ok
21:52:30.0895 6752 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:52:30.0988 6752 dot3svc - ok
21:52:31.0042 6752 [ 3C2FEC38D9D825C69C29FE5EB7339CB5 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
21:52:31.0069 6752 DozeHDD - ok
21:52:31.0129 6752 [ A318DF063DF2BC2C5F81644997068631 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
21:52:31.0175 6752 DozeSvc - ok
21:52:31.0213 6752 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:52:31.0285 6752 DPS - ok
21:52:31.0307 6752 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:52:31.0352 6752 drmkaud - ok
21:52:31.0397 6752 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:52:31.0487 6752 DXGKrnl - ok
21:52:31.0533 6752 [ BBE75ED2A421A637C783ED5962E36C7A ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
21:52:31.0566 6752 e1kexpress - ok
21:52:31.0601 6752 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:52:31.0669 6752 EapHost - ok
21:52:31.0791 6752 [ 98CB51EC5384635EA6B303D5648EEF1F ] EaseUS Agent C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
21:52:31.0841 6752 EaseUS Agent - ok
21:52:31.0931 6752 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:52:32.0119 6752 ebdrv - ok
21:52:32.0157 6752 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:52:32.0245 6752 EFS - ok
21:52:32.0312 6752 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:52:32.0482 6752 ehRecvr - ok
21:52:32.0499 6752 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:52:32.0564 6752 ehSched - ok
21:52:32.0587 6752 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:52:32.0652 6752 elxstor - ok
21:52:32.0694 6752 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:52:32.0729 6752 ErrDev - ok
21:52:32.0774 6752 [ 22FDB5D0073C0D9FA76AD2C6BB690168 ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys
21:52:32.0804 6752 EUBAKUP - ok
21:52:32.0840 6752 [ 5EB44A9E55A729A73F7C736F340B8441 ] EUBKMON C:\Windows\system32\drivers\EUBKMON.sys
21:52:32.0865 6752 EUBKMON - ok
21:52:32.0888 6752 [ 01E0F73657216A1014B72A5CCB8B06F0 ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys
21:52:32.0913 6752 EUDSKACS - ok
21:52:32.0940 6752 [ B5C2C3CC10A886A612479C96A80B95CD ] EUFDDISK C:\Windows\system32\drivers\EuFdDisk.sys
21:52:32.0976 6752 EUFDDISK - ok
21:52:33.0015 6752 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:52:33.0086 6752 EventSystem - ok
21:52:33.0158 6752 [ BA0438030506CD093286A5DF7D1385A5 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:52:33.0250 6752 EvtEng - ok
21:52:33.0300 6752 [ B0B03560D4DB067B60789FC385762510 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
21:52:33.0388 6752 ewusbnet - ok
21:52:33.0439 6752 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:52:33.0522 6752 ew_hwusbdev - ok
21:52:33.0541 6752 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:52:33.0623 6752 exfat - ok
21:52:33.0643 6752 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:52:33.0734 6752 fastfat - ok
21:52:33.0777 6752 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:52:33.0869 6752 Fax - ok
21:52:33.0887 6752 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:52:33.0920 6752 fdc - ok
21:52:33.0939 6752 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:52:34.0018 6752 fdPHost - ok
21:52:34.0036 6752 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:52:34.0110 6752 FDResPub - ok
21:52:34.0127 6752 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:52:34.0160 6752 FileInfo - ok
21:52:34.0171 6752 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:52:34.0259 6752 Filetrace - ok
21:52:34.0324 6752 FirebirdGuardianDefaultInstance - ok
21:52:34.0329 6752 FirebirdServerDefaultInstance - ok
21:52:34.0347 6752 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:52:34.0391 6752 flpydisk - ok
21:52:34.0430 6752 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:52:34.0461 6752 FltMgr - ok
21:52:34.0514 6752 [ 39C78996EBC9580A0173A12A015258A2 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
21:52:34.0570 6752 FLxHCIc - ok
21:52:34.0630 6752 [ D2CB1DCF5D10074E801AAE1A10DBB37B ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
21:52:34.0689 6752 FLxHCIh - ok
21:52:34.0728 6752 [ 784FFBA7EE5C5F3A396407E4712F72F0 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
21:52:34.0746 6752 FNETURPX ( UnsignedFile.Multi.Generic ) - warning
21:52:34.0746 6752 FNETURPX - detected UnsignedFile.Multi.Generic (1)
21:52:34.0801 6752 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
21:52:34.0922 6752 FontCache - ok
21:52:34.0968 6752 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:52:35.0020 6752 FontCache3.0.0.0 - ok
21:52:35.0042 6752 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:52:35.0081 6752 FsDepends - ok
21:52:35.0130 6752 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:52:35.0173 6752 fssfltr - ok
21:52:35.0279 6752 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:52:35.0415 6752 fsssvc - ok
21:52:35.0457 6752 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:52:35.0489 6752 Fs_Rec - ok
21:52:35.0528 6752 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:52:35.0564 6752 fvevol - ok
21:52:35.0591 6752 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:52:35.0624 6752 gagp30kx - ok
21:52:35.0668 6752 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:52:35.0749 6752 gpsvc - ok
21:52:35.0781 6752 [ 2FC26B450D640F72E59F43DF1D48F439 ] Guard Agent C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
21:52:35.0857 6752 Guard Agent - ok
21:52:35.0927 6752 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:52:35.0950 6752 gupdate - ok
21:52:35.0978 6752 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:52:35.0998 6752 gupdatem - ok
21:52:36.0051 6752 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:52:36.0088 6752 gusvc - ok
21:52:36.0102 6752 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:52:36.0203 6752 hcw85cir - ok
21:52:36.0248 6752 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:52:36.0312 6752 HdAudAddService - ok
21:52:36.0340 6752 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:52:36.0396 6752 HDAudBus - ok
21:52:36.0415 6752 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
21:52:36.0473 6752 HECI - ok
21:52:36.0611 6752 [ 8D5012A70F02C30434FDFB6A2E248ADA ] HI-epanel-Reporting-Service C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe
21:52:36.0860 6752 HI-epanel-Reporting-Service - ok
21:52:36.0905 6752 [ 1036C3EB8810E3E371ED5B1B376F8867 ] HI-epanel-Update-Service C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe
21:52:37.0014 6752 HI-epanel-Update-Service - ok
21:52:37.0140 6752 [ 9C457B83495827F883BCE1479D77AC12 ] HI-epanelLSPService C:\Program Files\HI-epanelLSPService\HI-epanelLSPService.exe
21:52:37.0304 6752 HI-epanelLSPService - ok
21:52:37.0321 6752 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:52:37.0366 6752 HidBatt - ok
21:52:37.0389 6752 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:52:37.0444 6752 HidBth - ok
21:52:37.0469 6752 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:52:37.0520 6752 HidIr - ok
21:52:37.0548 6752 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:52:37.0633 6752 hidserv - ok
21:52:38.0706 6752 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:52:38.0789 6752 HidUsb - ok
21:52:38.0854 6752 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:52:38.0927 6752 hkmsvc - ok
21:52:38.0963 6752 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:52:39.0081 6752 HomeGroupListener - ok
21:52:39.0136 6752 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:52:39.0209 6752 HomeGroupProvider - ok
21:52:39.0256 6752 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:52:39.0292 6752 HpSAMD - ok
21:52:39.0329 6752 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
21:52:39.0421 6752 HsfXAudioService - ok
21:52:39.0469 6752 [ CAAA4433360FD337CF68A1B0719F9CC1 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:52:39.0564 6752 HSF_DPV - ok
21:52:39.0583 6752 [ CB049FA2CE718F7468BE50F3D7192370 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:52:39.0636 6752 HSXHWAZL - ok
21:52:39.0686 6752 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:52:39.0794 6752 HTTP - ok
21:52:39.0831 6752 [ 00B363D211909FB85BC6300A3214AC03 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:52:39.0959 6752 huawei_enumerator - ok
21:52:39.0991 6752 [ 1C09309A3D793C57EF87AC60C6BBD739 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:52:40.0092 6752 hwdatacard - ok
21:52:40.0129 6752 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:52:40.0153 6752 hwpolicy - ok
21:52:40.0225 6752 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:52:40.0296 6752 i8042prt - ok
21:52:40.0391 6752 [ 287FD6BE9A9938F103789CE0267B7980 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:52:40.0425 6752 iaStor - ok
21:52:40.0543 6752 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:52:40.0695 6752 iaStorV - ok
21:52:40.0735 6752 [ D5FBD39C4ABEB8999C654E7B2DE36EDD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:52:40.0875 6752 IBMPMDRV - ok
21:52:40.0903 6752 [ A6CC6D80CC88721B3A3D47309D370886 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
21:52:40.0996 6752 IBMPMSVC - ok
21:52:41.0102 6752 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:52:41.0367 6752 idsvc - ok
21:52:41.0568 6752 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:52:41.0919 6752 igfx - ok
21:52:41.0943 6752 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:52:41.0976 6752 iirsp - ok
21:52:42.0035 6752 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:52:42.0120 6752 IKEEXT - ok
21:52:42.0168 6752 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:52:42.0231 6752 Impcd - ok
21:52:42.0268 6752 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:52:42.0297 6752 intelide - ok
21:52:42.0342 6752 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:52:42.0387 6752 intelppm - ok
21:52:42.0418 6752 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:52:42.0514 6752 IPBusEnum - ok
21:52:42.0533 6752 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:52:42.0612 6752 IpFilterDriver - ok
21:52:42.0748 6752 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:52:42.0832 6752 iphlpsvc - ok
21:52:42.0869 6752 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:52:42.0921 6752 IPMIDRV - ok
21:52:42.0940 6752 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:52:43.0044 6752 IPNAT - ok
21:52:43.0066 6752 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:52:43.0133 6752 IRENUM - ok
21:52:43.0177 6752 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:52:43.0211 6752 isapnp - ok
21:52:43.0282 6752 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:52:43.0373 6752 iScsiPrt - ok
21:52:43.0413 6752 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:52:43.0435 6752 IviRegMgr - ok
21:52:43.0455 6752 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:52:43.0489 6752 kbdclass - ok
21:52:43.0531 6752 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:52:43.0573 6752 kbdhid - ok
21:52:43.0582 6752 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:52:43.0611 6752 KeyIso - ok
21:52:43.0657 6752 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:52:43.0682 6752 KSecDD - ok
21:52:43.0714 6752 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:52:43.0758 6752 KSecPkg - ok
21:52:43.0883 6752 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:52:43.0997 6752 KtmRm - ok
21:52:44.0054 6752 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:52:44.0147 6752 LanmanServer - ok
21:52:44.0170 6752 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:52:44.0251 6752 LanmanWorkstation - ok
21:52:44.0378 6752 [ 4FA5CC9894985D5FBDE54274A845658C ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
21:52:44.0409 6752 LENOVO.CAMMUTE - ok
21:52:44.0490 6752 [ 7CFE36AF06E9C0984021796EDC8AC207 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
21:52:44.0529 6752 LENOVO.MICMUTE - ok
21:52:44.0549 6752 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
21:52:44.0578 6752 lenovo.smi - ok
21:52:44.0648 6752 [ 4CBD2A666168C4A9A4EB0797A2E29BFD ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
21:52:44.0682 6752 LENOVO.TPKNRSVC - ok
21:52:44.0751 6752 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:52:44.0795 6752 Lenovo.VIRTSCRLSVC - ok
21:52:44.0850 6752 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:52:44.0942 6752 lltdio - ok
21:52:44.0970 6752 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:52:45.0066 6752 lltdsvc - ok
21:52:45.0078 6752 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:52:45.0143 6752 lmhosts - ok
21:52:45.0270 6752 [ 25884CA77F8D926B69167BC231D3726E ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:52:45.0301 6752 LMS - ok
21:52:45.0331 6752 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:52:45.0376 6752 LSI_FC - ok
21:52:45.0404 6752 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:52:45.0441 6752 LSI_SAS - ok
21:52:45.0478 6752 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:52:45.0515 6752 LSI_SAS2 - ok
21:52:45.0546 6752 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:52:45.0584 6752 LSI_SCSI - ok
21:52:45.0602 6752 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:52:45.0681 6752 luafv - ok
21:52:45.0739 6752 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
21:52:45.0786 6752 massfilter - ok
21:52:45.0850 6752 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
21:52:45.0887 6752 MatSvc - ok
21:52:45.0918 6752 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:52:45.0952 6752 MBAMProtector - ok
21:52:46.0115 6752 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:52:46.0166 6752 MBAMScheduler - ok
21:52:46.0209 6752 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:52:46.0282 6752 MBAMService - ok
21:52:46.0327 6752 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:52:46.0367 6752 Mcx2Svc - ok
21:52:46.0411 6752 [ A027DE1E6C11BD2DAF61F6F276B2299F ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:52:46.0437 6752 mdmxsdk - ok
21:52:46.0464 6752 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:52:46.0503 6752 megasas - ok
21:52:46.0550 6752 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:52:46.0601 6752 MegaSR - ok
21:52:46.0650 6752 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:52:46.0725 6752 MMCSS - ok
21:52:46.0750 6752 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:52:46.0829 6752 Modem - ok
21:52:46.0878 6752 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:52:46.0938 6752 monitor - ok
21:52:46.0953 6752 motandroidusb - ok
21:52:46.0975 6752 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:52:47.0010 6752 mouclass - ok
