Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Lenovo 520 Notebook

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.04.2013, 15:51   #1
walter_h
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



So nach und nach checken wir alle Computer im Hause. Hier die Scans von OTL

Code:
ATTFilter
OTL logfile created on: 06.04.2013 16:35:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ValiN\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 65,61% Memory free
7,82 Gb Paging File | 5,74 Gb Available in Paging File | 73,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,45 Gb Total Space | 571,17 Gb Free Space | 83,33% Space Free | Partition Type: NTFS
Drive D: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 11,72 Gb Total Space | 1,57 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
 
Computer Name: VADMIN-THINK | User Name: Vadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.06 16:33:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ValiN\Desktop\OTL.exe
PRC - [2013.03.29 21:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.03.28 03:41:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 03:41:32 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.03.28 03:41:29 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 03:41:29 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.01.09 22:11:54 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.10.25 20:59:52 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.129\deploy\LoLLauncher.exe
PRC - [2012.10.25 20:58:54 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.31 20:03:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.08.11 12:04:16 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.07.12 09:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.06.24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011.05.31 11:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.05.31 11:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011.05.31 11:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.05.25 15:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011.02.24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.07 05:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
PRC - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.29 21:53:56 | 001,114,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.01.16 18:26:01 | 002,212,304 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.10.25 20:59:52 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.129\deploy\LoLLauncher.exe
MOD - [2012.10.25 20:58:54 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011.06.24 08:25:49 | 000,329,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll
MOD - [2011.06.24 08:25:47 | 003,649,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\pdf.dll
MOD - [2011.06.24 08:24:21 | 000,104,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avutil-50.dll
MOD - [2011.06.24 08:24:20 | 000,203,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avformat-52.dll
MOD - [2011.06.24 08:24:18 | 001,846,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avcodec-52.dll
MOD - [2011.06.24 05:20:43 | 006,333,088 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\gcswf32.dll
MOD - [2011.06.24 05:20:43 | 006,333,088 | ---- | M] () -- C:\PROGRA~2\Google\Chrome\APPLIC~1\120742~1.112\gcswf32.dll
MOD - [2010.04.06 10:05:16 | 002,085,888 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cv210.dll
MOD - [2010.04.06 10:04:06 | 002,201,088 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cxcore210.dll
MOD - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.08.11 04:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.05.11 15:53:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.03.29 20:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.12.17 00:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.28 03:41:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 03:41:32 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.28 03:41:29 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 01:52:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.01.09 22:11:54 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.31 20:03:00 | 000,173,416 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.08.31 20:03:00 | 000,087,400 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.07.27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.07.27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.07.27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.12 09:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 09:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.07.12 09:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.07.08 18:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2011.05.31 11:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011.05.31 11:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2011.04.28 00:41:18 | 000,968,480 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.02.24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.07 05:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.28 03:41:47 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 03:41:47 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 03:41:47 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.28 05:12:10 | 000,023,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UHSfiltv.sys -- (UHSfiltv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.18 20:07:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.18 20:07:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.11.18 11:47:57 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.31 20:03:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.08.11 04:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011.08.09 01:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.08.03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.06.21 16:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.21 16:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.25 18:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011.05.19 14:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.11 19:16:38 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.11 15:16:54 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.27 17:50:38 | 000,436,776 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.04.27 17:50:32 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.04.27 17:50:32 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.04.27 17:50:32 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.04.27 17:50:32 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.03.29 20:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.03.29 20:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.03.24 08:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.04 19:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.07 07:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.07.08 18:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{01AAAA62-E68F-1ABA-8920-766B98002504}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{30AB421B-649D-983B-5C91-4BDD52A9FE83}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=a481e782000000000000f0def1a6fa4a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {01AAAA62-E68F-1ABA-8920-766B98002504}
IE - HKCU\..\SearchScopes\{01AAAA62-E68F-1ABA-8920-766B98002504}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE464
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=a481e782000000000000f0def1a6fa4a
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE - HKCU\..\SearchScopes\{FD5B919B-DA89-4584-8779-FA9A9E20EAB9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3661c9a3-d3cf-4928-b4df-f6049a675ac0&apn_sauid=9D958D85-4BF2-4CE6-89CD-42E71EBCAECF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.18 13:39:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.08 18:30:02 | 000,037,909 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.6.8\FF [2013.02.18 13:42:09 | 000,000,000 | ---D | M]
 