21:52:47.0032 6752 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:52:47.0072 6752 mouhid - ok
21:52:47.0107 6752 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:52:47.0145 6752 mountmgr - ok
21:52:47.0193 6752 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:52:47.0230 6752 MozillaMaintenance - ok
21:52:47.0255 6752 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:52:47.0295 6752 mpio - ok
21:52:47.0327 6752 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:52:47.0403 6752 mpsdrv - ok
21:52:47.0545 6752 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:52:47.0622 6752 MpsSvc - ok
21:52:47.0664 6752 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:52:47.0708 6752 MRxDAV - ok
21:52:47.0752 6752 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:52:47.0818 6752 mrxsmb - ok
21:52:47.0855 6752 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:52:47.0911 6752 mrxsmb10 - ok
21:52:47.0924 6752 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:52:47.0969 6752 mrxsmb20 - ok
21:52:48.0009 6752 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:52:48.0041 6752 msahci - ok
21:52:48.0091 6752 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:52:48.0129 6752 msdsm - ok
21:52:48.0143 6752 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:52:48.0199 6752 MSDTC - ok
21:52:48.0230 6752 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:52:48.0295 6752 Msfs - ok
21:52:48.0311 6752 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:52:48.0383 6752 mshidkmdf - ok
21:52:48.0401 6752 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:52:48.0430 6752 msisadrv - ok
21:52:48.0459 6752 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:52:48.0532 6752 MSiSCSI - ok
21:52:48.0544 6752 msiserver - ok
21:52:48.0564 6752 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:52:48.0625 6752 MSKSSRV - ok
21:52:48.0634 6752 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:52:48.0703 6752 MSPCLOCK - ok
21:52:48.0709 6752 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:52:48.0778 6752 MSPQM - ok
21:52:48.0797 6752 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:52:48.0825 6752 MsRPC - ok
21:52:48.0866 6752 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:52:48.0897 6752 mssmbios - ok
21:52:48.0903 6752 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:52:48.0966 6752 MSTEE - ok
21:52:48.0973 6752 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:52:49.0006 6752 MTConfig - ok
21:52:49.0021 6752 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:52:49.0046 6752 Mup - ok
21:52:49.0089 6752 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:52:49.0153 6752 napagent - ok
21:52:49.0181 6752 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:52:49.0220 6752 NativeWifiP - ok
21:52:49.0268 6752 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:52:49.0320 6752 NDIS - ok
21:52:49.0342 6752 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:52:49.0414 6752 NdisCap - ok
21:52:49.0481 6752 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:52:49.0547 6752 NdisTapi - ok
21:52:49.0582 6752 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:52:49.0644 6752 Ndisuio - ok
21:52:49.0681 6752 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:52:49.0757 6752 NdisWan - ok
21:52:49.0790 6752 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:52:49.0855 6752 NDProxy - ok
21:52:49.0874 6752 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:52:49.0947 6752 NetBIOS - ok
21:52:49.0982 6752 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:52:50.0080 6752 NetBT - ok
21:52:50.0099 6752 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:52:50.0127 6752 Netlogon - ok
21:52:50.0161 6752 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:52:50.0243 6752 Netman - ok
21:52:50.0261 6752 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:52:50.0339 6752 netprofm - ok
21:52:50.0381 6752 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:52:50.0418 6752 NetTcpPortSharing - ok
21:52:50.0548 6752 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
21:52:50.0834 6752 NETw5s32 - ok
21:52:50.0951 6752 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
21:52:51.0151 6752 netw5v32 - ok
21:52:51.0367 6752 [ 64177D4E118C93585F1F20D90A294291 ] NETwNs32 C:\Windows\system32\DRIVERS\Netwsn00.sys
21:52:51.0777 6752 NETwNs32 - ok
21:52:51.0796 6752 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:52:51.0828 6752 nfrd960 - ok
21:52:51.0867 6752 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:52:51.0906 6752 NlaSvc - ok
21:52:51.0964 6752 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
21:52:51.0993 6752 NPF - ok
21:52:52.0008 6752 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:52:52.0073 6752 Npfs - ok
21:52:52.0092 6752 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:52:52.0153 6752 nsi - ok
21:52:52.0172 6752 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:52:52.0243 6752 nsiproxy - ok
21:52:52.0302 6752 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:52:52.0413 6752 Ntfs - ok
21:52:52.0428 6752 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:52:52.0503 6752 Null - ok
21:52:52.0583 6752 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:52:52.0623 6752 NVHDA - ok
21:52:52.0825 6752 [ 1CCE9097830775F447DD78BD1B35FC8E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:52:53.0313 6752 nvlddmkm - ok
21:52:53.0339 6752 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:52:53.0377 6752 nvraid - ok
21:52:53.0412 6752 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:52:53.0451 6752 nvstor - ok
21:52:53.0507 6752 [ 0136C91BBD22751D79940E62AC95195F ] nvsvc C:\Windows\system32\nvvsvc.exe
21:52:53.0561 6752 nvsvc - ok
21:52:53.0616 6752 [ 7A627EAEEEDDFEA0F0850AC49935E32F ] NvtlService C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
21:52:53.0644 6752 NvtlService ( UnsignedFile.Multi.Generic ) - warning
21:52:53.0645 6752 NvtlService - detected UnsignedFile.Multi.Generic (1)
21:52:53.0685 6752 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:52:53.0721 6752 nv_agp - ok
21:52:53.0775 6752 [ 1DB56FB91B2F7E5A236CA41018C749B4 ] NWIM C:\Windows\system32\DRIVERS\avmnwim.sys
21:52:53.0809 6752 NWIM - ok
21:52:53.0874 6752 [ 7B07F7DF3173B510DC917D60FF90287A ] nwtsrv C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
21:52:53.0895 6752 nwtsrv - ok
21:52:53.0929 6752 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:52:53.0973 6752 ohci1394 - ok
21:52:54.0028 6752 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:52:54.0106 6752 p2pimsvc - ok
21:52:54.0121 6752 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:52:54.0177 6752 p2psvc - ok
21:52:54.0202 6752 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:52:54.0246 6752 Parport - ok
21:52:54.0288 6752 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:52:54.0324 6752 partmgr - ok
21:52:54.0339 6752 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:52:54.0391 6752 Parvdm - ok
21:52:54.0411 6752 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:52:54.0452 6752 PcaSvc - ok
21:52:54.0535 6752 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{3037D694-FD904ACA-06020200}_0 c:\program files\pc-doctor\pcdsrvc.pkms
21:52:54.0597 6752 PCDSRVC{3037D694-FD904ACA-06020200}_0 - ok
21:52:54.0636 6752 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:52:54.0665 6752 pci - ok
21:52:54.0700 6752 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:52:54.0730 6752 pciide - ok
21:52:54.0744 6752 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:52:54.0788 6752 pcmcia - ok
21:52:54.0799 6752 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:52:54.0832 6752 pcw - ok
21:52:54.0857 6752 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:52:54.0961 6752 PEAUTH - ok
21:52:54.0994 6752 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:52:55.0114 6752 PeerDistSvc - ok
21:52:55.0209 6752 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:52:55.0401 6752 pla - ok
21:52:55.0441 6752 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:52:55.0512 6752 PlugPlay - ok
21:52:55.0526 6752 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:52:55.0573 6752 PNRPAutoReg - ok
21:52:55.0596 6752 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:52:55.0629 6752 PNRPsvc - ok
21:52:55.0651 6752 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:52:55.0717 6752 PolicyAgent - ok
21:52:55.0763 6752 [ AC42F771CC29727BD1663F211E9AC507 ] Power C:\Windows\system32\umpo.dll
21:52:55.0817 6752 Power - ok
21:52:55.0925 6752 [ 3B16225148411403003BE4053CA2B463 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
21:52:56.0067 6752 Power Manager DBC Service - ok
21:52:56.0096 6752 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:52:56.0166 6752 PptpMiniport - ok
21:52:56.0190 6752 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:52:56.0234 6752 Processor - ok
21:52:56.0280 6752 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:52:56.0354 6752 ProfSvc - ok
21:52:56.0366 6752 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:52:56.0404 6752 ProtectedStorage - ok
21:52:56.0436 6752 [ 80DDC44934305224AEBFC37A264803C2 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
21:52:56.0463 6752 psadd - ok
21:52:56.0489 6752 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:52:56.0550 6752 Psched - ok
21:52:56.0609 6752 [ EAE5215A662EB1EF367717C434F452AD ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
21:52:56.0760 6752 PwmEWSvc - ok
21:52:56.0812 6752 [ 34A8537519C22AE23E0D2041B47B577D ] qcfilterlno2k C:\Windows\system32\DRIVERS\qcfilterlno2k.sys
21:52:56.0864 6752 qcfilterlno2k - ok
21:52:56.0928 6752 [ 65F798F08BC72C86D88FD2C02CFEFCC9 ] qcusbnetlno2k C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys
21:52:56.0987 6752 qcusbnetlno2k - ok
21:52:57.0005 6752 [ 4880521E79BA4C18013BC2F2331AF2FF ] qcusbserlno2k C:\Windows\system32\DRIVERS\qcusbserlno2k.sys
21:52:57.0060 6752 qcusbserlno2k - ok
21:52:57.0157 6752 [ D36BFE02494BC70707EEFCDC18FB16C7 ] QDLService2kLenovo C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
21:52:57.0301 6752 QDLService2kLenovo - ok
21:52:57.0343 6752 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:52:57.0454 6752 ql2300 - ok
21:52:57.0475 6752 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:52:57.0512 6752 ql40xx - ok
21:52:57.0535 6752 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:52:57.0606 6752 QWAVE - ok
21:52:57.0623 6752 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:52:57.0665 6752 QWAVEdrv - ok
21:52:57.0720 6752 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
21:52:57.0748 6752 RapiMgr - ok
21:52:57.0758 6752 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:52:57.0823 6752 RasAcd - ok
21:52:57.0849 6752 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:52:57.0919 6752 RasAgileVpn - ok
21:52:57.0939 6752 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:52:58.0019 6752 RasAuto - ok
21:52:58.0035 6752 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:52:58.0112 6752 Rasl2tp - ok
21:52:58.0163 6752 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:52:58.0237 6752 RasMan - ok
21:52:58.0252 6752 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:52:58.0318 6752 RasPppoe - ok
21:52:58.0336 6752 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:52:58.0401 6752 RasSstp - ok
21:52:58.0441 6752 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:52:58.0509 6752 rdbss - ok
21:52:58.0524 6752 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:52:58.0571 6752 rdpbus - ok
21:52:58.0606 6752 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:52:58.0675 6752 RDPCDD - ok
21:52:58.0699 6752 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:52:58.0807 6752 RDPDR - ok
21:52:58.0830 6752 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:52:58.0887 6752 RDPENCDD - ok
21:52:58.0906 6752 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:52:58.0971 6752 RDPREFMP - ok
21:52:59.0033 6752 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:52:59.0081 6752 RdpVideoMiniport - ok
21:52:59.0125 6752 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:52:59.0218 6752 RDPWD - ok
21:52:59.0276 6752 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:52:59.0319 6752 rdyboost - ok
21:52:59.0346 6752 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
21:52:59.0367 6752 regi - ok
21:52:59.0405 6752 [ 64CA2D28CA1AAFE1DCAEFD96A6D5174B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:52:59.0425 6752 RegSrvc - ok
21:52:59.0446 6752 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:52:59.0520 6752 RemoteAccess - ok
21:52:59.0544 6752 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:52:59.0610 6752 RemoteRegistry - ok
21:52:59.0636 6752 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:52:59.0690 6752 RFCOMM - ok
21:52:59.0721 6752 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
21:52:59.0775 6752 rimspci - ok
21:52:59.0822 6752 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
21:52:59.0877 6752 rpcapd - ok
21:52:59.0900 6752 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:52:59.0977 6752 RpcEptMapper - ok
21:52:59.0995 6752 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:53:00.0033 6752 RpcLocator - ok
21:53:00.0072 6752 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:53:00.0133 6752 RpcSs - ok
21:53:00.0161 6752 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:53:00.0248 6752 rspndr - ok
21:53:00.0281 6752 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:53:00.0332 6752 s3cap - ok
21:53:00.0341 6752 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:53:00.0364 6752 SamSs - ok
21:53:00.0406 6752 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:53:00.0440 6752 sbp2port - ok
21:53:00.0456 6752 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:53:00.0524 6752 SCardSvr - ok
21:53:00.0534 6752 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:53:00.0595 6752 scfilter - ok
21:53:00.0644 6752 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:53:00.0789 6752 Schedule - ok
21:53:00.0823 6752 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:53:00.0876 6752 SCPolicySvc - ok
21:53:00.0924 6752 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:53:00.0970 6752 sdbus - ok
21:53:01.0008 6752 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:53:01.0078 6752 SDRSVC - ok
21:53:01.0189 6752 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
21:53:01.0370 6752 SDScannerService - ok
21:53:01.0416 6752 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:53:01.0518 6752 SDUpdateService - ok
21:53:01.0532 6752 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:53:01.0558 6752 SDWSCService - ok