[2013.02.18 13:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.8\PriceGongIE.dll (PriceGong)
O2 - BHO: (SearchYa Helper Object) - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\SearchYa!\1.8.8.0\bh\searchya.dll (Montera Technologeis LTD)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SearchYa Toolbar) - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\SearchYa!\1.8.8.0\searchyaTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vadmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vadmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D0A9268-F6E1-459A-83D1-7A6B0CCE20D7}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63ACE54F-655C-4852-BCEC-3EDEAF429440}: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.16 18:49:08 | 000,000,038 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{187e85c6-11c5-11e1-864f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{187e85c6-11c5-11e1-864f-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.28 03:42:00 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 03:42:00 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 03:42:00 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.16 22:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.16 22:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.16 22:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.06 16:36:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.04.06 16:32:33 | 000,000,000 | ---- | M] () -- C:\Users\Vadmin\defogger_reenable
[2013.04.06 16:29:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.06 16:28:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.04.06 15:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.06 14:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.06 13:56:20 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 13:56:20 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 13:53:29 | 001,614,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.06 13:53:29 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.06 13:53:29 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.06 13:53:29 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.06 13:53:29 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.06 13:48:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.06 13:48:39 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.05 17:51:22 | 000,000,000 | ---- | M] () -- C:\END
[2013.03.28 03:41:47 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 03:41:47 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 03:41:47 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.06 16:32:33 | 000,000,000 | ---- | C] () -- C:\Users\Vadmin\defogger_reenable
[2013.02.18 13:40:36 | 000,338,815 | ---- | C] () -- C:\Users\Vadmin\AppData\Local\speeddial.crx
[2013.01.24 01:34:21 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.09.28 05:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 05:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.09.28 05:12:10 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2012.02.24 20:27:44 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.28 16:25:45 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.01.28 16:25:45 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.11.18 19:54:11 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.11.18 11:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.18 11:32:29 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.11.18 11:31:27 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.18 11:31:27 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.18 11:31:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.18 11:31:27 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.18 11:31:26 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.18 11:31:26 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.18 11:22:48 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.12 00:57:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.18 13:39:10 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\Babylon
[2013.02.18 13:39:25 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\Delta
[2013.01.25 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\DVDVideoSoft
[2013.01.25 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.24 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\Leadertech
[2012.09.02 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\LolClient
[2012.02.10 15:49:28 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\Mount&Blade
[2012.01.01 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2011.12.30 16:35:13 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\PCDr
[2013.02.18 13:42:06 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\pdfforge
[2011.12.25 00:18:18 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\PwrMgr
[2013.02.18 13:40:36 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\Searchya
[2012.08.19 15:47:38 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
         

Und hier von der Extra.txt

Code:
ATTFilter
OTL Extras logfile created on: 06.04.2013 16:35:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ValiN\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 65,61% Memory free
7,82 Gb Paging File | 5,74 Gb Available in Paging File | 73,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,45 Gb Total Space | 571,17 Gb Free Space | 83,33% Space Free | Partition Type: NTFS
Drive D: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 11,72 Gb Total Space | 1,57 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
 
Computer Name: VADMIN-THINK | User Name: Vadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- ()
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1 -- ()
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- ()
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1 -- ()
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032777C5-D2EF-4E52-978A-A22E69C826DF}" = lport=56364 | protocol=6 | dir=in | name=pando media booster | 
"{0BC438A5-C046-4C0B-8F1B-CA717CE1277E}" = lport=58566 | protocol=6 | dir=in | name=pando media booster | 
"{155BB13C-40B8-4C43-9064-A2F02138E7B6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{194B1F23-0408-4E86-98E6-C44602A1EF0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1BB92E98-7F6E-49E0-821C-62543B7175D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20E7A7F2-FB36-4D07-A98F-1600B1DE49F7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{212E5E2D-C9E0-439D-803A-C0A49187A796}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2681FE73-FBBE-45B0-98DA-2B99BFC6A194}" = lport=58566 | protocol=17 | dir=in | name=pando media booster | 
"{2A81F56D-CEAB-466F-9523-4FF908A510DA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2DBE5AA1-CD02-4C5A-9F43-6ECACBD79B3B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51A5B4CF-7FE9-43DA-8988-EC5E836A1C0E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{59988C81-4746-4757-87CE-96DF3D4F8BE2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{62F8B3E8-ECDA-492C-84D6-E1447EEC4E82}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6508AA5E-7368-4346-AFE9-BBF8AF5005D4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{69D35115-E5BA-4514-849A-547235BBAE1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BF3B0CE-FE4F-416D-BE4D-B09F35885429}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7D1546A1-920F-4758-B3A9-FC764B529892}" = lport=58566 | protocol=6 | dir=in | name=pando media booster | 
"{8660B42D-D59C-435A-92E5-720E0839AB79}" = lport=58566 | protocol=17 | dir=in | name=pando media booster | 
"{8BBB39D0-BE3E-4E97-AD87-452D2A5E646C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8BC0AFCE-9835-454B-A3B9-9BD55AC2F721}" = rport=137 | protocol=17 | dir=out | app=system | 
"{90A2704D-EE89-4B9B-B0F0-92C8C8DB0CDE}" = lport=56364 | protocol=17 | dir=in | name=pando media booster | 
"{93A7A167-38F3-4E1B-A4E4-A282E1C8839E}" = lport=56364 | protocol=6 | dir=in | name=pando media booster | 
"{BC295F7E-3F0A-42DC-A1C9-88873180C7A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C1271C69-D84B-4EDF-AE17-E85DA1F532FC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C43D8CF6-D49E-405D-97CC-D1141A3D7A95}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C6B3C9DA-839B-4FC9-B79D-2C94E81E9851}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C7B2B3C5-4C41-4528-97CF-548A3BC717E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8D9A5C2-AFF4-40CE-B06D-D5A7A38FCDA7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D67F247C-EBB7-42DE-A7CC-13AEB34C3E3A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{DD4AD901-ECC3-42CE-BA65-1B013ED6C65E}" = lport=56364 | protocol=17 | dir=in | name=pando media booster | 
"{E4FB852A-BF1B-44FA-88F6-2383FF2F2F55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E984CCF4-A248-4CEC-84E4-2627AF3B8DA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00671AA5-7A48-440B-98DE-EA9D90816323}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{02F3E226-8F01-4CB8-AE57-BCB3491DE776}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{09F0B1C1-4CF8-4B71-8D10-ADAA5A6FDA4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AA2DB4D-4F44-46F3-8366-7F4FD968956A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe | 
"{0C113CC6-0D20-4F7C-A470-E837CEB67260}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{0E42BC78-DEC8-4721-A339-9E81AF5A50D2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{14DC17B5-AA4A-4C7D-BA92-5EA6AE5B1C5A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{168CCCF8-12C9-48EA-86A5-8A767A1D0A4F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{17F6FD00-0EEB-4A21-870B-4972403FB347}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{1F24B5E5-3CCD-44C4-B323-CBDA0B2EFDC9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{26B2BCCF-B22C-41DD-92D0-619F890A98D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{292B2B1F-6161-4378-B976-DA401E2CA26C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{299DEA91-B710-4A88-BCF0-907997A5E6E5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2B99BA4E-4A3A-4FA3-934E-17087CCCCA64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2D25B208-5673-4005-B9DD-D99D351C8500}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{2D7D3FF7-3C64-47BB-A8A8-73EEEEA109AD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2D8A46BF-403E-4A78-8850-F4D9E7E470AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{2E8DC5A5-41B8-48CF-8D1C-35BC30C0D1A4}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{3079B4F9-390B-4643-ADE4-E1CD403B25CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{34F7F962-E870-4AFB-893E-9BEA096A6332}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{359DDC34-D017-4338-B1E5-CE719A0B1639}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{37A34571-EA5C-4D93-81A2-3CAACD82309F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | 
"{3A23CA3E-75FB-44EC-9A43-5BEE8837EF45}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{3D180434-EE1A-4D34-95A9-6D39BEE1BFDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4311023C-94F8-4ECE-A206-4E1E2B5CC7F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{44884B92-F4F9-4717-85FF-A3AE1EE74332}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{500133AD-47D5-49D0-8F8F-727B10B365A6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{5280F8A8-78EA-4A2A-9CB0-114AFAC6694E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C2DF638-6445-44CB-BCD7-4D7C0515A19F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5D308CA3-32D9-4919-814C-90FE9FA25FE4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{5ED8E37C-84CD-4662-9905-64B05A2C1C4C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{5F506AC5-6F45-421B-935C-8EC1D05154B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5FD91A0C-C8CF-41F9-A8D0-F585F1EA1FFA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{625BA157-AD34-4AC7-9849-AD4347D13F65}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{671CC855-4658-4D68-9002-6E89471D355B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6BCC9FA3-96FD-4140-AB98-C439384C7BB9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6CF2ADC1-75AA-456B-8738-3581E482138F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{7972EA5B-72EE-4344-A203-5E6329A11BC0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{7ACEE2CF-696D-490A-A665-9FF1E23C161B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86265F72-B1C7-40BB-9E9C-0761F32A0FCC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{867F4A27-D55F-48BA-8535-55F3BE6AEE5D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{8D27AE32-B805-4AC3-A3AF-6972ADFA4692}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"{94FBCEE6-C5C1-45A9-B05A-2F5415FE20C0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{95CED0E7-EB75-417B-A52C-A009E03A2DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{96A79D67-E8B0-4B8E-8A33-F4BB73E9E7F6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{97089813-E789-405C-ADD9-2DA353B80D62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{999FDA8E-D753-44CE-A4E8-1B9569316C25}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{9D34F5F6-05A1-489A-89FD-6900A265354E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9D58777F-F701-4265-8125-936A6333CAD4}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{9DB8260D-C4DD-4C00-AD1B-340A9E1312DA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{A4B140F5-56DD-4D56-8779-44580DFDEDC9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A4E7C023-0B56-412E-AB9A-2BFA378FC1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe | 
"{A6812357-41AF-4009-9A19-EE23FC95D1C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B09A452A-2AA5-4C7E-8B3E-2B2D2ABDC160}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B3B5E484-E332-4513-82A7-CF4378ACB1DD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{B40483F9-A4F9-4C34-A954-F8715D205A0C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{B7ED64C7-4F0C-4AA8-93E7-FB8C75380EBB}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"{B951DF50-19BD-4A5E-8571-5D2235F87D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C53A7572-B432-42F8-9310-EB97C5C5723B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CEBCD80A-2539-4012-88F2-93A0B936D1B7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the lord of the rings, the rise of the witch-king\game.dat | 