21:53:01.0577 6752 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:53:01.0639 6752 secdrv - ok
21:53:01.0662 6752 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:53:01.0731 6752 seclogon - ok
21:53:01.0746 6752 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:53:01.0811 6752 SENS - ok
21:53:01.0823 6752 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:53:01.0870 6752 SensrSvc - ok
21:53:01.0886 6752 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:53:01.0932 6752 Serenum - ok
21:53:01.0952 6752 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:53:02.0000 6752 Serial - ok
21:53:02.0035 6752 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:53:02.0079 6752 sermouse - ok
21:53:02.0124 6752 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:53:02.0193 6752 SessionEnv - ok
21:53:02.0225 6752 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:53:02.0269 6752 sffdisk - ok
21:53:02.0290 6752 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:53:02.0332 6752 sffp_mmc - ok
21:53:02.0347 6752 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:53:02.0381 6752 sffp_sd - ok
21:53:02.0393 6752 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:53:02.0435 6752 sfloppy - ok
21:53:02.0470 6752 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:53:02.0563 6752 SharedAccess - ok
21:53:02.0582 6752 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:53:02.0650 6752 ShellHWDetection - ok
21:53:02.0684 6752 [ DA9E304518531DE07E56507DF91BAABC ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
21:53:02.0724 6752 Shockprf - ok
21:53:02.0762 6752 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:53:02.0798 6752 sisagp - ok
21:53:02.0809 6752 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:53:02.0842 6752 SiSRaid2 - ok
21:53:02.0855 6752 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:53:02.0892 6752 SiSRaid4 - ok
21:53:03.0050 6752 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:53:03.0264 6752 Skype C2C Service - ok
21:53:03.0318 6752 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:53:03.0450 6752 SkypeUpdate - ok
21:53:03.0487 6752 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:53:03.0554 6752 Smb - ok
21:53:03.0602 6752 [ A8C0ECBDECF82CFAEBA28991A1217415 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:53:03.0630 6752 SmbDrvI - ok
21:53:03.0688 6752 [ 3C4A61CCB2CF32ED6E09F559B4ADB6CF ] smihlp2 C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
21:53:03.0710 6752 smihlp2 - ok
21:53:03.0743 6752 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:53:03.0791 6752 SNMPTRAP - ok
21:53:03.0797 6752 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:53:03.0826 6752 spldr - ok
21:53:03.0865 6752 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:53:03.0961 6752 Spooler - ok
21:53:04.0066 6752 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:53:04.0233 6752 sppsvc - ok
21:53:04.0297 6752 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:53:04.0363 6752 sppuinotify - ok
21:53:04.0405 6752 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\Windows\System32\Drivers\sptd.sys
21:53:04.0491 6752 sptd - ok
21:53:04.0551 6752 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:53:04.0596 6752 SQLWriter - ok
21:53:04.0637 6752 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:53:04.0720 6752 srv - ok
21:53:04.0737 6752 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:53:04.0799 6752 srv2 - ok
21:53:04.0829 6752 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:53:04.0879 6752 SrvHsfHDA - ok
21:53:04.0912 6752 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:53:04.0992 6752 SrvHsfV92 - ok
21:53:05.0015 6752 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:53:05.0080 6752 SrvHsfWinac - ok
21:53:05.0096 6752 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:53:05.0130 6752 srvnet - ok
21:53:05.0192 6752 [ 6A09C136CF33547820CB963E4D5AAF9E ] SSCBFS3 C:\Windows\system32\DRIVERS\sscbfs3.sys
21:53:05.0250 6752 SSCBFS3 - ok
21:53:05.0284 6752 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:53:05.0360 6752 SSDPSRV - ok
21:53:05.0403 6752 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:53:05.0426 6752 ssmdrv - ok
21:53:05.0439 6752 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:53:05.0509 6752 SstpSvc - ok
21:53:05.0577 6752 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
21:53:05.0599 6752 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
21:53:05.0599 6752 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
21:53:05.0687 6752 [ 17FC2EAD763F0237457817A753A5A676 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:53:05.0750 6752 Stereo Service - ok
21:53:05.0779 6752 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:53:05.0811 6752 stexstor - ok
21:53:05.0859 6752 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:53:05.0937 6752 StiSvc - ok
21:53:05.0979 6752 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:53:06.0011 6752 storflt - ok
21:53:06.0021 6752 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
21:53:06.0089 6752 StorSvc - ok
21:53:06.0103 6752 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:53:06.0133 6752 storvsc - ok
21:53:06.0213 6752 [ 9D4A85334D002B6A6FDB7C5F3E3722EB ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
21:53:06.0240 6752 SUService - ok
21:53:06.0274 6752 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:53:06.0307 6752 swenum - ok
21:53:06.0331 6752 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:53:06.0398 6752 swprv - ok
21:53:06.0445 6752 [ 47EB81005ACCFF4075D2A0133185429B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:53:06.0498 6752 SynTP - ok
21:53:06.0578 6752 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:53:06.0689 6752 SysMain - ok
21:53:06.0726 6752 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:53:06.0786 6752 TabletInputService - ok
21:53:06.0820 6752 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:53:06.0902 6752 TapiSrv - ok
21:53:06.0942 6752 [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
21:53:06.0999 6752 tapoas - ok
21:53:07.0015 6752 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:53:07.0084 6752 TBS - ok
21:53:07.0143 6752 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:53:07.0249 6752 Tcpip - ok
21:53:07.0290 6752 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:53:07.0352 6752 TCPIP6 - ok
21:53:07.0389 6752 [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
21:53:07.0403 6752 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
21:53:07.0403 6752 tcpipBM - detected UnsignedFile.Multi.Generic (1)
21:53:07.0433 6752 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:53:07.0480 6752 tcpipreg - ok
21:53:07.0515 6752 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:53:07.0590 6752 TDPIPE - ok
21:53:07.0625 6752 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:53:07.0665 6752 TDTCP - ok
21:53:07.0701 6752 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:53:07.0761 6752 tdx - ok
21:53:08.0127 6752 [ 57DDE1395F86EE048AB25717EEB8CAEB ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
21:53:08.0301 6752 TeamViewer8 - ok
21:53:08.0342 6752 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
21:53:08.0388 6752 teamviewervpn - ok
21:53:08.0426 6752 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:53:08.0462 6752 TermDD - ok
21:53:08.0531 6752 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:53:08.0622 6752 TermService - ok
21:53:08.0679 6752 [ AB10AFD7809ABA275A8E20F215C5C0BD ] TGCM_ImportWiFiSvc C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
21:53:08.0703 6752 TGCM_ImportWiFiSvc - ok
21:53:08.0723 6752 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:53:08.0777 6752 Themes - ok
21:53:08.0827 6752 [ 6EF4145EC552A95E01BE4EA31A9AC21F ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:53:08.0910 6752 ThinkVantage Registry Monitor Service - ok
21:53:08.0941 6752 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:53:09.0000 6752 THREADORDER - ok
21:53:09.0030 6752 [ 8F58C4FBF3F6E5B816C47201EDE90DCE ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
21:53:09.0058 6752 TPDIGIMN - ok
21:53:09.0093 6752 [ 116156A5835224407A6DC8C44B6EF4EE ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
21:53:09.0129 6752 TPHDEXLGSVC - ok
21:53:09.0191 6752 [ AF2B31F71D685E8C5EAAA680B57D3773 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
21:53:09.0226 6752 TPHKLOAD - ok
21:53:09.0256 6752 [ 5B62F45C87CC0FB176C5358EEA6CFB4C ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
21:53:09.0290 6752 TPHKSVC - ok
21:53:09.0309 6752 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
21:53:09.0347 6752 TPM - ok
21:53:09.0377 6752 [ 8177EA8E81E397E8A2D7E213EB9FEE8F ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
21:53:09.0405 6752 TPPWRIF - ok
21:53:09.0425 6752 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:53:09.0507 6752 TrkWks - ok
21:53:09.0563 6752 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:53:09.0635 6752 TrustedInstaller - ok
21:53:09.0653 6752 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:09.0713 6752 tssecsrv - ok
21:53:09.0743 6752 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:53:09.0796 6752 TsUsbFlt - ok
21:53:09.0826 6752 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:53:09.0886 6752 tunnel - ok
21:53:09.0910 6752 [ C0847EDCCCEF8D4F5354E82EC9E90159 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
21:53:09.0937 6752 TurboB - ok
21:53:09.0982 6752 [ 8629F69817902D9D0F00EB3247AABA51 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:53:10.0019 6752 TurboBoost - ok
21:53:10.0096 6752 [ 4581A61AD590BC3CCDF2759D0BDD69FC ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
21:53:10.0194 6752 TVT Backup Service - ok
21:53:10.0227 6752 [ 3078906E991F29305E8066911153717E ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
21:53:10.0255 6752 TVTI2C - ok
21:53:10.0288 6752 TwonkyProxy - ok
21:53:10.0313 6752 TwonkyServer - ok
21:53:10.0320 6752 TwonkyWebDav - ok
21:53:10.0342 6752 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:53:10.0377 6752 uagp35 - ok
21:53:10.0391 6752 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:53:10.0479 6752 udfs - ok
21:53:10.0549 6752 [ EC23505F255D0DA9230A3237EF5839AD ] UI Assistant Service C:\Program Files\Mobile Partner Manager\AssistantServices.exe
21:53:10.0595 6752 UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
21:53:10.0595 6752 UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
21:53:10.0623 6752 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:53:10.0665 6752 UI0Detect - ok
21:53:10.0685 6752 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:53:10.0717 6752 uliagpkx - ok
21:53:10.0760 6752 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:53:10.0795 6752 umbus - ok
21:53:10.0819 6752 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:53:10.0864 6752 UmPass - ok
21:53:10.0895 6752 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
21:53:10.0951 6752 UmRdpService - ok
21:53:11.0042 6752 [ 2B971A72C0D6BD8A710E2748353773DD ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:53:11.0167 6752 UNS - ok
21:53:11.0193 6752 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:53:11.0285 6752 upnphost - ok
21:53:11.0310 6752 [ 399D1015FCCC3FCB438A59CB9567E266 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:53:11.0382 6752 usbccgp - ok
21:53:11.0421 6752 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:53:11.0464 6752 usbcir - ok
21:53:11.0490 6752 [ 600B15106C0AE72D8583C5B710315AC6 ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:53:11.0519 6752 usbehci - ok
21:53:11.0543 6752 [ E5110252BE0B1D03CCCDF41ED31D02C1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:53:11.0574 6752 usbhub - ok
21:53:11.0596 6752 [ E82967C733660A90F0248100D157BE67 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:53:11.0630 6752 usbohci - ok
21:53:11.0642 6752 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:53:11.0676 6752 usbprint - ok
21:53:11.0697 6752 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:53:11.0732 6752 usbscan - ok
21:53:11.0770 6752 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:53:11.0847 6752 USBSTOR - ok
21:53:11.0854 6752 [ BC5421344CE62C0394D93157D5FE5EF3 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:53:11.0894 6752 usbuhci - ok
21:53:11.0928 6752 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:53:11.0969 6752 usbvideo - ok
21:53:11.0986 6752 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:53:12.0072 6752 UxSms - ok
21:53:12.0091 6752 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:53:12.0129 6752 VaultSvc - ok
21:53:12.0164 6752 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:53:12.0190 6752 vdrvroot - ok
21:53:12.0231 6752 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:53:12.0302 6752 vds - ok
21:53:12.0320 6752 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:53:12.0363 6752 vga - ok
21:53:12.0381 6752 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:53:12.0454 6752 VgaSave - ok
21:53:12.0503 6752 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:53:12.0549 6752 vhdmp - ok
21:53:12.0573 6752 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:53:12.0614 6752 viaagp - ok
21:53:12.0623 6752 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:53:12.0675 6752 ViaC7 - ok
21:53:12.0689 6752 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:53:12.0720 6752 viaide - ok
21:53:12.0734 6752 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:53:12.0776 6752 vmbus - ok
21:53:12.0787 6752 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:53:12.0817 6752 VMBusHID - ok
21:53:12.0947 6752 [ 1B0D441D8AB264D39C2B09130CC28045 ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
21:53:12.0968 6752 VMCService ( UnsignedFile.Multi.Generic ) - warning
21:53:12.0968 6752 VMCService - detected UnsignedFile.Multi.Generic (1)
21:53:13.0009 6752 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:53:13.0041 6752 volmgr - ok
21:53:13.0054 6752 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:53:13.0090 6752 volmgrx - ok
21:53:13.0108 6752 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:53:13.0164 6752 volsnap - ok
21:53:13.0179 6752 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:53:13.0217 6752 vsmraid - ok
21:53:13.0274 6752 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:53:13.0392 6752 VSS - ok
21:53:13.0409 6752 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:53:13.0450 6752 vwifibus - ok
21:53:13.0468 6752 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:53:13.0506 6752 vwififlt - ok
21:53:13.0530 6752 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:53:13.0564 6752 vwifimp - ok
21:53:13.0591 6752 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:53:13.0680 6752 W32Time - ok
21:53:13.0701 6752 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:53:13.0733 6752 WacomPen - ok
21:53:13.0778 6752 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:53:13.0840 6752 WANARP - ok
21:53:13.0845 6752 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:53:13.0897 6752 Wanarpv6 - ok
21:53:13.0962 6752 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:53:14.0131 6752 WatAdminSvc - ok
21:53:14.0168 6752 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:53:14.0303 6752 wbengine - ok
21:53:14.0331 6752 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:53:14.0370 6752 WbioSrvc - ok
21:53:14.0400 6752 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
21:53:14.0441 6752 WcesComm - ok
21:53:14.0486 6752 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:53:14.0547 6752 wcncsvc - ok
21:53:14.0560 6752 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:53:14.0628 6752 WcsPlugInService - ok
21:53:14.0634 6752 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:53:14.0666 6752 Wd - ok
21:53:14.0712 6752 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:53:14.0775 6752 Wdf01000 - ok
21:53:14.0790 6752 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:53:14.0869 6752 WdiServiceHost - ok
21:53:14.0875 6752 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:53:14.0911 6752 WdiSystemHost - ok
21:53:14.0946 6752 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:53:15.0023 6752 WebClient - ok
21:53:15.0040 6752 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:53:15.0122 6752 Wecsvc - ok
21:53:15.0140 6752 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:53:15.0214 6752 wercplsupport - ok
21:53:15.0236 6752 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:53:15.0310 6752 WerSvc - ok
21:53:15.0336 6752 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:53:15.0406 6752 WfpLwf - ok
21:53:15.0412 6752 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:53:15.0443 6752 WIMMount - ok
21:53:15.0504 6752 [ BC43A66ED6898F405A4ACF6179A5F9B1 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:53:15.0569 6752 winachsf - ok
21:53:15.0609 6752 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:53:15.0682 6752 WinDefend - ok
21:53:15.0695 6752 WinHttpAutoProxySvc - ok
21:53:15.0749 6752 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:53:15.0831 6752 Winmgmt - ok
21:53:15.0896 6752 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:53:16.0026 6752 WinRM - ok
21:53:16.0104 6752 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
21:53:16.0135 6752 WinUsb - ok
21:53:16.0175 6752 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:53:16.0253 6752 Wlansvc - ok
21:53:16.0361 6752 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:53:16.0462 6752 wlidsvc - ok
21:53:16.0508 6752 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:53:16.0546 6752 WmiAcpi - ok
21:53:16.0577 6752 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:53:16.0605 6752 wmiApSrv - ok
21:53:16.0673 6752 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:53:16.0786 6752 WMPNetworkSvc - ok
21:53:16.0802 6752 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:53:16.0889 6752 WPCSvc - ok
21:53:16.0917 6752 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:53:16.0982 6752 WPDBusEnum - ok
21:53:17.0001 6752 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:53:17.0072 6752 ws2ifsl - ok
21:53:17.0085 6752 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:53:17.0138 6752 wscsvc - ok
21:53:17.0144 6752 WSearch - ok
21:53:17.0219 6752 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:53:17.0340 6752 wuauserv - ok
21:53:17.0373 6752 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:53:17.0439 6752 WudfPf - ok
21:53:17.0488 6752 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:53:17.0539 6752 WUDFRd - ok
21:53:17.0580 6752 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:53:17.0611 6752 wudfsvc - ok
21:53:17.0649 6752 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:53:17.0728 6752 WwanSvc - ok
21:53:17.0779 6752 [ 311FAFFB280FCA0D4A7739E2474EAC9F ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
21:53:17.0804 6752 XAudio - ok
21:53:17.0932 6752 [ 26B3BA0D9AF3397B8E24ADC8DFDB3534 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:53:18.0141 6752 ZeroConfigService - ok
21:53:18.0178 6752 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
21:53:18.0240 6752 ZTEusbmdm6k - ok
21:53:18.0277 6752 [ 453A60F8DC22FC296BC482CBF3EFF213 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
21:53:18.0335 6752 ZTEusbnet - ok
21:53:18.0383 6752 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
21:53:18.0415 6752 ZTEusbnmea - ok
21:53:18.0451 6752 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
21:53:18.0484 6752 ZTEusbser6k - ok
21:53:18.0552 6752 [ 966756D861161FCC04D8051F210B942F ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
21:53:18.0616 6752 ZTEusbvoice - ok
21:53:18.0676 6752 ================ Scan global ===============================
21:53:18.0716 6752 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:53:18.0764 6752 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:53:18.0797 6752 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:53:18.0818 6752 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:53:18.0845 6752 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:53:18.0855 6752 [Global] - ok
21:53:18.0856 6752 ================ Scan MBR ==================================
21:53:18.0869 6752 [ A7933FCB301C18F622F2BB98821DB8B8 ] \Device\Harddisk0\DR0
21:53:19.0262 6752 \Device\Harddisk0\DR0 - ok
21:53:19.0263 6752 ================ Scan VBR ==================================
21:53:19.0267 6752 [ B3A2E48C0193421A0DE21FEDFAB09C45 ] \Device\Harddisk0\DR0\Partition1
21:53:19.0271 6752 \Device\Harddisk0\DR0\Partition1 - ok
21:53:19.0276 6752 [ CE3BC1F1AF10D792EA4E8C8166FC9D03 ] \Device\Harddisk0\DR0\Partition2
21:53:19.0279 6752 \Device\Harddisk0\DR0\Partition2 - ok
21:53:19.0296 6752 [ 2B39859BCA3BFC9EACEA15DF7002FB77 ] \Device\Harddisk0\DR0\Partition3
21:53:19.0298 6752 \Device\Harddisk0\DR0\Partition3 - ok
21:53:19.0299 6752 ============================================================
21:53:19.0299 6752 Scan finished
21:53:19.0299 6752 ============================================================
21:53:19.0315 10108 Detected object count: 8
21:53:19.0315 10108 Actual detected object count: 8
21:53:35.0296 10108 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0296 10108 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0298 10108 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0298 10108 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0318 10108 FNETURPX ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0318 10108 FNETURPX ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0320 10108 NvtlService ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0320 10108 NvtlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0323 10108 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0323 10108 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0333 10108 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0333 10108 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0336 10108 UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0336 10108 UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0338 10108 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0338 10108 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
--------------------------------------