"{CF8B0E66-E6D8-45E3-93F2-1E01B5EAAC54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{D750E737-3C00-4762-A70B-9661E6B7DB18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D920C260-96BC-4AD7-863A-278AEBBEF10B}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{D942595A-65A5-445A-8B7C-8AA6E1418428}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E2079C8E-110E-4476-9001-A361DA6D5788}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E77336F5-B481-40A3-BCD6-28F2377E8176}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{E97EDEBD-4B69-48CE-94F5-C02559BF56CE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{EB68408B-8C93-4A89-ACE0-FC771A8284B8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{F77E7D95-FA6E-49DB-BDB0-15BB695EE75F}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{F7904D1E-6E00-4661-B07B-3AFED77E5B5E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FFB665F7-3846-4926-9637-F1394F86274C}" = protocol=6 | dir=out | app=system | 
"TCP Query User{4A78F75D-3331-4013-A8D6-B61FB12ABD3F}C:\program files (x86)\steam\steamapps\stop800\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\stop800\team fortress 2\hl2.exe | 
"TCP Query User{5C674D26-94C8-45D0-B4D3-4E03CF9E4D71}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{85CF3F0D-0FCF-4DC0-99FF-9111BF1B98A2}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{980D37EC-7F18-4A62-AF0A-47F99C596F43}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{9949A6C7-056F-4CE3-B3EC-2E0A517E20D4}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{9CBF1B09-6310-4A07-97DA-9A117330DD1F}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{B64619D7-59BB-462E-B7C0-0228059F078E}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe | 
"TCP Query User{BF92329E-6280-4D1A-805B-62FA9C2DC3A8}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"TCP Query User{C4606878-4AF4-440E-8F67-DDE3D2D210C4}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{D4E470C5-083F-406A-9F32-2D9D2CED82EC}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{E298CC7A-FC3F-4B5D-8DEB-0E343695D6E8}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{FA6B0F60-AB58-423B-B6C9-68664E937982}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"UDP Query User{320384AD-079A-424C-9E70-419F2112F997}C:\program files (x86)\steam\steamapps\stop800\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\stop800\team fortress 2\hl2.exe | 
"UDP Query User{53A4A9A7-8188-42E7-B420-AE063F30C1FB}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{568E19BF-8B11-498E-A6CC-5B62D14C9641}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{5BC07BFD-87C4-4270-933C-C7CF6C52696E}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{5D9547B9-1948-4B8C-B484-B0169A540499}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{6DF8A7CF-FFC1-4A2F-9DB6-293FB42885A9}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{90B73F0E-00E4-4619-AAF3-202E877ABF81}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{AF526B00-5C87-41CD-8608-64DE43C81AFC}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe | 
"UDP Query User{ECAA0C1A-E390-4A32-B129-4C925EBBFD5C}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{F48FBC66-C8A5-4562-B5AC-068D3A7A5EA9}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{F82225C9-95DE-44F0-AB44-5055F16602EF}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"UDP Query User{FF4F94ED-D9DC-4278-B9C0-2BF237A0E5AB}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{31A767DA-2BA4-F9EF-1747-4AED98BD4212}" = ccc-utility64
"{39969C3E-B297-41E5-9A7B-E252B504B21B}" = Lenovo SimpleTap
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBDB286E-D477-3C75-7F95-CAE737409050}" = ATI Catalyst Install Manager
"01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B" = Windows-Treiberpaket - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00)
"73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12" = Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008)
"828B05D2B647CDAEA22493F7BFB96847265EE596" = Windows-Treiberpaket - Realtek (RTL8167) Net  (12/29/2010 7.037.1229.2010)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068002C1-0010-57BA-209D-D9B6E0DA62A5}" = Catalyst Control Center Graphics Previews Common
"{09415C3E-4DF1-EE91-8641-DBD2E6EB9F87}" = PX Profile Update
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C7DC0B9-C6A8-9666-8A99-FEF45CD1E2CF}" = CCC Help Portuguese
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B38D00E-A7FE-69AB-405E-A2FB92473C8D}" = CCC Help Spanish
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2A38A248-77EE-1425-D96F-AA4DDDD042D3}" = CCC Help German
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2DBC8055-BAA2-65E8-3942-E2843FE5B926}" = Catalyst Control Center InstallProxy
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877A7B2-CDA8-B5E9-00A4-E94A7CD6D472}" = CCC Help Finnish
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3F752762-9BB6-34C9-005A-D265B0713971}" = Catalyst Control Center Profiles Mobile
"{46473AAA-ECD6-340B-2A41-BBEAD7CE1239}" = CCC Help Norwegian
"{4987CBF1-634F-89D9-8D29-D703EA07E4C7}" = CCC Help Greek
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F038D88-0311-29AF-D825-D3F2D38FAF18}" = Catalyst Control Center
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{6090C051-D5A9-7327-9494-A04316488C6C}" = CCC Help Japanese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E7CC067-77C3-B53A-EFFC-70A58BF90E5D}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7CC6E579-7042-F797-C812-DD14688CB3BA}" = CCC Help Dutch
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A833C64A-8367-4683-91FB-E574143A1726}" = Catalyst Control Center - Branding
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{B939E0E7-D4CC-01B5-A8AF-E8F16A558D3F}" = CCC Help Chinese Standard
"{BC4A2B6E-DA5E-2802-F161-C5DD27C5138A}" = CCC Help Turkish
"{BD42856F-A3A8-89E8-B307-A6AB5393EF53}" = CCC Help Polish
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C1B0A2C0-C50B-588B-392D-175E21FAA21C}" = CCC Help French
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2B9E4FE-F6BF-B8EA-947B-912557E9E959}" = CCC Help Thai
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{C9969938-E6DA-E5AE-B662-1D886596541F}" = CCC Help Russian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F3441B-AAF2-C216-761E-1609CFEF1793}" = CCC Help Danish
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1C82F2E-DFAF-444A-80B3-DE7364A0F01A}" = CCC Help Korean
"{E1E09216-785C-F097-B6F9-DE1F2614EA52}" = CCC Help Italian
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9E25C9F-92C3-46FC-AB0B-55BE59AD271B}" = CCC Help Swedish
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F1495258-1B5E-7380-3242-17942AFCEAF0}" = CCC Help Czech
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F2672232-FF17-4DC9-8F24-A1E1829FE086}" = BisonCam Twain Pro
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F7BEC30A-3918-2617-00F9-4D36B9CC42B8}" = CCC Help English
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9AB8BD0-282F-0DFB-14B7-21BC98C8518A}" = Catalyst Control Center Localization All
"{FB99AD73-DFD2-7543-3753-078BEC5EE08F}" = CCC Help Chinese Traditional
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blue Byte Game Channel" = Blue Byte Game Channel
"delta" = Delta toolbar  
"Diablo II" = Diablo II
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Mount&Blade" = Mount&Blade
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PriceGong" = PriceGong 2.6.8
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.94
"searchya" = SearchYa!
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Wajam" = Wajam
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.11.2012 20:42:21 | Computer Name = Vadmin-THINK | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 18.11.2012 02:26:24 | Computer Name = Vadmin-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.11.2012 02:28:19 | Computer Name = Vadmin-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x404  Startzeit der fehlerhaften Anwendung: 0x01cdc5558e90e25b
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 24745f4c-3149-11e2-aee4-f0def1a6fa4a
 
Error - 18.11.2012 02:28:29 | Computer Name = Vadmin-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.11.2012 12:53:08 | Computer Name = Vadmin-THINK | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 18.11.2012 12:53:08 | Computer Name = Vadmin-THINK | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 18.11.2012 16:04:10 | Computer Name = Vadmin-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.11.2012 16:54:49 | Computer Name = Vadmin-THINK | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 19.11.2012 07:46:27 | Computer Name = Vadmin-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.11.2012 08:56:36 | Computer Name = Vadmin-THINK | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
[ Lenovo-Lenovo Patch Utility/Admin Events ]
Error - 29.07.2012 08:48:00 | Computer Name = Vadmin-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
 konnten nicht übersetzt werden.
 
Error - 29.07.2012 08:48:03 | Computer Name = Vadmin-THINK | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
 Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 
[ System Events ]
Error - 02.04.2013 12:40:05 | Computer Name = Vadmin-THINK | Source = DCOM | ID = 10010
Description = 
 
Error - 02.04.2013 19:44:10 | Computer Name = Vadmin-THINK | Source = DCOM | ID = 10010
Description = 
 
Error - 02.04.2013 19:44:34 | Computer Name = Vadmin-THINK | Source = DCOM | ID = 10010
Description = 
 
Error - 04.04.2013 20:35:25 | Computer Name = Vadmin-THINK | Source = DCOM | ID = 10010
Description = 
 
Error - 04.04.2013 20:35:27 | Computer Name = Vadmin-THINK | Source = DCOM | ID = 10010
Description = 
 
Error - 05.04.2013 05:43:33 | Computer Name = Vadmin-THINK | Source = DCOM | ID = 10010
Description = 
 
Error - 05.04.2013 06:20:35 | Computer Name = Vadmin-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Spooler erreicht.
 
Error - 05.04.2013 08:56:11 | Computer Name = Vadmin-THINK | Source = DCOM | ID = 10010
Description = 
 
Error - 05.04.2013 12:30:05 | Computer Name = Vadmin-THINK | Source = DCOM | ID = 10010
Description = 
 
Error - 05.04.2013 20:26:05 | Computer Name = Vadmin-THINK | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Was muss/sollte ich jetzt als nächstes tun?