Hi Benutzer,

Download ComboFix from :

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)



* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Right click on ComboFix.exe, click Run as Administrator & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. If after running combofix you recieve an message "Illegal operation attempted on a registery key that has been marked for deletion" or similar reboot the computer.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

Thanks

Thank You again. Process took a while. This is the log file:
.................
ComboFix 13-06-30.01 - HEF01 02.07.2013 1:53.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3060.1086 [GMT 2:00]
ausgeführt von:: c:\users\HEF01\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\6189c538-c102-424b-b645-3fb824a63826.dll
c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\programdata\Roaming
c:\users\HEF01\4.0
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_ctypes.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_elementtree.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_hashlib.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_multiprocessing.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_socket.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_ssl.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\pyexpat.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\pysqlite2._sqlite.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\python27.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\pythoncom27.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\PyWinTypes27.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\select.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\unicodedata.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32api.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32com.shell.shell.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32crypt.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32event.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32file.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32inet.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32pdh.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32process.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32profile.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32security.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32ts.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\windows._cacheinvalidation.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._controls_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._core_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._gdi_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._html2.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._misc_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._windows_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._wizard.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxbase294u_net_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxbase294u_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxmsw294u_adv_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxmsw294u_core_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxmsw294u_html_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxmsw294u_webview_vc90.dll
c:\users\HEF01\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\users\HEF01\AppData\Roaming\convert\convert.exe
c:\users\HEF01\Documents\~WRL0013.tmp
c:\users\HEF01\Documents\~WRL2155.tmp
c:\users\HEF01\Documents\~WRL3808.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\SET1033.tmp
c:\windows\system32\SET13B6.tmp
c:\windows\system32\SET1453.tmp
c:\windows\system32\SET1C7B.tmp
c:\windows\system32\SET45D6.tmp
c:\windows\system32\SET4749.tmp
c:\windows\system32\SET4F82.tmp
c:\windows\system32\SET5CD7.tmp
c:\windows\system32\SET6E8D.tmp
c:\windows\system32\SET8382.tmp
c:\windows\system32\SET9DF0.tmp
c:\windows\system32\SET9E2F.tmp
c:\windows\system32\SETB782.tmp
c:\windows\system32\SETBCC5.tmp
c:\windows\system32\SETC46B.tmp
c:\windows\system32\SETF0A.tmp
c:\windows\system32\Thumbs.db
D:\AUTORUN.INF
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-02 bis 2013-07-02 ))))))))))))))))))))))))))))))
.
.
2013-07-02 00:30 . 2013-07-02 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-30 21:50 . 2013-06-30 21:55 -------- d-----w- c:\users\HEF01\AppData\Local\SugarSync
2013-06-30 21:50 . 2013-01-30 11:12 225024 ----a-w- c:\windows\system32\SSCbFsNetRdr3.dll
2013-06-30 21:50 . 2013-01-30 11:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
2013-06-30 21:47 . 2013-01-30 11:11 295936 ----a-w- c:\windows\system32\drivers\sscbfs3.sys
2013-06-30 21:46 . 2013-06-30 21:50 -------- d-----w- c:\program files\SugarSync
2013-06-30 21:28 . 2013-06-30 21:28 53248 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}\ARPPRODUCTICON.exe
2013-06-30 19:38 . 2013-07-01 23:57 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{495A0703-FCA3-455D-B817-109BF3084201}\offreg.dll
2013-06-29 22:26 . 2013-06-30 19:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-06-28 06:59 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{495A0703-FCA3-455D-B817-109BF3084201}\mpengine.dll
2013-06-22 15:19 . 2013-06-22 15:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-19 20:13 . 2013-06-19 20:13 45056 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{1C3147A7-4810-45FC-AD89-064D8023A514}\NewShortcut2_7024F073510147169F4B28E8B73F2DCF.exe
2013-06-19 20:13 . 2013-06-19 20:13 45056 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{1C3147A7-4810-45FC-AD89-064D8023A514}\NewShortcut1_9B3D64ED28EC4E27B62740E65B802B3A.exe
2013-06-19 20:13 . 2013-06-19 20:13 45056 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{1C3147A7-4810-45FC-AD89-064D8023A514}\ARPPRODUCTICON.exe
2013-06-19 20:13 . 2013-06-19 20:13 -------- d-----w- c:\program files\SEPA Account Converter
2013-06-15 10:26 . 2013-06-15 11:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-15 09:08 . 2013-06-15 09:08 -------- d-----w- c:\program files\ITN Converter
2013-06-14 22:39 . 2013-06-14 22:39 -------- d-----w- c:\programdata\boost_interprocess
2013-06-14 21:39 . 2013-06-14 21:39 -------- d-----w- c:\program files\K-Lite Codec Pack
2013-06-14 21:38 . 2013-06-14 21:38 -------- d-----w- C:\Upload
2013-06-14 21:38 . 2013-07-01 12:54 -------- d-----w- C:\Samsung Link
2013-06-14 19:08 . 2013-06-14 19:11 -------- d-----w- c:\program files\SDistTest
2013-06-14 07:39 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-14 07:39 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 17:45 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 17:45 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 17:45 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 17:45 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 17:45 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 17:45 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 17:45 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 17:45 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 17:45 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 17:44 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 17:44 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 17:44 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-02 19:58 . 2013-06-02 19:58 -------- d-----w- c:\users\HEF01\AppData\Roaming\AVM
2013-06-02 19:47 . 2013-06-02 19:58 -------- d-----w- c:\program files\FRITZ!Fernzugang einrichten
2013-06-02 19:23 . 2013-06-02 19:23 29184 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{8890396E-9E1B-4F8E-B465-5918B41CEEE9}\Icon37C19C2D1.exe
2013-06-02 19:23 . 2013-06-02 19:23 -------- d-----w- c:\programdata\AVM
2013-06-02 19:23 . 2013-06-02 19:30 -------- d-----w- c:\program files\FRITZ!Fernzugang
2013-06-02 19:22 . 2013-06-02 19:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 15:19 . 2012-11-21 00:19 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 15:19 . 2011-04-09 21:46 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 07:07 . 2012-08-10 17:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 07:07 . 2012-08-10 17:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 07:07 . 2013-05-14 22:08 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-20 19:48 . 2013-02-12 16:19 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-07 07:54 . 2013-04-03 18:49 532208 ----a-w- c:\windows\system32\SynCOM.dll
2013-05-07 07:54 . 2013-02-25 21:28 143088 ----a-w- c:\windows\system32\SynTPCo16.dll
2013-05-07 07:54 . 2013-02-25 21:28 175856 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-05-07 07:54 . 2013-02-25 21:28 355056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-05-02 19:18 . 2013-01-20 19:19 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-05-02 19:18 . 2013-01-20 19:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-05-02 19:18 . 2013-01-20 19:18 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-05-02 14:15 . 2013-05-02 14:15 227656 ----a-w- c:\windows\system32\ddBACCTM.cpl
2013-05-02 14:15 . 2013-05-02 14:15 825672 ----a-w- c:\windows\system32\Ddbaccpl.cpl
2013-05-02 00:06 . 2011-04-07 15:29 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-23 04:54 . 2010-01-04 20:15 2692904 ------w- c:\windows\PWMBTHLV.EXE
2013-04-23 04:54 . 2010-01-04 20:15 3752744 ------w- c:\windows\system32\PWMCP32V.cpl
2013-04-23 04:54 . 2010-01-04 20:15 25416 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2013-04-23 04:54 . 2010-01-04 20:15 19712 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2013-04-21 10:03 . 2013-04-21 10:03 105728 ----a-w- c:\windows\system32\drivers\avmaura.sys
2013-04-15 16:53 . 2013-04-15 16:53 46592 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-04-15 16:53 . 2013-04-15 16:53 38912 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 227840 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 704000 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 12800 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 130048 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-04-13 04:45 . 2013-05-15 07:46 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 08:46 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 07:46 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 07:46 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 07:46 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 14:55 . 2013-05-21 13:57 383616 ----a-w- c:\windows\system32\HI-epanelLSPService64.dll
2013-04-04 14:55 . 2013-05-21 13:57 316032 ----a-w- c:\windows\system32\HI-epanelLSPService.dll
2013-04-04 12:50 . 2013-05-30 11:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-01 19:24 222832 ----a-w- c:\users\HEF01\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-01 19:24 222832 ----a-w- c:\users\HEF01\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-01 19:24 222832 ----a-w- c:\users\HEF01\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12 159488 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-06 19676256]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
"SkyDrive"="c:\users\HEF01\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-07-01 257136]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Akamai NetSession Interface"="c:\users\HEF01\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"SugarSync"="c:\program files\SugarSync\SugarSync.exe" [2013-06-26 12419424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"TpShocks"="TpShocks.exe" [2013-02-12 338216]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2013-04-23 4451624]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2013-03-18 63784]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 3110200]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-02-26 60920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"ACTray"="c:\program files\Lenovo\Access Connections\ACTray.exe" [2013-03-18 432424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-15 348664]
"HI-epanel-WatchDog"="c:\program files\HI-epanelLSPService\HI-epanel-WatchDog.exe" [2013-04-04 60544]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2013-01-25 70728]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2013-01-25 1372232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 33792]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"UIExec"="c:\program files\Mobile Partner Manager\UIExec.exe" [2009-12-02 132096]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-05-07 2416368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"Samsung Link"="c:\program files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe" [2013-05-09 407384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HEF01\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Key-Organizer Fristenprüfung.lnk - c:\program files\AIDeX\KeyOrganizer\KeyOrganizer.exe DeadlineCheck [2013-2-20 726528]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2013-03-05 18:49 101160 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MediaManager Server.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MediaManager Server.lnk
backup=c:\windows\pss\MediaManager Server.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2012 Zahlungserinnerung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk
backup=c:\windows\pss\Quicken 2012 Zahlungserinnerung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TwonkyServer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyServer.lnk
backup=c:\windows\pss\TwonkyServer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-11 12:34 2403840 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2013-05-07 07:54 2416368 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\HEF01\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
2;2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Mobile Partner Manager\AssistantServices.exe [2009-12-02 246272]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-07-17 143360]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2010-11-27 28144]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2013-04-23 280640]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-04-18 102784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-04-18 348160]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 174080]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 38400]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-10-29 9216]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 267568]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2013-04-23 1667368]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2013-04-23 1664808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 99768]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-04 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2011-04-18 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-04-18 105856]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2013-04-23 25416]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-01-25 50248]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-01-25 41544]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-12-28 22344]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-01-25 15944]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-01-25 186952]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-03-19 7936]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [2013-05-03 404360]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-07-17 509456]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2012-11-28 255904]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-08-23 104240]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2012-11-28 122272]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2011-02-08 506288]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2006-10-31 77824]
S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2013-01-25 23624]
S2 HI-epanel-Reporting-Service;HI-epanel-Reporting-Service;c:\program files\Digital Trends Club\HI-epanel-Reporting.exe [2013-04-04 3022464]
S2 HI-epanel-Update-Service;HI-epanel-Update-Service;c:\program files\Digital Trends Club\HI-epanel-Updater.exe [2013-04-04 1377920]
S2 HI-epanelLSPService;HI-epanelLSPService;c:\program files\HI-epanelLSPService\HI-epanelLSPService.exe [2013-04-04 3302528]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2013-02-26 44024]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2012-08-24 127072]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-02-26 62456]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-03-06 40448]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2012-11-28 154016]
S2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [2011-05-23 1688384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 11976]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-10 383264]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2011-06-14 201080]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2013-05-23 116216]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2012-12-04 125504]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-29 13752]
S2 TwonkyProxy;TwonkyProxy;c:\program files\Twonky\TwonkyServer\twonkyproxy.exe [2012-05-03 545608]
S2 TwonkyServer;TwonkyServer;c:\program files\Twonky\TwonkyServer\twonkystarter.exe [2012-05-03 541512]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files\Twonky\TwonkyServer\twonkywebdav.exe [2012-05-03 271176]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-08-23 2778416]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 132864]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-07-17 143360]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2013-04-21 105728]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2012-02-02 388264]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2006-10-31 1990656]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 72832]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [2012-09-30 10383360]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [2011-07-05 334712]
S3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys [2010-06-25 5248]
S3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys [2011-05-23 375296]
S3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys [2011-05-23 190848]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-10-17 38200]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys [2013-01-30 295936]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-11-28 25088]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 07:07]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 17:16]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 17:16]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005Core.job
- c:\users\HEF01\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 19:57]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005UA.job
- c:\users\HEF01\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 19:57]
.
2013-06-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2013-07-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uInternet Settings,ProxyServer = localhost:21320
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\HEF01\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\HI-epanelLSPService.DLL
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.178.36/codebase/DVM_IPCam2.ocx
FF - ProfilePath - c:\users\HEF01\AppData\Roaming\Mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-FileZilla Client - c:\program files\FileZilla FTP Client\uninstall.exe
AddRemove-loadtbs-3.0 - c:\users\HEF01\AppData\Roaming\loadtbs\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(840)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(9296)
c:\windows\system32\SSCbFsMntNtf3.dll
c:\windows\system32\SSCbFsNetRdr3.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\LENOVO\HOTKEY\tpnumlk.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\vds.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\LENOVO\HOTKEY\shtctky.exe
c:\progra~1\LENOVO\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\vdsldr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-02 03:00:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-02 01:00
.
Vor Suchlauf: 23 Verzeichnis(se), 444.747.567.104 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 444.236.754.944 Bytes frei
.
- - End Of File - - 4ABDCBA45CDFA698FD33C3F725200ED1
A7933FCB301C18F622F2BB98821DB8B8

Hi Benutzer,

How's the computer? We may have removed a legitamate program. Is convert a program you use to convert weights and measures from one unit to another? Let me know, we can restore it.


A bit more to do.

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
make sure the box beside "scan all users" is checked
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following:

%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Hi Benutzer,

How's the computer? We may have removed a legitamate program. Is convert a program you use to convert weights and measures from one unit to another? Let me know, we can restore it.


Hi Oldman960,

before I go on with OTL, I've got a question.
Which convert do you mean please ? Is it this one ?
c:\users\HEF01\AppData\Roaming\convert\convert.exe
I ask cause I don't know what it's good for. I just had a look to the folder c:\users\HEF01\AppData\Roaming\convert\ It exists, but it's empty. No files like convert.exe inside.

Though I use several converter progs like pdf to text or coordinates for SatNav devices. (ITN Converter)
Nothing vital, so I could follow your instructions and delete what you say.

Please get back.

Hi Benutzer,


c:\users\HEF01\AppData\Roaming\convert\convert.exeYes that was the file. Combofix removed it. It may have been targeted just because of the location not because it was malicious. We can check it out and restore it later. I thought it might be the same program I have. The Convert I have converts metric to Imperial/US.

How is the computer?

Please continue.

Thank you for the explanation. :thanks: I don't understand the whole /roaming/ Folder under AppData. But thats according to my restricted computer skills.
anyway, computer is running fine so far. All around a bit slow since I have this qvo6 malware. But could decreased in speed aso cause I registered several cloud storage services recently (Dropbox and other)

Did the OTL scan. But there is no EXTRAS.txt file. I'm so sorry, assume I did the wrong settings ? :red:
At the end of May I had download OTL and ran it without userdefined fixes/scans. Maybe it now took the former adjustments ?
The EXTRAS file I found is from May 30th and not valid for this scan.

Just had a screen shot from the final window of OTL. Should I have marked the Extras at the yellow mark ?
10793
I hope I didn't damage anything. Sorry for the problem.


Here's only the OTL scan results:
-----------OTL.txt-------------------------
OTL logfile created on: 02.07.2013 12:19:02 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HEF01\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,74% Memory free
5,97 Gb Paging File | 3,83 Gb Available in Paging File | 64,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 687,71 Gb Total Space | 413,48 Gb Free Space | 60,12% Space Free | Partition Type: NTFS
Drive D: | 9,76 Gb Total Space | 2,99 Gb Free Space | 30,68% Space Free | Partition Type: NTFS

Computer Name: HEF01-THINK | User Name: HEF01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\HEF01\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe (Samsung)
PRC - C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe (Samsung)
PRC - C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe ()
PRC - C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe ()
PRC - C:\Program Files\HI-epanelLSPService\HI-epanelLspService.exe (HI-epanel)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Authentec Inc.)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
PRC - C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
PRC - C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
PRC - C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
PRC - C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
PRC - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Windows\System32\nvShell.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AllShare Framework DMS) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe (Samsung)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe ()
SRV - (HI-epanel-Reporting-Service) -- C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe ()
SRV - (HI-epanel-Update-Service) -- C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe ()
SRV - (HI-epanelLSPService) -- C:\Program Files\HI-epanelLSPService\HI-epanelLspService.exe (HI-epanel)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
SRV - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
SRV - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (TwonkyProxy) -- C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyServer) -- C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
SRV - (TwonkyWebDav) -- C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AxAutoMntSrv) -- C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (QDLService2kLenovo) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (UI Assistant Service) -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe ()
SRV - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (NvtlService) -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)


========== Driver Services (SafeList) ==========

DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found
DRV - (mbr) -- C:\Users\HEF01\AppData\Local\Temp\mbr.sys File not found
DRV - (catchme) -- C:\Users\HEF01\AppData\Local\Temp\catchme.sys File not found
DRV - (arkc77h7) -- File not found
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SSCBFS3) -- C:\Windows\System32\drivers\sscbfs3.sys (EldoS Corporation)
DRV - (EUFDDISK) -- C:\Windows\System32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBKMON) -- C:\Windows\System32\drivers\EUBKMON.sys ()
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\System32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (SmbDrvI) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\Netwsn00.sys (Intel Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (tapoas) -- C:\Windows\System32\drivers\tapoas.sys (The OpenVPN Project)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV - (NWIM) -- C:\Windows\System32\drivers\avmnwim.sys (AVM Berlin)
DRV - (PCDSRVC{3037D694-FD904ACA-06020200}_0) -- c:\Program Files\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (smihlp2) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (5U877) -- C:\Windows\System32\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV - (qcusbnetlno2k) -- C:\Windows\System32\drivers\qcusbnetlno2k.sys (QUALCOMM Incorporated)
DRV - (qcusbserlno2k) -- C:\Windows\System32\drivers\qcusbserlno2k.sys (QUALCOMM Incorporated)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (FLxHCIc) -- C:\Windows\System32\drivers\FLxHCIc.sys (Fresco Logic)
DRV - (FLxHCIh) -- C:\Windows\System32\drivers\FLxHCIh.sys (Fresco Logic)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (qcfilterlno2k) -- C:\Windows\System32\drivers\qcfilterlno2k.sys (QUALCOMM Incorporated)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (TurboB) -- C:\Windows\System32\drivers\TurboB.sys ()
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8CBA94D2-0004-4EDB-BD2D-DC3EC9287C9A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..\SearchScopes,DefaultScope = {8CBA94D2-0004-4EDB-BD2D-DC3EC9287C9A}
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: ""
FF - prefs.js..extension.gacela.network.proxy.type: 5
FF - prefs.js..extensions.enabledAddons: %7Baab35b56-0206-4472-9993-9cb5c09bb722%7D:1.5.5
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.7.0
FF - prefs.js..extensions.enabledAddons: gacela2%40nurago.com:13.1.50
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.autoconfig_url: "http://dtcproxy.gacela.eu/impact-de/autoproxyconfig.php?id=18735&type=FF&version=13.1.50"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@siz.de/SIZCHIP,version=2.0.2.1: C:\Program Files\SIZ\SIZCHIP-Plugin\Mozilla-20\npS-Chip-Add-On-Mozilla-2021.dll (SIZ GmbH, Deutscher Sparkassen Verlag GmbH)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\HEF01\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HEF01\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HEF01\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\Digital Trends Club\ [2013.07.02 12:19:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2013.01.30 15:21:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.28 15:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.30 00:26:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F74D5734-46F5-4B16-96F0-1E7FBF41B750}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2011.12.25 22:50:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.30 00:26:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011.04.09 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\Extensions
[2011.04.09 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.29 23:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\extensions
[2013.02.27 10:52:16 | 000,000,000 | ---D | M] (Snip It! Button for eBay) -- C:\Users\HEF01\AppData\Roaming\mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\extensions\{aab35b56-0206-4472-9993-9cb5c09bb722}
[2013.04.17 21:17:01 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\HEF01\AppData\Roaming\mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\extensions\fb_add_on@avm.de
[2013.05.09 20:15:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\firefox\profiles\xxhc2iuc.default-1361923398100\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.23 18:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.23 18:39:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.23 18:39:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.23 18:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.23 18:39:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.02 12:19:26 | 000,000,000 | ---D | M] (Digital Trends Club) -- C:\PROGRAM FILES\DIGITAL TRENDS CLUB

O1 HOSTS File: ([2013.07.02 02:30:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Digital Trends Club\Gacela2.dll (HI-epanel)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HI-epanel-WatchDog] C:\Program Files\HI-epanelLSPService\HI-epanel-WatchDog.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [Samsung Link] C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe (Samsung Electronics)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [Akamai NetSession Interface] C:\Users\HEF01\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [SkyDrive] C:\Users\HEF01\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSync.exe (SugarSync, Inc.)
O4 - Startup: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HEF01\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Key-Organizer Fristenprüfung.lnk = C:\Program Files\AIDeX\KeyOrganizer\KeyOrganizer.exe (Aidex GmbH)
O4 - Startup: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\HEF01\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Über Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Digital Trends Club\Gacela2.dll (HI-epanel)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O15 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..Trusted Ranges: Range1 ( in Lokales Intranet)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.178.36/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B124AEFE-892C-45A4-BB75-ED6063CFEE11}: DhcpNameServer = 212.166.210.80 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\System32\SSCbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.07.02 03:01:31 | 000,012,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2013.07.02 02:35:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.07.02 01:50:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.02 01:50:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.02 01:50:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.02 01:46:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.30 23:55:44 | 000,000,000 | ---D | C] -- C:\Users\HEF01\Documents\Mein SugarSync
[2013.06.30 23:50:37 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Local\SugarSync
[2013.06.30 23:50:29 | 000,225,024 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\SSCbFsNetRdr3.dll
[2013.06.30 23:50:29 | 000,159,488 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\SSCbFsMntNtf3.dll
[2013.06.30 23:47:02 | 000,295,936 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\sscbfs3.sys
[2013.06.30 23:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2013.06.30 00:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.06.22 17:22:38 | 000,000,000 | ---D | C] -- C:\Users\HEF01\Desktop\Virus_Trojan
[2013.06.22 17:19:49 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.22 17:19:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.22 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\HEF01\Desktop\Klinik
[2013.06.19 22:13:25 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
[2013.06.19 22:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\SEPA Account Converter
[2013.06.15 12:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.15 11:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ITN Converter
[2013.06.15 11:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\ITN Converter
[2013.06.15 00:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.06.14 23:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.06.14 23:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2013.06.14 23:38:39 | 000,000,000 | ---D | C] -- C:\Upload
[2013.06.14 23:38:08 | 000,000,000 | ---D | C] -- C:\Samsung Link
[2013.06.14 23:38:08 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.06.14 21:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2013.06.14 21:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\SDistTest
[2013.06.14 09:39:49 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.14 09:39:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.14 09:30:16 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.14 09:30:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.14 09:30:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.06.14 09:30:14 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.14 09:30:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.06.14 09:30:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.14 09:30:14 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.06.14 09:30:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.06.12 19:45:28 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.06.12 19:45:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.12 19:45:10 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 19:45:10 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 19:44:59 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.12 19:44:59 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.02 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\AVM
[2013.06.02 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
[2013.06.02 21:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!Fernzugang einrichten
[2013.06.02 21:23:53 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
[2013.06.02 21:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVM
[2013.06.02 21:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!Fernzugang
[2013.06.02 21:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.02 12:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.02 12:03:39 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.02 12:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.02 11:36:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005UA.job
[2013.07.02 09:57:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.02 03:02:48 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.02 03:02:48 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.02 03:02:48 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.02 03:02:48 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.02 03:01:32 | 000,012,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2013.07.02 02:41:54 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 02:41:54 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 02:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005Core.job
[2013.07.02 02:33:18 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.07.02 02:33:11 | 2406,219,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.02 02:30:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.30 23:55:45 | 000,000,786 | ---- | M] () -- C:\Users\HEF01\Desktop\Mein SugarSync.lnk
[2013.06.30 23:50:31 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013.06.30 22:45:48 | 000,000,000 | -H-- | M] () -- C:\Users\HEF01\Documents\Default.rdp
[2013.06.27 20:04:08 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.06.23 00:32:26 | 000,000,870 | ---- | M] () -- C:\Windows\wiso.ini
[2013.06.22 17:19:22 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.22 17:19:21 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.06.22 17:19:21 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.06.22 17:19:21 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.22 17:19:21 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.22 17:19:21 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.22 17:12:31 | 353,889,239 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.21 01:00:59 | 000,011,489 | ---- | M] () -- C:\Users\HEF01\gsview32.ini
[2013.06.19 22:13:26 | 000,002,102 | ---- | M] () -- C:\Users\HEF01\Desktop\SEPA Account Converter.lnk
[2013.06.15 11:08:10 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\ITN Converter.lnk
[2013.06.12 09:07:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 09:07:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.12 09:07:09 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.06.09 17:01:51 | 000,001,064 | ---- | M] () -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.09 17:01:41 | 000,001,032 | ---- | M] () -- C:\Users\HEF01\Desktop\Dropbox.lnk
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.02 21:45:10 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

Part 2 of OTL.txt
---------------------

========== Files Created - No Company Name ==========

[2013.07.02 01:50:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.02 01:50:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.02 01:50:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.02 01:50:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.02 01:50:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.30 23:55:45 | 000,000,786 | ---- | C] () -- C:\Users\HEF01\Desktop\Mein SugarSync.lnk
[2013.06.30 23:50:31 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync.lnk
[2013.06.30 23:50:31 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013.06.30 22:45:48 | 000,000,000 | -H-- | C] () -- C:\Users\HEF01\Documents\Default.rdp
[2013.06.22 17:12:31 | 353,889,239 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.19 22:13:26 | 000,002,102 | ---- | C] () -- C:\Users\HEF01\Desktop\SEPA Account Converter.lnk
[2013.06.15 11:08:10 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\ITN Converter.lnk
[2013.05.23 21:28:01 | 000,000,861 | ---- | C] () -- C:\Users\HEF01\AppData\Local\recently-used.xbel
[2013.05.04 00:50:01 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013.04.15 18:53:12 | 000,046,592 | ---- | C] () -- C:\Windows\System32\boost_thread-vc90-mt-1_47.dll
[2013.04.15 18:53:00 | 000,038,912 | ---- | C] () -- C:\Windows\System32\boost_date_time-vc90-mt-1_47.dll
[2013.04.15 18:52:44 | 000,227,840 | ---- | C] () -- C:\Windows\System32\boost_serialization-vc90-mt-1_47.dll
[2013.04.15 18:52:42 | 000,704,000 | ---- | C] () -- C:\Windows\System32\boost_regex-vc90-mt-1_47.dll
[2013.04.15 18:52:40 | 000,012,800 | ---- | C] () -- C:\Windows\System32\boost_system-vc90-mt-1_47.dll
[2013.04.15 18:52:24 | 000,130,048 | ---- | C] () -- C:\Windows\System32\boost_filesystem-vc90-mt-1_47.dll
[2013.04.03 20:49:41 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2013.03.23 18:11:03 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini
[2013.03.20 17:38:47 | 000,041,544 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2013.02.12 11:36:05 | 000,003,072 | ---- | C] () -- C:\ProgramData\keytemplate.db3
[2013.02.12 11:36:01 | 000,018,432 | ---- | C] () -- C:\ProgramData\schluesselverwaltung.db3
[2013.02.08 12:29:58 | 000,000,036 | ---- | C] () -- C:\Windows\Uniformula.ini
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.01.24 12:24:13 | 000,000,102 | ---- | C] () -- C:\Windows\{E3B99F3D-9856-482A-9048-305E28E2510C}.ini
[2013.01.01 17:56:59 | 000,000,021 | ---- | C] () -- C:\Windows\TemplateWizard.INI
[2012.11.24 22:25:02 | 000,000,078 | ---- | C] () -- C:\Users\HEF01\govello20.properties
[2012.11.07 16:10:28 | 000,000,373 | ---- | C] () -- C:\Windows\System32\CNCMFP20.INI
[2012.08.19 12:14:36 | 000,000,079 | ---- | C] () -- C:\Users\HEF01\AppData\Local\CrystalDiskMark30.ini
[2012.08.16 18:42:36 | 000,003,168 | ---- | C] () -- C:\Windows\System32\HI-epanelLSPService.ini
[2012.08.16 18:42:36 | 000,001,864 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2012.08.11 23:05:29 | 000,000,017 | ---- | C] () -- C:\Users\HEF01\AppData\Local\resmon.resmoncfg
[2012.06.16 00:40:14 | 000,011,489 | ---- | C] () -- C:\Users\HEF01\gsview32.ini
[2012.06.10 23:18:29 | 000,000,223 | ---- | C] () -- C:\Windows\KcMV3DGD.ini
[2012.06.10 23:13:29 | 000,002,259 | ---- | C] () -- C:\Users\HEF01\PRINTSERVER-NetTool.ini
[2012.05.28 13:29:08 | 000,002,048 | ---- | C] () -- C:\Windows\null.exe
[2012.05.16 10:41:18 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2011.09.04 21:05:06 | 000,000,001 | ---- | C] () -- C:\Users\HEF01\.SIG_PINSTATUS_VOREINSTELLUNG
[2011.09.04 21:05:06 | 000,000,001 | ---- | C] () -- C:\Users\HEF01\.SIG_DIALOG_VOREINSTELLUNG
[2011.04.18 05:33:13 | 000,010,752 | ---- | C] () -- C:\Users\HEF01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.07 20:17:52 | 000,646,848 | ---- | C] () -- C:\Users\HEF01\AppData\Local\wanancsp.dat
[2011.04.07 19:18:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.16 15:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.07.02 13:48:12 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Avery
[2013.06.02 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\AVM
[2011.04.13 12:21:20 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Broad Intelligence
[2011.04.09 13:24:51 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Buhl Data Service
[2013.01.30 15:22:50 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Bytemobile
[2012.12.14 01:10:35 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\calibre
[2012.12.16 16:07:18 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Canneverbe Limited
[2012.11.28 17:20:47 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Canon
[2013.03.23 18:11:37 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Chipcardmaster
[2013.04.06 00:45:31 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\com.amazon.music.uploader
[2013.07.02 02:15:03 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\convert
[2011.04.12 21:49:32 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\DataDesign
[2012.01.01 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\DoublePics
[2013.07.02 01:00:03 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Dropbox
[2012.06.07 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\DVDVideoSoft
[2013.05.29 11:49:01 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\eIntaller
[2011.11.02 23:47:10 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\elsterformular
[2013.06.26 01:40:14 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FileZilla
[2012.10.04 23:15:50 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FreeFileSync
[2013.05.04 02:19:36 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FRITZ!
[2013.05.02 01:19:47 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2013.01.17 13:57:48 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\GetRightToGo
[2013.03.14 23:15:15 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\GLS Vereinsmeister
[2011.05.10 16:16:26 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\ImgBurn
[2012.09.07 20:02:00 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\InterVideo
[2013.05.20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\IPCamWizard
[2011.05.15 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\IrfanView
[2012.02.02 23:57:09 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Lenovo
[2011.04.12 21:31:22 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Lexware
[2013.03.08 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Motorola
[2013.03.08 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Motorola Mobility
[2012.01.04 02:43:34 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\NetMeter
[2012.06.08 00:41:01 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Notepad++
[2011.04.26 19:20:39 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\OpenOffice.org
[2011.05.05 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\PCDr
[2011.04.20 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Philipp Winterberg
[2012.11.24 01:44:54 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\PrivateTunnel
[2011.04.21 22:16:23 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\PwrMgr
[2013.04.08 23:42:24 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\QcWizard
[2012.05.26 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\RavensburgerTipToi
[2013.04.17 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Samsung
[2011.04.16 11:57:13 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\SmartLine
[2011.04.15 21:44:22 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Softland
[2013.03.24 02:01:01 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Synaptics
[2013.06.12 18:37:33 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TeamViewer
[2012.09.08 00:09:56 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Telefónica
[2012.09.08 00:09:56 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TGCMLog
[2011.04.09 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Thunderbird
[2012.01.20 01:41:20 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Total Immersion
[2011.04.24 17:43:12 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TuneUp Software
[2012.05.16 10:56:03 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TwonkyMedia
[2012.08.01 23:43:59 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TwonkyServer
[2011.12.27 23:31:45 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Ulead Systems
[2011.04.13 11:38:27 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Uniblue
[2011.05.05 14:44:14 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Update
[2013.01.01 01:49:29 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Vodafone
[2012.12.22 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Windows Live Writer
[2012.06.23 16:18:20 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Wireshark
[2013.02.22 00:24:16 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\YCanPDF

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2010.01.05 07:00:49 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\PolicyDefinitions\de-DE\Explorer.adml
[2010.01.05 07:00:49 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_79e5ffbcdccafc09\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009.06.10 23:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009.06.10 23:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx

< MD5 for: EXPLORER.DMP >
[2012.04.23 14:03:33 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Users\Public\Lenovo\Access Connections\Explorer.dmp

< MD5 for: EXPLORER.EXE >
[2010.01.05 07:02:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2013.05.16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010.01.05 07:02:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2010.01.05 07:00:32 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\de-DE\explorer.exe.mui
[2010.01.05 07:00:32 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5cd80747e61754a0\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013.07.02 03:08:07 | 000,222,750 | ---- | M] () MD5=3620BDFEF8CBB3B3472C961C7AD6E744 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.BAT >
[2013.04.21 09:58:12 | 000,029,803 | ---- | M] () MD5=E4B95882FB080670179EA3605395889B -- C:\JRT\iexplore.bat

< MD5 for: IEXPLORE.EXE >
[2012.05.18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_b12560b1c817cfde\iexplore.exe
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Program Files\Internet Explorer\iexplore.exe
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\ERDNT\cache\iexplore.exe
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_ba6545dc65e543de\iexplore.exe
[2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_b1148f09c82553c5\iexplore.exe
[2012.05.18 00:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_b19f2c1ee1420ce6\iexplore.exe
[2012.10.08 10:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_b119907bc820d278\iexplore.exe
[2013.03.21 13:11:10 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_ba715a6a65dbf461\iexplore.exe
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
[2013.04.05 07:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_a39ee59e7f860811\iexplore.exe
[2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_b12660fbc816e935\iexplore.exe
[2013.05.17 03:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_a38c5d6c7f953fa9\iexplore.exe
[2012.08.24 09:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_b1a52ddae13ca4f0\iexplore.exe
[2013.01.09 00:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_b10dc045c829d512\iexplore.exe
[2011.04.09 23:39:23 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe
[2010.12.18 07:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_b3e23cc79f2c4cea\iexplore.exe
[2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_b1276145c816028c\iexplore.exe
[2013.02.25 01:52:40 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=A11C5E3E288256C540B7ED8BE3A04B01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_a39aa01e7f89ef98\iexplore.exe
[2013.02.02 06:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_b17dbc10e15b4762\iexplore.exe
[2010.12.18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_b384dff685ed56b3\iexplore.exe
[2013.04.05 08:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[2012.11.16 18:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=B201AF83DF2E85323E29EB83E4046810 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_b11b910fc81f0526\iexplore.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012.06.02 10:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_b1a12cb2e1403f94\iexplore.exe
[2012.11.16 05:08:47 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=C0BA71C1B3FB6E3DD432FF3CCAEBDC62 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_b1985d5ae1468e33\iexplore.exe
[2010.11.20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
[2012.10.08 10:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_b1955c7ce149422e\iexplore.exe
[2013.02.02 06:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_b0feef31c8358ba7\iexplore.exe
[2013.02.21 13:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_ba7371c665da0d6e\iexplore.exe
[2012.06.29 01:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_b1a22cfce13f58eb\iexplore.exe
[2013.01.08 23:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_b18b8cdae1507776\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2011.04.09 23:39:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=0272AAC78F0D1CC205B893CCF5835DC5 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_01f1be9610db4e6b\iexplore.exe.mui
[2011.04.09 23:39:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_aae2948effb95a30\iexplore.exe.mui
[2013.03.21 13:12:45 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui
[2013.03.21 13:12:45 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_0b2d19e8aeab2983\iexplore.exe.mui
[2013.03.21 13:11:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013.03.21 13:11:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
[2010.01.05 07:00:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=D74E70EF11B77E438111FE0C79AAFD97 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_de-de_0402b932ceea8ae4\iexplore.exe.mui
[2010.01.05 07:00:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=D74E70EF11B77E438111FE0C79AAFD97 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_0633ccfacbd90e7e\iexplore.exe.mui