Alt 06.04.2013, 17:29   #2
walter_h
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Hier jetzt der Inhalt von gmer:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-06 18:06:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Vadmin\AppData\Local\Temp\axroypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1888] C:\Windows\syswow64\USER32.dll!DialogBoxParamW             0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000075211465 2 bytes [21, 75]
.text   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155   00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Steam\Steam.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                           0000000076f7549c 5 bytes JMP 00000001001a0800
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4584] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                              0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5784] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                       0000000076f7549c 5 bytes JMP 0000000100370800
.text   C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[11788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075211465 2 bytes [21, 75]
.text   C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[11788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe[11788] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                               0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.129\deploy\LoLLauncher.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075211465 2 bytes [21, 75]
.text   C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.129\deploy\LoLLauncher.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[15528] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[15528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075211465 2 bytes [21, 75]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[15528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
?       C:\Windows\system32\mssprxy.dll [15528] entry point in ".rdata" section                                                                                              00000000680171e6
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                          00000000778af991 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15                                         00000000778af99b 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                               00000000778afbd5 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15                                              00000000778afbdf 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                   00000000778afc05 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                                                  00000000778afc0f 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                            00000000778afc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15                                           00000000778afc27 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                              00000000778afc35 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15                                             00000000778afc3f 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                            00000000778afc65 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15                                           00000000778afc6f 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                             00000000778afce5 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15                                            00000000778afcef 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                            00000000778afcfd 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15                                           00000000778afd07 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                      00000000778afd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                                                     00000000778afd53 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                           00000000778afe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15                                          00000000778afe4b 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                    00000000778b0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                                                   00000000778b00a3 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                              00000000778b10a5 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15                                             00000000778b10af 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                    00000000778b111d 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                                                   00000000778b1127 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                       00000000778b1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15                                      00000000778b132b 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075211465 2 bytes [21, 75]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[16056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[15320] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[15320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075211465 2 bytes [21, 75]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[15320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                          00000000778af991 8 bytes {MOV EDX, 0xd0228; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15                                         00000000778af99b 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                               00000000778afbd5 8 bytes {MOV EDX, 0xd0268; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15                                              00000000778afbdf 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                   00000000778afc05 8 bytes {MOV EDX, 0xd01a8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                                                  00000000778afc0f 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                            00000000778afc1d 8 bytes {MOV EDX, 0xd0128; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15                                           00000000778afc27 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                              00000000778afc35 8 bytes {MOV EDX, 0xd0328; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15                                             00000000778afc3f 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                            00000000778afc65 8 bytes {MOV EDX, 0xd0368; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15                                           00000000778afc6f 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                             00000000778afce5 8 bytes {MOV EDX, 0xd02e8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15                                            00000000778afcef 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                            00000000778afcfd 8 bytes {MOV EDX, 0xd02a8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15                                           00000000778afd07 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                      00000000778afd49 8 bytes {MOV EDX, 0xd0068; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                                                     00000000778afd53 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                           00000000778afe41 8 bytes {MOV EDX, 0xd00a8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15                                          00000000778afe4b 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                    00000000778b0099 8 bytes {MOV EDX, 0xd0028; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                                                   00000000778b00a3 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                              00000000778b10a5 8 bytes {MOV EDX, 0xd01e8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15                                             00000000778b10af 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                    00000000778b111d 8 bytes {MOV EDX, 0xd0168; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                                                   00000000778b1127 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                       00000000778b1321 8 bytes {MOV EDX, 0xd00e8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15                                      00000000778b132b 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075211465 2 bytes [21, 75]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Windows\SysWOW64\rundll32.exe[16240] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                               0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Windows\SysWOW64\rundll32.exe[16240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                      0000000075211465 2 bytes [21, 75]
.text   C:\Windows\SysWOW64\rundll32.exe[16240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                     00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                          00000000778af991 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15                                         00000000778af99b 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                               00000000778afbd5 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15                                              00000000778afbdf 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                   00000000778afc05 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                                                  00000000778afc0f 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                            00000000778afc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15                                           00000000778afc27 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                              00000000778afc35 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15                                             00000000778afc3f 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                            00000000778afc65 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15                                           00000000778afc6f 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                             00000000778afce5 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15                                            00000000778afcef 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                            00000000778afcfd 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15                                           00000000778afd07 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                      00000000778afd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                                                     00000000778afd53 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                           00000000778afe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15                                          00000000778afe4b 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                    00000000778b0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                                                   00000000778b00a3 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                              00000000778b10a5 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15                                             00000000778b10af 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                    00000000778b111d 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                                                   00000000778b1127 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                       00000000778b1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15                                      00000000778b132b 1 byte [90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075211465 2 bytes [21, 75]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[14212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Users\ValiN\Desktop\OTL.exe[15664] C:\Windows\syswow64\user32.DLL!DialogBoxParamW                                                                                 0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Users\ValiN\Desktop\OTL.exe[15664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000075211465 2 bytes [21, 75]
.text   C:\Users\ValiN\Desktop\OTL.exe[15664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                       00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2
.text   C:\Users\ValiN\Desktop\gmer_2.1.19163.exe[16784] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                      0000000076e3cfca 5 bytes JMP 00000001732f46c0
.text   C:\Users\ValiN\Desktop\gmer_2.1.19163.exe[16784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000075211465 2 bytes [21, 75]
.text   C:\Users\ValiN\Desktop\gmer_2.1.19163.exe[16784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            00000000752114bb 2 bytes [21, 75]
.text   ...                                                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\WLANExt.exe [1476:1544]                                                                                                                          0000000180123100
Thread  C:\Windows\system32\WLANExt.exe [1476:1548]                                                                                                                          00000001800c2be0
Thread  C:\Windows\system32\WLANExt.exe [1476:1552]                                                                                                                          0000000180123100
Thread  C:\Windows\system32\WLANExt.exe [1476:2708]                                                                                                                          000007fefa7c2f9c
Thread  C:\Windows\system32\WLANExt.exe [1476:2716]                                                                                                                          0000000001198bf8
Thread  C:\Windows\system32\WLANExt.exe [1476:2720]                                                                                                                          0000000001198c14
Thread  C:\Windows\system32\WLANExt.exe [1476:2724]                                                                                                                          0000000001198bdc
Thread  C:\Windows\system32\WLANExt.exe [1476:2728]                                                                                                                          000007fefa7c2f9c
Thread  C:\Windows\System32\spoolsv.exe [1600:3908]                                                                                                                          000007fef7c810c8
Thread  C:\Windows\System32\spoolsv.exe [1600:3912]                                                                                                                          000007fef7c46144
Thread  C:\Windows\System32\spoolsv.exe [1600:3916]                                                                                                                          000007fef7a35fd0
Thread  C:\Windows\System32\spoolsv.exe [1600:3920]                                                                                                                          000007fef7a23438
Thread  C:\Windows\System32\spoolsv.exe [1600:3924]                                                                                                                          000007fef7a363ec
Thread  C:\Windows\System32\spoolsv.exe [1600:3932]                                                                                                                          000007fef7d35e5c
Thread  C:\Windows\System32\spoolsv.exe [1600:3936]                                                                                                                          000007fef7d65074
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3800:3820]                                                                           000000007141102d
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3800:128]                                                                            000000007115f1dc
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3800:2704]                                                                           000000007115f1dc
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3800:2364]                                                                           00000000711555d3
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3800:3044]                                                                           00000000713bc159