< MD5 for: IEXPLORE.PNG >
[2011.07.18 08:46:32 | 000,016,619 | ---- | M] () MD5=2DC4DF31FA082FD9310B20F3F950432C -- C:\Program Files\Lenovo\SimpleTap\Add-ons\Lenovo\InternetExplorer\iexplore.png

< MD5 for: SERVICES >
[2012.08.15 17:51:44 | 002,497,591 | ---- | M] () MD5=644A5F77D534ABBF4EBABFB4128F925C -- C:\Program Files\Wireshark\services
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.ASFX >
[2012.09.23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012.09.23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744BA0000000010\11.0.0\services.cfg
[2013.05.11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.CNF >
[2001.09.25 22:48:16 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\HEF01\Documents\Eigene Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2013.04.22 05:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat

< MD5 for: SERVICES.DLL >
[2009.05.22 20:31:22 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\Program Files\Common Files\Lenovo\InvAgent\local\collect\services.dll
[2012.11.13 18:38:36 | 000,008,704 | ---- | M] () MD5=E41D70348B1B51C0C76B617EA572B105 -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll

< MD5 for: SERVICES.DLL.CONFIG >
[2012.11.01 18:05:50 | 000,000,305 | ---- | M] () MD5=126EB374FFE77DAA27113E5AD6307C0B -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll.config

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010.01.05 07:00:30 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5BB3A4AC670D245257DBA6C397DF2EEB -- C:\Windows\System32\de-DE\services.exe.mui
[2010.01.05 07:00:30 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5BB3A4AC670D245257DBA6C397DF2EEB -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c0e2c741986ab76d\services.exe.mui

< MD5 for: SERVICES.HTM >
[2013.06.12 15:27:07 | 000,010,020 | ---- | M] () MD5=3BB8966C4302BAB7B015A42792BDD688 -- C:\Users\HEF01\Documents\Websites\bmi25\www\services.htm
[2012.12.25 22:33:40 | 000,010,717 | ---- | M] () MD5=79C8C4D401F745689667453C4FE25745 -- C:\Users\HEF01\AppData\Local\VirtualStore\Program Files\1blu\1blu HomepageBuilder 2\onlineshop\services.htm
[2012.12.25 23:12:42 | 000,010,616 | ---- | M] () MD5=BD5449F06D2270FC459035DC9F1F84B8 -- C:\Users\HEF01\AppData\Local\VirtualStore\Program Files\1blu\homepage\services.htm

< MD5 for: SERVICES.HTML >
[1999.11.20 01:10:40 | 000,003,881 | ---- | M] () MD5=70AF558BFB9814F4C27BDEA2BECE06D7 -- C:\Users\HEF01\Documents\Websites\E DPC1\MG Dateien\MGF Dateien alt\MGF Platte\MGF-Web\Projects\bender\www.mgbspares.com\Services.html
[1999.08.10 05:49:52 | 000,006,829 | ---- | M] () MD5=7860035843CD461C946A1FC169337B33 -- C:\Users\HEF01\Documents\Websites\E DPC1\MG Dateien\MGF Dateien alt\MGF Platte\MGF-Web\Projects\bastian\www.mgcars.org.uk\mgcc\services.html
[1999.11.02 00:03:44 | 000,006,829 | ---- | M] () MD5=7860035843CD461C946A1FC169337B33 -- C:\Users\HEF01\Documents\Websites\E DPC1\MG Dateien\MGF Dateien alt\MGF Platte\MGF-Web\Projects\MGCC UK\www.mgcars.org.uk\mgcc\services.html

< MD5 for: SERVICES.JSP >
[2009.04.17 17:10:45 | 000,003,347 | ---- | M] () MD5=F6BC4DD21FC354287A1B1485CA13BDB5 -- C:\Users\HEF01\Documents\Websites\E DPC1\2005_10_EPC\System\Tomcat\server\webapps\admin\service\services.jsp
[2003.04.28 20:29:41 | 000,003,347 | ---- | M] () MD5=F6BC4DD21FC354287A1B1485CA13BDB5 -- C:\Users\HEF01\Documents\Websites\E DPC1\2005_EPC\System\Tomcat\server\webapps\admin\service\services.jsp

< MD5 for: SERVICES.LNK >
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010.01.05 07:00:29 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\System32\de-DE\services.msc
[2010.01.05 07:00:29 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.RDB >
[2012.08.13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012.08.13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012.08.10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SERVICES.SBS >
[2011.03.01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011.03.01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs
[2008.06.02 14:25:44 | 000,063,501 | ---- | M] () MD5=A6D9C8B376ED8833763A935D56514AC0 -- C:\Program Files\SDistTest\includes\Services.sbs

< MD5 for: SERVICES.SBS-20110301.CAB >
[2013.05.30 01:56:26 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab

< MD5 for: WINLOGON.ADML >
[2010.01.05 07:00:47 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\PolicyDefinitions\de-DE\WinLogon.adml
[2010.01.05 07:00:47 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ebe991b24f578375\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009.06.10 23:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009.06.10 23:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010.01.05 07:00:29 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6D27EDFB15F475065FC18EB7CFCDB683 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21de11b5768bfbe6\winlogon.exe.mui
[2010.11.20 14:01:15 | 000,026,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\de-DE\winlogon.exe.mui
[2010.11.20 14:01:15 | 000,026,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_de-de_240f257d737a7f80\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2010.01.05 07:00:30 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\System32\wbem\de-DE\winlogon.mfl
[2010.01.05 07:00:30 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7fa0638091c4557b\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009.07.13 22:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009.07.13 22:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013.05.30 12:35:55 | 000,013,864 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013.05.30 12:38:04 | 000,000,370 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010.11.20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009.07.21 08:20:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013.07.02 03:00:40 | 000,045,060 | ---- | M] () -- C:\ComboFix.txt
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013.05.06 18:13:26 | 000,000,136 | ---- | M] () -- C:\GPEapSim.log
[2013.07.02 02:33:11 | 2406,219,776 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2013.02.20 22:56:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002.01.05 04:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002.01.05 04:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2012.09.12 21:11:16 | 000,006,594 | ---- | M] () -- C:\MPMSetup.log
[2013.02.20 22:56:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002.01.05 03:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
[2002.01.05 03:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2009.10.22 18:35:30 | 000,000,618 | ---- | M] () -- C:\NetworkCfg.xml
[2013.07.02 02:33:10 | 3208,294,400 | -HS- | M] () -- C:\pagefile.sys
[2011.09.08 11:53:15 | 000,000,207 | ---- | M] () -- C:\setup.log
[2012.12.30 19:54:55 | 000,000,024 | ---- | M] () -- C:\SISHashTodo
[2012.12.30 19:54:55 | 000,002,440 | ---- | M] () -- C:\SISTodo
[2013.07.01 22:45:52 | 000,174,712 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_01.07.2013_21.50.38_log.txt
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011.04.13 16:04:52 | 000,004,201 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2009.07.14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012.09.12 16:57:44 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2012.11.07 13:37:25 | 000,001,686 | -HS- | M] () -- C:\Users\HEF01\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Datentr„ger in Laufwerk C: ist Windows7_OS
Volumeseriennummer: 16C0-7A55
Verzeichnis von C:\
14.07.2009 06:53 <VERBINDUNG> Documents and Settings [C:\Users]
28.10.2010 14:58 <VERBINDUNG> Dokumente und Einstellungen [C:\Users]
28.10.2010 14:58 <VERBINDUNG> Programme [C:\Program Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files
28.10.2010 14:58 <VERBINDUNG> Gemeinsame Dateien [C:\Program Files\Common Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files\Windows NT
28.10.2010 14:58 <VERBINDUNG> Zubeh”r [C:\Program Files\Windows NT\Accessories]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Desktop [C:\Users\Public\Desktop]
14.07.2009 06:53 <VERBINDUNG> Documents [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Dokumente [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Favorites [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
28.10.2010 14:58 <VERBINDUNG> Startmen� [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 06:53 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates]
28.10.2010 14:58 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
28.10.2010 14:58 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPG-Fibu
28.02.2013 13:11 <VERBINDUNG> SPG-Fibu Anleitungen [\??\c:\spg\spg-fibu\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPG-Verein
16.06.2012 11:37 <VERBINDUNG> SPG-Verein Anleitungen [\??\C:\Users\HEF01\Documents\BVSG\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users
14.07.2009 06:53 <SYMLINKD> All Users [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Default User [C:\Users\Default]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Desktop [C:\Users\Public\Desktop]
14.07.2009 06:53 <VERBINDUNG> Documents [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Dokumente [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Favorites [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
28.10.2010 14:58 <VERBINDUNG> Startmen� [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 06:53 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates]
28.10.2010 14:58 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu
28.10.2010 14:58 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SPG-Fibu
28.02.2013 13:11 <VERBINDUNG> SPG-Fibu Anleitungen [\??\c:\spg\spg-fibu\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SPG-Verein
16.06.2012 11:37 <VERBINDUNG> SPG-Verein Anleitungen [\??\C:\Users\HEF01\Documents\BVSG\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Roaming]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Roaming]
28.10.2010 14:58 <VERBINDUNG> Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
28.10.2010 14:58 <VERBINDUNG> Eigene Dateien [C:\Users\Default\Documents]
14.07.2009 06:53 <VERBINDUNG> Local Settings [C:\Users\Default\AppData\Local]
28.10.2010 14:58 <VERBINDUNG> Lokale Einstellungen [C:\Users\Default\AppData\Local]
14.07.2009 06:53 <VERBINDUNG> My Documents [C:\Users\Default\Documents]
14.07.2009 06:53 <VERBINDUNG> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
28.10.2010 14:58 <VERBINDUNG> Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009 06:53 <VERBINDUNG> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009 06:53 <VERBINDUNG> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009 06:53 <VERBINDUNG> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009 06:53 <VERBINDUNG> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
28.10.2010 14:58 <VERBINDUNG> Startmen� [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009 06:53 <VERBINDUNG> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
28.10.2010 14:58 <VERBINDUNG> Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Local
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Local]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Local]
14.07.2009 06:53 <VERBINDUNG> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009 06:53 <VERBINDUNG> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
28.10.2010 14:58 <VERBINDUNG> Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
28.10.2010 14:58 <VERBINDUNG> Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\Documents
28.10.2010 14:58 <VERBINDUNG> Eigene Bilder [C:\Users\Default\Pictures]
28.10.2010 14:58 <VERBINDUNG> Eigene Musik [C:\Users\Default\Music]
28.10.2010 14:58 <VERBINDUNG> Eigene Videos [C:\Users\Default\Videos]
14.07.2009 06:53 <VERBINDUNG> My Music [C:\Users\Default\Music]
14.07.2009 06:53 <VERBINDUNG> My Pictures [C:\Users\Default\Pictures]
14.07.2009 06:53 <VERBINDUNG> My Videos [C:\Users\Default\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01
07.04.2011 17:04 <VERBINDUNG> Anwendungsdaten [C:\Users\HEF01\AppData\Roaming]
07.04.2011 17:04 <VERBINDUNG> Cookies [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Cookies]
07.04.2011 17:04 <VERBINDUNG> Druckumgebung [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07.04.2011 17:04 <VERBINDUNG> Eigene Dateien [C:\Users\HEF01\Documents]
07.04.2011 17:04 <VERBINDUNG> Lokale Einstellungen [C:\Users\HEF01\AppData\Local]
07.04.2011 17:04 <VERBINDUNG> Netzwerkumgebung [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07.04.2011 17:04 <VERBINDUNG> Recent [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Recent]
07.04.2011 17:04 <VERBINDUNG> SendTo [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\SendTo]
07.04.2011 17:04 <VERBINDUNG> Startmen� [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu]
07.04.2011 17:04 <VERBINDUNG> Vorlagen [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01\AppData\Local
07.04.2011 17:04 <VERBINDUNG> Anwendungsdaten [C:\Users\HEF01\AppData\Local]
07.04.2011 17:04 <VERBINDUNG> Temporary Internet Files [C:\Users\HEF01\AppData\Local\Microsoft\Windows\Temporary Internet Files]
07.04.2011 17:04 <VERBINDUNG> Verlauf [C:\Users\HEF01\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu
07.04.2011 17:04 <VERBINDUNG> Programme [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01\Documents
07.04.2011 17:04 <VERBINDUNG> Eigene Bilder [C:\Users\HEF01\Pictures]
07.04.2011 17:04 <VERBINDUNG> Eigene Musik [C:\Users\HEF01\Music]
07.04.2011 17:04 <VERBINDUNG> Eigene Videos [C:\Users\HEF01\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Public\Documents
28.10.2010 14:58 <VERBINDUNG> Eigene Bilder [C:\Users\Public\Pictures]
28.10.2010 14:58 <VERBINDUNG> Eigene Musik [C:\Users\Public\Music]
28.10.2010 14:58 <VERBINDUNG> Eigene Videos [C:\Users\Public\Videos]
14.07.2009 06:53 <VERBINDUNG> My Music [C:\Users\Public\Music]
14.07.2009 06:53 <VERBINDUNG> My Pictures [C:\Users\Public\Pictures]
14.07.2009 06:53 <VERBINDUNG> My Videos [C:\Users\Public\Videos]
0 Datei(en), 0 Bytes
Anzahl der angezeigten Dateien:
0 Datei(en), 0 Bytes
86 Verzeichnis(se), 443.905.892.352 Bytes frei

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011.04.09 23:42:25 | 000,000,221 | -HS- | M] () -- C:\Users\HEF01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013.05.30 13:51:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HEF01\Desktop\OTL.exe
[2013.02.12 18:14:45 | 001,239,976 | ---- | M] (Microsoft Corporation) -- C:\Users\HEF01\Desktop\wlsetup-web.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2011.12.19 03:04:46 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-07-02 09:06:52

< End of report >

Hi Benutzer,

Are you still getting the qvo6.com?

No you didn't do anything wrong. OTL only produces an Extra.txt the first time it's ran.

This should get us a new Extra.txt

Please open OTL.


Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the Extra Registry section check All

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, Extra.Txt. Please post this log.

Hi Oldman960,

yes, it's stil there. On start of IE and also when starting Firefox a tab gets added with that.
Also, beside of the slowish system I realised a problem with the standard windos explorer. No idea whether it's related to that malware problem.
On mouse right button click to any folder in the explorer left window the Explorer frequently stalls and crashes instead of opening the context menu.
However after own research i read that such problem happend to other user recently when playing with cloud drives. So may have nothing to do with the qvo6.com malware.

Anyway, this is the EXTRA.txt
-----------------------------
OTL Extras logfile created on: 03.07.2013 15:09:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HEF01\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 29,98% Memory free
5,97 Gb Paging File | 3,02 Gb Available in Paging File | 50,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 687,71 Gb Total Space | 413,12 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 9,76 Gb Total Space | 2,99 Gb Free Space | 30,68% Space Free | Partition Type: NTFS

Computer Name: HEF01-THINK | User Name: HEF01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB7519-0DB5-4313-963D-73A6CB27DC79}" = lport=2066 | protocol=17 | dir=in | name=avm usb udp |
"{01FF9E49-C746-4526-8B37-CE7AAB6A17C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{03016725-262E-4537-8813-AD22DE669E38}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{0D199F27-A546-4B68-8AD0-4B77181F4EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FA58806-4AB5-4542-A8DC-488486BCA39E}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{2430364D-39B7-4E38-9001-6F4DFF2700F8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{246DF8D8-9F42-4118-98E2-7984F33FCD22}" = lport=139 | protocol=6 | dir=in | app=system |
"{27E1461C-BD8D-47B8-AC53-E15EE14025A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2978456B-0EE2-4536-994E-0034F26A1890}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33D6DA5E-CDA8-432D-853E-610402310A10}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{34C2BDEB-475D-4CCF-8357-F5A7C6B4C98A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{398C43FA-DAAA-453A-A78C-AC05ED307414}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{3BD599A2-917C-453A-ACBB-EA36ACE4C8D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40354F74-5CB1-49BF-8148-4BAE73BB9E0C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{51C8D5E0-06D5-45F5-84DA-7F6200DEF2CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54198E8D-B9A2-4A4A-930A-B6F72044581D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6251C81F-BF7D-450A-A73D-CC76C1B3BD1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{63C155B0-75E5-4782-B691-9E1CF0C11360}" = rport=139 | protocol=6 | dir=out | app=system |
"{6AC51AE8-E506-4F50-900B-0720EC3FD631}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B5C09AA-04F4-4F2F-981D-05E82D30200C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{761C2B65-6CB9-4346-B56D-0E49832C3B71}" = rport=138 | protocol=17 | dir=out | app=system |
"{78630546-6E12-4DD3-842A-BB3615C9D9B5}" = lport=2066 | protocol=17 | dir=out | name=avm usb udp |
"{8C34E5AB-2DAA-4232-8D4E-D40BC2519701}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{8CB9CFC0-C255-4736-850C-A4B0D3B61DF3}" = lport=138 | protocol=17 | dir=in | app=system |
"{9238BFF6-5F92-4409-B155-FE66A45434C7}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{9C69F87F-04CD-4AF2-9E9E-DEC126A8284F}" = lport=2066 | protocol=6 | dir=in | name=avm usb tcp |
"{AD5A41B3-2628-4B31-8238-9A515E1CDBA4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AE185C65-1922-4808-B90A-1BAF3759D7D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B206E53D-E54B-48FA-A885-805E43BC2832}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B326A6A0-C0BE-45A4-A348-4FBE4F1AC349}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C0530A6E-9EB4-4B64-BAA9-681A18A51B52}" = lport=445 | protocol=6 | dir=in | app=system |
"{C34805C5-3034-4AED-AF19-1ADC63E6DC7B}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{C3813A94-6C06-4696-A82A-59115490A9CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCA24F95-8139-4FB9-BB59-1C54BDAD8F6F}" = rport=445 | protocol=6 | dir=out | app=system |
"{CCC82C09-1FDD-404C-9673-8BD160FB8991}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CEE30EFA-A288-4072-BAFA-3D25B687CA4C}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0D13103-596C-4824-80C8-E82E07268EF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB056A9D-749E-4B90-9E1C-FA3201BD13B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDEC54E6-4F73-4A19-808D-DFA142FDF804}" = lport=2066 | protocol=6 | dir=out | name=avm usb tcp |
"{E3E2EF2B-CB7A-4A46-B1AB-9259045C87D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC792370-31FA-4A22-95D6-801F3CD1BD3C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F516F422-20EE-4E60-A791-1262DF121B41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F757A666-DED2-478E-B622-249A90D76437}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FFC1BE5E-2714-4903-B005-E6C9C91B4503}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003CFDA7-5A7B-412A-8A38-933E2A96A2C9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{09D6E061-E0D4-440B-9348-F53689B2D16D}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{0A1EF171-365D-4517-9811-EBBDD48B9A63}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{179C4065-CFDF-4DC2-9A56-E31F2E189767}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{19E5CABF-61B7-412B-A950-52D3E67B5A52}" = dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{1B630084-9A49-47E2-9A4A-DD0F39A0FA6C}" = protocol=17 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"{1E06A745-2C3C-413C-83C0-7DD9BB05674C}" = protocol=17 | dir=in | app=c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{1E229250-95F4-460E-BB08-3C6B1EE6A645}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{235261BA-C195-445A-8BCF-B3883A621F8D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{24A286BB-F466-4B32-A86E-6A9C1A003E6C}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{26B27D35-51CB-4350-961F-408A306B9926}" = protocol=6 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"{2933FCD4-7CDF-4098-B388-F16E9614D6E7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A89E51C-5BE7-4AEB-B47D-99D3605EAEAB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C287D44-63A5-4AA0-A412-4C6E8843FAAB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{307B62BA-67B5-46F5-A85C-BCBDFAC1F8CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31C98B4F-299F-4E33-AAB3-086A72CD032A}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"{31FF00D3-67FB-4308-915A-701609D57418}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{345598EF-7AC4-4BBF-974B-2F3687E9A0F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{357E0DC9-B0B2-4E71-A789-F58B4FCA1A6C}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{3F53D034-AD0B-439E-BFC4-35D2DFEA17C3}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{457E2D43-0342-4234-B821-694254F5E41F}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{4A4B0D16-67DC-47B3-9D0E-D6738524732E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E66E75F-BD7B-421E-A918-37E15947A47A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{5223F2DB-F862-4FF1-9F50-A03AF93DE75F}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe |
"{557D1116-57B8-4FEA-944D-440D1DD5F366}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56436A71-2CFF-445D-B68B-B59D560BC4CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5727900D-0E1E-41C0-9158-BE4178DA528B}" = protocol=6 | dir=out | app=system |
"{59D0D5B2-9906-428C-8315-781DAE033F1C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5CD03436-6EF3-4317-8695-6AEF6D01B6D7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{5F745E20-D76B-4966-A751-B6A72D53F981}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"{6F405D51-AD9F-4001-96C9-06F4D091CD8E}" = protocol=6 | dir=in | app=c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{7E3CBC28-D85D-4FD8-98DC-5A7F5EDFBE87}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83A05E8C-F2EC-4162-B9F6-07979D6A782B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{857D4947-6BD4-49FB-9BF5-C2580DC6E577}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{88238FC5-482D-41B5-B298-B88D7D5B47BA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88A608BC-CFB6-4D4A-B30E-E5F085CD572E}" = dir=in | app=c:\users\hef01\appdata\local\microsoft\skydrive\skydrive.exe |
"{8BF1D549-D644-4300-97C0-D6CD9EAE09E2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C3AB7CC-B69F-4371-A15A-E169B6AC0CD9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{904C84F4-866F-442B-A048-212C2C71EEDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9488452D-783B-4291-AADE-829B3175DA67}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97DE165E-9543-407B-9015-CD4FC5D73713}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{9FEDF310-23E8-4128-9687-62AEEB134E17}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A039BD49-B1DA-40F4-A6BF-95C970F0EA43}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{A74D8F6F-E0FC-4FDF-AF67-5C2EEBB20F36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A83AC840-148A-4ECC-989D-1178549D8ACD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD6895C0-6232-4602-A4A8-2F6982C691A2}" = dir=in | app=%systemdrive%\programme\avira\antivir desktop\avnotify.exe |
"{AEF378C5-9889-4BBA-A699-8F83D01D9DE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF552B4A-D978-48B0-BB57-CD5F25977DF0}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe |
"{B22CAE23-1216-4408-81A4-C84DAFA712C1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B5016C59-488F-4731-BFDE-6FA4870998A9}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{C03D795E-7418-4ED9-876B-551714B59045}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C3941E18-646C-4C4A-9D19-F505419F01F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7AD9810-CC7B-49A6-92F7-8BD5072B4BD7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8811641-1430-4FE6-91C5-09CEC37A3B0F}" = protocol=17 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"{D0C231A4-0F58-477D-8C24-009900E6532F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7D23882-8046-4E98-B1AA-D7EB3A4F8540}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D802A799-7D10-4C68-BE03-2AABB27BE155}" = protocol=6 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"{D87E9DF9-671E-47FA-BEA9-956D3B31812C}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |
"{DB7CFFF9-B8D1-4422-9DE4-4FC0D2107CFE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF04E5AF-AE67-4750-9E7A-B58F93E64C4C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{E3636088-ADCE-45E2-BBD8-9E783A9C114B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E525007B-EDD1-46CE-B2C5-7EE95DF7416F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F14306AC-E0A2-4707-8A83-8B1897FEA279}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2B12DCC-981D-470D-A3D7-D75A309D6747}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{F372DF75-9748-4F05-B243-09CD6A48FC26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F56519F0-C7C3-407C-9633-3F6CD3C4E864}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6EB3C7F-99D8-43DF-BB3F-46839EBFC752}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |
"{FF5B94CD-A078-4807-84C4-2D41BA0B1D43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{16BC7813-DAD1-4358-A858-812772248D98}C:\program files\network tool for clients\kmcl.exe" = protocol=6 | dir=in | app=c:\program files\network tool for clients\kmcl.exe |
"TCP Query User{1BC521ED-983C-4DDF-B2D3-E93B22DAE05A}C:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe |
"TCP Query User{2B787D69-512D-4F27-8073-58282E57ED31}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=6 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"TCP Query User{389BD4DA-4D81-4B0D-AFE3-E64AC6B10ABC}C:\program files\philips\mediamanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files\philips\mediamanager\twonkymanager.exe |
"TCP Query User{3916AD10-6EB1-4780-8349-579CAE2A3B54}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"TCP Query User{4A20D853-4C26-482D-B183-9B02D356B4A9}C:\program files\network print monitor\kmnv.exe" = protocol=6 | dir=in | app=c:\program files\network print monitor\kmnv.exe |
"TCP Query User{5D9CB152-C468-4A5F-8E9A-EAEE1DF0A4D9}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{64036234-B5DA-4B26-9A1A-0F85DA010A75}C:\program files\philips\mediamanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files\philips\mediamanager\twonkyrenderer.exe |
"TCP Query User{6D3C4C52-9850-4C44-BBC9-E43B9E39F3A2}C:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe" = protocol=6 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"TCP Query User{6F11BF42-D797-4E10-A979-6FD8D108A006}C:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe" = protocol=6 | dir=in | app=c:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe |
"TCP Query User{7082CB21-F94F-4EA4-8EF9-91229F784D1F}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"TCP Query User{712ED90A-CA57-40F3-9B88-CFEE21CB1C1C}C:\namo\webeditor 9\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"TCP Query User{9468DD01-79F6-46D8-A2CB-D48590180339}C:\program files\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files\calibre2\calibre.exe |
"TCP Query User{99D218F3-31E1-47CE-8AAC-D1330135D143}C:\program files\ip camera wizard\ipcamwizard.exe" = protocol=6 | dir=in | app=c:\program files\ip camera wizard\ipcamwizard.exe |
"TCP Query User{A3F3CAC1-C15C-4939-978D-1D0988F84EE5}C:\program files\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\vlc\vlc.exe |
"TCP Query User{AE91AB72-A052-43A0-AD76-60CEA8AC25B5}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{B303AEAF-D7E1-40FD-9FE5-0E5E742CA9AE}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C2A75905-6670-4BEF-B8B6-B494787B2079}C:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe" = protocol=6 | dir=in | app=c:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe |
"TCP Query User{C97B3089-8241-482F-B554-F8FB48AAB07A}C:\program files\network camera\camera setup\camerasetup.exe" = protocol=6 | dir=in | app=c:\program files\network camera\camera setup\camerasetup.exe |
"TCP Query User{CB8A781E-CB0D-4039-91A9-3787E2FFABB9}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=6 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"TCP Query User{CB96C31C-3771-418C-AD8F-F97B9C6B0CB5}C:\users\hef01\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\client\googleearth.exe |
"TCP Query User{EFAC3726-2AB8-4EB1-B627-173D2E5D25E7}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{02BAAB1C-9392-4D88-8078-CCD20572DDC5}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=17 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"UDP Query User{06EA58E3-9ADF-4B1C-9235-01E1710EB27B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{0B2519DA-F3CD-4AF6-A2E3-EC0D08DCC691}C:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe" = protocol=17 | dir=in | app=c:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe |
"UDP Query User{246CB6F6-D439-4419-AC69-9F5006937C92}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=17 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"UDP Query User{24E27523-EEF7-4CE8-930D-F675223D8FE7}C:\namo\webeditor 9\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"UDP Query User{576485F8-906D-4AEE-B583-D0CC04756758}C:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe" = protocol=17 | dir=in | app=c:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe |
"UDP Query User{5EAA05E0-E1BC-4A42-958B-7C51C2FFF3CC}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"UDP Query User{6297DEBE-0597-4696-A1F0-54468DE8E04F}C:\program files\network print monitor\kmnv.exe" = protocol=17 | dir=in | app=c:\program files\network print monitor\kmnv.exe |
"UDP Query User{683DC679-CDE3-498C-AB41-D68A720B1314}C:\program files\philips\mediamanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files\philips\mediamanager\twonkymanager.exe |
"UDP Query User{68948812-6B0D-4C7B-963D-48DB74DAB489}C:\users\hef01\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\client\googleearth.exe |
"UDP Query User{6AD1951A-4D9E-49A1-ACC4-C5B5E44CF775}C:\program files\network camera\camera setup\camerasetup.exe" = protocol=17 | dir=in | app=c:\program files\network camera\camera setup\camerasetup.exe |
"UDP Query User{75838355-5E93-409C-BB00-50B829BD2B2B}C:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe |
"UDP Query User{8E5094FD-3D26-47B7-A7DC-7341C517CD1A}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{8FDE0FBC-EBE8-4352-AC73-33D434D5B638}C:\program files\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files\calibre2\calibre.exe |
"UDP Query User{9C2B3750-7E6B-49E6-87DB-5E564C3FA18B}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"UDP Query User{9FA01F33-9A20-4BA1-BEF1-18F626B13DA8}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{A065A9D7-2B77-4285-8BD8-9150028CE14D}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{BB1BD170-53D7-4B5C-BD13-2D44FFE371A5}C:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe" = protocol=17 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"UDP Query User{D9DE3A35-B271-4E91-A80A-F4C6DFA31B9C}C:\program files\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\vlc\vlc.exe |
"UDP Query User{DB59C9C7-100D-4C24-BE8A-D8C306855FE6}C:\program files\philips\mediamanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files\philips\mediamanager\twonkyrenderer.exe |
"UDP Query User{F6FD8474-716E-4AE3-99D7-89010FC330AD}C:\program files\network tool for clients\kmcl.exe" = protocol=17 | dir=in | app=c:\program files\network tool for clients\kmcl.exe |
"UDP Query User{FE7DD497-703B-49D5-8C6F-2041A39C2293}C:\program files\ip camera wizard\ipcamwizard.exe" = protocol=17 | dir=in | app=c:\program files\ip camera wizard\ipcamwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1" = Advanced Fix 2013 version 2.0.1.106
"{0194272E-B903-4098-9AF5-CF6D0ACF11E3}" = MGF-TF Workshop Companion
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{05DB19DE-A540-4CF8-B262-BFAADE53CE75}" = DTAUSmacher
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{10E931A1-471D-46C6-AEFE-98E2BD6FC00C}" = AllShare Framework DMS
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15C58B72-77EA-4ACE-B70C-A843A79FE8D9}" = SimonsVoss Locking System Management Basic 3.1 Demo
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{18815D2C-C62D-4066-94F3-55966581D2A5}" = FormsForWeb® Filler 3.2.3
"{1911BF50-9660-4D1F-B6AF-FBE3F45399BF}" = NoDupe 32-bit (v1.17.0.3)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1C3147A7-4810-45FC-AD89-064D8023A514}" = SEPA Account Converter
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{223766BE-E834-47AF-B002-0BAC11A37812}" = Wertpapieranalyse 2012
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23374ABE-C542-44F1-84B6-2381D0E6E2CE}" = Camera Setup
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2C75A885-9B73-4BC4-BB4E-974CDBB37F3C}_is1" = GLS Vereinsmeister 6.1
"{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken 2012
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{341A5362-88DB-484B-97A6-A57F535074CA}_is1" = Spybot-S&D Distributed Testing Client
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3F873E63-1CA5-4bdb-A8C7-D97012496DE3}" = Canon MF6500-Serie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{450CFD4D-7E60-3839-D0FA-56DB08675447}" = dLAN Cockpit
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = Digital Trends Club
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66633466-960F-4D50-BAFB-E29071B7A4C7}" = DDBAC
"{666C9123-1AEC-446F-8AA8-28256B1953D4}" = Qualcomm Gobi 2000 Package for Lenovo
"{6738D11F-DF64-445B-80A4-B6B32F297059}" = SPG-Verein 3.0
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{6DDD47AF-FE8C-4C89-86DE-56DFDA4367E3}" = SPG-Fibu 1.6
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{783FBB59-D099-4F38-A1B2-B7375FE28FD5}" = Lenovo SimpleTap
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FC74607-ED6E-49C3-87FA-56B50A2EE158}" = Quicken Import Export Server 2012
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8890396E-9E1B-4F8E-B465-5918B41CEEE9}" = AVM FRITZ!Fernzugang
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{90F00673-A276-4A58-B675-B426D39D1E09}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{9202762E-4B4C-48C9-A6CC-C27F9F85190A}" = Mobile Broadband Connect
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{99444C2A-C635-49C0-8659-AA23C83CC1CB}" = Network Tool for Clients
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9F72572C-CC6E-49A4-95ED-34CA0EDAB560}" = Network Print Monitor
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AD32F5E9-6BDD-480A-8B7B-95571D04691C}" = Lenovo Patch Utility
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.00
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B77395EA-AECD-4AD7-B9AE-FCDE5A93DC07}_is1" = IP Camera Wizard 1.0.0.27
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3312B77-9A4E-4359-AB7C-062341ABE141}" = Fresco Logic USB3.0 Host Controller
"{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = MobiLink3
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.48
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C470A6E7-F425-43B6-BA31-4CCBB2F55F84}" = portier Vision 3.20.003
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C908A5AC-4F61-4B9A-8A51-48B5696C53B1}" = Lexware online banking
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D96E0205-77DF-414C-A3DC-D8B25090A2A0}" = TSObjektkey 2008
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DEDF9B07-5628-4CA0-96BD-8B3AAD553292}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E4F6C5BD-023B-4352-9C1C-7851F5A3AE82}" = Namo WebEditor 9
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi-Software
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFADD989-D9F2-49F6-A280-675951CC78D3}" = FRITZ!Box-Fernzugang einrichten
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F58DA859-016E-492D-A588-317D9BB28002}" = ThinkVantage Fingerprint Software
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBD3DDF9-38BD-4BBC-A135-A5F0DD7BA634}" = Deutsche Post Einlieferungslisten
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"098EBB26BF07167AB12D1575EC24F883F9435E59" = Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022)
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022)
"7-Zip" = 7-Zip 4.65
"8474-7877-9059-0204" = Samsung Link 1.5.0.1305092012
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows-Treiberpaket - Intel USB (08/20/2009 9.1.1.1020)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDeX Key-Organizer 2013-02-20 20.30.11" = AIDeX Key-Organizer (Installation 20.02.2013)
"Anti-Twin 2012-11-14 22.56.34" = Anti-Twin (Installation 14.11.2012)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Bagusoft Password Safe" = Bagusoft Password Safe
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Chipcardmaster_is1" = Chipcardmaster 7.05
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"D2A522092C620419920616ACED9411B982912F1B" = Windows-Treiberpaket - Intel (e1kexpress) Net (12/01/2009 11.5.7.0)
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7
"doPDF 7 printer_is1" = doPDF 7.2 printer
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002)
"EaseUS Todo Backup Free 5.6_is1" = EaseUS Todo Backup Free 5.6
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"ERUNT_is1" = ERUNT 1.1j
"FBDBServer_2_0_is1" = Firebird 2.0.0
"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"FreeFileSync" = FreeFileSync 5.10
"GIMP-2_is1" = GIMP 2.8.4
"GLS Vereinsmeister" = GLS Vereinsmeister
"GLS Vereinsmeister Toolbox" = GLS Vereinsmeister Toolbox
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"ImgBurn" = ImgBurn
"INnDTAPro4.5.1" = INnDTAPro
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 Lenovo Edition
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{99444C2A-C635-49C0-8659-AA23C83CC1CB}" = Network Tool for Clients
"InstallShield_{9F72572C-CC6E-49A4-95ED-34CA0EDAB560}" = Network Print Monitor
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"IrfanView" = IrfanView (remove only)
"ITN Converter_is1" = ITN Converter 1.82
"JPG/JPEG Photo Converter_is1" = JPG/JPEG Photo Converter version 1.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MediaCoder" = MediaCoder 0.7.1.4496
"MediaManager" = MediaManager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MobiLink3" = MobiLink3
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Netnotep_is1" = Network Notepad 4.6.9
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"o2DE" = Mobile Connection Manager
"OnScreenDisplay" = Anzeige am Bildschirm
"PcCloneEX" = PcCloneEX
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PDF To Excel Converter_is1" = PDF To Excel Converter V2.0
"Picasa 3" = Picasa 3
"POIbase_is1" = POIbase 1.051
"PoiEdit" = PoiEdit
"Power Management Driver" = Lenovo Power Management Driver
"PRINTSERVER-NetTool" = PRINTSERVER-NetTool 1.8.43
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"RarZilla Free Unrar" = RarZilla Free Unrar
"Ravensburger tiptoi" = Ravensburger tiptoi
"SDEPRO20_is1" = SDExplorer 3.1
"SIZCHIP-Plugin-Mozilla-20" = S-Chip-Add-On 2.0.2.1 NPAPI
"SonyEditor" = SonyEditor (remove only)
"SugarSync" = SugarSync
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"UTAX TA Product Library" = UTAX TA Product Library
"VLC media player" = VLC media player 2.0.6
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.47-11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Wireshark" = Wireshark 1.8.2 (32-bit)
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"MGF-TF Workshop Companion" = MGF-TF Workshop Companion
"MyFreeCodec" = MyFreeCodec
"pdfsam" = pdfsam
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Virtual Globe." = Virtual Globe.