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819bff42d                                                                                          
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819bff42d (not active ControlSet)                                                                      

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         
__________________


Alt 09.04.2013, 02:54   #3
aharonov
/// TB-Ausbilder
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Hallo,

entschuldige bitte die Verspätung. Da du dir selber eine Antwort geschrieben hast, wurde der Thread nicht mehr als "unbeantwortet" aufgeführt und flog deshalb unter dem Radar der Helfer.
Besteht bei diesem Notebook ein Verdachtsmoment oder auffällige Symptome? Oder handelt es sich nur um einen Routinecheck?
__________________
__________________

Alt 09.04.2013, 18:09   #4
walter_h
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Es ist so, dass das Notebook letztens beim Hochfahren eine Reparaturroutine durchlief, die ähnlich aussah wie das, was ich nach dem Virencheck bei meinem ASUS erleben musste.

Daher hatte/habe ich den Verdacht, dass sich da ggf. Schadsoftware auf dem Rechner breitgemacht hat. Es ist auch so, dass mein Sohn der Rechner als Admin verwendet, weil zahlreiche seiner Spiele ansonsten nicht laufen.

Es gab also keinen Banner "Hallo, ich bin dein Virus bzw. Trojaner", aber Hinweise, dass eine Überprüfung vielleicht doch mal angebracht ist.

Alt 09.04.2013, 18:19   #5
aharonov
/// TB-Ausbilder
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Ok, alles klar, dann schauen wir mal rein.


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL

__________________
cheers,
Leo

Alt 13.04.2013, 00:09   #6
walter_h
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Komme erst am Wochenende dazu, die Tests durchzuführen, sorry für die Verspätung. Bitte den Thread nicht schließen.