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02.07.2013 09:30:47 | Computer Name = HEF01-THINK | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lucom\FormsForWeb\Filler3.2.3\xerces-c_2_8.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lucom\FormsForWeb\Filler3.2.3\xerces-c_2_8.dll.Manifest"
in Zeile 6. Ungültige XML-Syntax.

Error - 03.07.2013 05:21:11 | Computer Name = HEF01-THINK | Source = AllShare Framework DMS | ID = 131073
Description =

Error - 03.07.2013 05:21:11 | Computer Name = HEF01-THINK | Source = AllShare Framework DMS | ID = 131073
Description =

Error - 03.07.2013 05:22:59 | Computer Name = HEF01-THINK | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 03.07.2013 07:07:52 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18103,
Zeitstempel: 0x512d91aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x25ac Startzeit der fehlerhaften Anwendung: 0x01ce77cf540586e8 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
cd6dbd13-e3d0-11e2-b795-70f39544e4bf

Error - 03.07.2013 07:08:00 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc015000f Fehleroffset: 0x00083fbe ID des fehlerhaften
Prozesses: 0x25ac Startzeit der fehlerhaften Anwendung: 0x01ce77cf540586e8 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
d2164e7d-e3d0-11e2-b795-70f39544e4bf

Error - 03.07.2013 07:08:20 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18103,
Zeitstempel: 0x512d91aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x295c Startzeit der fehlerhaften Anwendung: 0x01ce77dd9ae7441c Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
de2180c3-e3d0-11e2-b795-70f39544e4bf

Error - 03.07.2013 07:17:02 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18103,
Zeitstempel: 0x512d91aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x2fa0 Startzeit der fehlerhaften Anwendung: 0x01ce77ddb69769d2 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
154f768d-e3d2-11e2-b795-70f39544e4bf

Error - 03.07.2013 09:07:00 | Computer Name = HEF01-THINK | Source = MatSvc | ID = 262147
Description = Webdienstfehler im MATS-Dienst. hr=0xC004F020

Error - 03.07.2013 09:07:00 | Computer Name = HEF01-THINK | Source = MatSvc | ID = 262149
Description = Ein Teil der hochgeladenen Daten wurde vom Server zurückgewiesen.
hr=0xC004F020

[ System Events ]
Error - 02.07.2013 15:06:51 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Lenovo.VIRTSCRLSVC erreicht.

Error - 03.07.2013 05:22:03 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Spybot-S&D 2 Scanner Service erreicht.

Error - 03.07.2013 05:22:03 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 03.07.2013 05:23:22 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Live ID Sign-in Assistant erreicht.

Error - 03.07.2013 05:23:22 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 03.07.2013 05:23:52 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) PROSet/Wireless Zero Configuration Service erreicht.

Error - 03.07.2013 05:23:52 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde
aufgrund folgenden Fehlers nicht gestartet: %%1053

Error - 03.07.2013 05:24:17 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM

Error - 03.07.2013 05:25:11 | Computer Name = HEF01-THINK | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 03.07.2013 05:26:33 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.


< End of report >

Apology, I forgot to say, if you need any translation of the German language text in the logs, please let me know.

Additional I like to let you know the link that the malware produces as start page for IE and/or Firefox. Copied from the browser.

http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

Me again to a piece of the code of the link that the malware produces.
WD7500BPKT-80PK4T0 as part of the suspicious start link .... I see, that is the type of my computers Western Digital hard disk !

Hi,
as requested I did not change anything since we are in touch together on getting rid of this malware. But I tried some steps while waiting from first post in May until you offered the assistance here. May be the malware exe has been removed already, but the traces in reg.ini are stil active ?

I just had the idea to simply use MS-regedit and have a search for the string qvo6.
I found four entries (key names) as listed below with screenshots.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
10804

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command

C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665
10803

HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software\qvo6hp
10802

HKEY_USERS\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Internet Explorer\SearchScopes
10801

I believe thats it ?
Can I kill these entries and how should I do it. :sick:

Looking forward to your further instructions.

Hi Benutzer ,

Sorry about the delay, I've been working some odd ball shifts the last couple of days.

We'll run a search first then remove or repair the registry items as needed. This may take a few minutes.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield
Do not copy the word CODE , please note the script starts with the :

:regfind
qvo6
qvo6*


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

No worries, I can wait. Lucky having found someone who can help :bigthumb:

here we go with the result
SystemLook 30.07.11 by jpshortstuff
Log created at 20:03 on 04/07/2013 by HEF01
Administrator - Elevation successful

========== regfind ==========

Searching for "qvo6"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="v9.com qvo6.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665"
[HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software\qvo6hp]
[HKEY_USERS\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="v9.com qvo6.com"

Searching for "qvo6*"
No data found.

-= EOF =-

Hi Benutzer ,

We'll take care of an old vulnerable version of java at the same time.

click Start > Control Panel. Under Programs click Uninstall a program and uninstall


Java(TM) 6 Update 35


Do not uninstall Java 7 Update 25

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:services

:OTL
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"=-
[HKEY_USERS\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"=-

:Files
ipconfig /flushdns /c

:commands
[CreateRestorePoint]
[emptytemp]


Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Reboot the computer. Try the internet, is qvo6 gone now?

Hi oldman960,

this is not my day I think :confused:
qvo6.com is still there. Coming up as new tab in both the IE and Firefox.
It drives me nu*s :mad:
Process went a little different to what you said. There was a reboot forced by OTL at the end of the removing job. However I think that didn't matter.

This is the log file, looking quite successful :
-----------------------
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\""|"C:\Program Files\Mozilla Firefox\firefox.exe" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DoNotAskAgain deleted successfully.
Registry value HKEY_USERS\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DoNotAskAgain not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\HEF01\Desktop\cmd.bat deleted successfully.
C:\Users\HEF01\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HEF01
->Temp folder emptied: 97937172 bytes
->Temporary Internet Files folder emptied: 255021982 bytes
->Java cache emptied: 63490596 bytes
->FireFox cache emptied: 206871897 bytes
->Flash cache emptied: 3194839 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 67224 bytes
Windows Temp folder emptied: 24872645 bytes
RecycleBin emptied: 18733299 bytes

Total Files Cleaned = 639,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07052013_101106

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\GacelaLSPService.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
...................................................

I couldn't believe the qvo6 is still there and checked the reg file with SystemLook.exe and the search string we had above for qvo6
Result. It's nothing in there any more.
...................................................
SystemLook 30.07.11 by jpshortstuff
Log created at 10:44 on 05/07/2013 by HEF01
Administrator - Elevation successful

========== regfind ==========

Searching for "qvo6"
No data found.

Searching for "qvo6*"
No data found.

-= EOF =-
.............................................

And now ? Hope you have another idea ... :coffee:

Hi Today, 02:05 AMBenutzer ,

The reboot was normal. I just wanted a second reboot afterwards.

Please download ShortCut Cleaner (http://www.bleepingcomputer.com/download/shortcut-cleaner/)
Right click on sc-cleaner.exe and click "Run as Adminstrator"
If prompted allow the tool to run
If any hijacked shortcuts are found they will be cleaned
Please post the log.

Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Professional Service Pack 1
Program started at: 07/05/2013 12:30:46 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\

* Shortcut Cleaned: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

* Shortcut Cleaned: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

* Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

Searching C:\Users\HEF01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

* Shortcut Cleaned: C:\Users\HEF01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

* Shortcut Cleaned: C:\Users\HEF01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

* Shortcut Cleaned: C:\Users\HEF01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

Searching C:\Users\Public\Desktop\

* Shortcut Cleaned: C:\Users\Public\Desktop\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

Searching C:\Users\HEF01\Desktop


7 bad shortcuts found.

Program finished at: 07/05/2013 12:30:56 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

Hi Benutzer,

How's the computer now?

Hi oldman960,

it's fine !!
I've done another reboot and IE and aswell Firefox are clean .

Many, many thanks !!

Where should I send the :present:
Or if you get to Germany, drop me a line I owe you a "Bratwurst" and some "Bier"

Keep up your great work.
:bow:

Hi Benutzer,

Good. We'll restore that file for you then clean up the tools we used.


We will be using Combofix again but will run it differently.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the all of the text in the code box below into the Notepad, Do Not [/b]copy the word CODE



DeQuarantine::
C:\Qoobox\Quarantine\C\users\HEF01\AppData\Roaming\convert\convert.exe.vir
Quit::

In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

**Note**

When CF finishes running, a notepad named DeQuarantine.txt will open.


Please post back with the DeQuarantine.txt log.

Thanks

Hi oldman960,

Thank you. Done that. Computer is still fine.

C:\Qoobox\Quarantine\C\users\HEF01\AppData\Roaming\convert\convert.exe.vir -> C:\users\HEF01\AppData\Roaming\convert\convert.exe ( 12697088 bytes )

Hi Benutzer ,

We can clean up the tools now.

From your desktop, please delete, if present
any notepads/logs that we created
SystemLook.exe
sc-cleaner.exe
TDSSKiller.exe
aswMBR.exe
mbr.dat
DDS


You can delete TDSSKiller.[Version]_[Date]_[Time]_log.txt , TDSSKiller_Quarantine from C:\

Next

Disable your security programs for this first step. you can re-enable them afterwards.

Press the Windows key and the R key. A run box should open'. Copy and paste the following line into the box and click OK


Combofix /uninstall



Next

Open ADWcleaner and click the uninstall button.



Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep it updated and use it regularly.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have both Avira antiSpyware and Spybot. These 2 programs do essentially the same thing. Since Spybot is outdated I suggest you uninstall it. Use MBAM as an on demand scanner and use it on a regular basis. Windows7 firewall is pretty good so you have the basics.

You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System and Security. under Windows Updates click turn automatic updating on or off. Select the option you want.

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)

Please post back if you have any problems.

Take care

Dear oldman960,

many thanks again. All went fine.
I learned a lot and will follow your instructions.

Cheers !:thanks:

Hi Benutzer ,

You are very welcome.

Take care, keep safe.

Since this issue appears to be resolved ... this Topic has been closed.