Alt 13.04.2013, 00:12   #7
aharonov
/// TB-Ausbilder
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Alles klar, danke für die Mitteilung.
Ich behalte den Thread in den Abos.
__________________
cheers,
Leo

Alt 14.04.2013, 19:35   #8
walter_h
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Hier otl
Code:
ATTFilter
OTL logfile created on: 13.04.2013 21:48:54 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ValiN\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 56,49% Memory free
7,82 Gb Paging File | 5,93 Gb Available in Paging File | 75,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,45 Gb Total Space | 568,57 Gb Free Space | 82,95% Space Free | Partition Type: NTFS
Drive D: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 11,72 Gb Total Space | 1,57 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
 
Computer Name: VADMIN-THINK | User Name: Vadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.06 16:33:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ValiN\Desktop\OTL.exe
PRC - [2013.03.28 03:41:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 03:41:32 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.03.28 03:41:29 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 03:41:29 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.31 20:03:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.08.11 12:04:16 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.07.12 09:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.06.24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011.05.31 11:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.05.31 11:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011.05.31 11:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.05.25 15:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011.02.24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.07 05:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 08:25:49 | 000,329,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll
MOD - [2011.06.24 08:25:47 | 003,649,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\pdf.dll
MOD - [2011.06.24 08:24:21 | 000,104,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avutil-50.dll
MOD - [2011.06.24 08:24:20 | 000,203,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avformat-52.dll
MOD - [2011.06.24 08:24:18 | 001,846,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avcodec-52.dll
MOD - [2010.04.06 10:05:16 | 002,085,888 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cv210.dll
MOD - [2010.04.06 10:04:06 | 002,201,088 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cxcore210.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.08.11 04:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.05.11 15:53:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.03.29 20:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.12.17 00:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.28 03:41:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 03:41:32 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.28 03:41:29 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 01:52:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.31 20:03:00 | 000,173,416 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.08.31 20:03:00 | 000,087,400 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.07.27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.07.27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.07.27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.12 09:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 09:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.07.12 09:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.07.08 18:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2011.05.31 11:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011.05.31 11:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2011.04.28 00:41:18 | 000,968,480 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.02.24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.07 05:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.28 03:41:47 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 03:41:47 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 03:41:47 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.28 05:12:10 | 000,023,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UHSfiltv.sys -- (UHSfiltv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.18 20:07:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.18 20:07:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.11.18 11:47:57 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.31 20:03:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.08.11 04:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011.08.09 01:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.08.03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.06.21 16:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.21 16:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.25 18:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011.05.19 14:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.11 19:16:38 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.11 15:16:54 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.27 17:50:38 | 000,436,776 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.04.27 17:50:32 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.04.27 17:50:32 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.04.27 17:50:32 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.04.27 17:50:32 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.03.29 20:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.03.29 20:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.03.24 08:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.04 19:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.07 07:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.07.08 18:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{01AAAA62-E68F-1ABA-8920-766B98002504}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{30AB421B-649D-983B-5C91-4BDD52A9FE83}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{01AAAA62-E68F-1ABA-8920-766B98002504}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE464
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=a481e782000000000000f0def1a6fa4a
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{FD5B919B-DA89-4584-8779-FA9A9E20EAB9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3661c9a3-d3cf-4928-b4df-f6049a675ac0&apn_sauid=9D958D85-4BF2-4CE6-89CD-42E71EBCAECF
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\..\SearchScopes\{66ADE9BD-4112-4B80-B3BD-9477BB290F79}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3661c9a3-d3cf-4928-b4df-f6049a675ac0&apn_sauid=9D958D85-4BF2-4CE6-89CD-42E71EBCAECF
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE464
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
[2013.02.18 13:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.)
O4 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [*ForceDelete] C:\Users\ValiN\Downloads\adwcleaner.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 ()
O7 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vadmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vadmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D0A9268-F6E1-459A-83D1-7A6B0CCE20D7}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63ACE54F-655C-4852-BCEC-3EDEAF429440}: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.16 18:49:08 | 000,000,038 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{187e85c6-11c5-11e1-864f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{187e85c6-11c5-11e1-864f-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.06 18:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2013.04.06 18:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2013.03.28 03:42:00 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 03:42:00 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 03:42:00 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.16 22:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.16 22:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.16 22:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.13 21:53:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.04.13 21:52:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.13 21:51:58 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 21:51:58 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 21:51:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.04.13 21:48:48 | 001,614,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.13 21:48:48 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.13 21:48:48 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.13 21:48:48 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.13 21:48:48 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.13 21:45:29 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.13 21:44:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.13 21:44:16 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 21:43:11 | 000,000,189 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.13 00:29:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.10 19:45:33 | 000,303,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.06 18:33:06 | 000,000,941 | ---- | M] () -- C:\Users\Vadmin\Desktop\HD Tune.lnk
[2013.04.06 16:32:33 | 000,000,000 | ---- | M] () -- C:\Users\Vadmin\defogger_reenable
[2013.03.28 03:41:47 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 03:41:47 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 03:41:47 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.13 21:41:58 | 000,000,189 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.06 18:33:06 | 000,000,941 | ---- | C] () -- C:\Users\Vadmin\Desktop\HD Tune.lnk
[2013.04.06 16:32:33 | 000,000,000 | ---- | C] () -- C:\Users\Vadmin\defogger_reenable
[2013.02.18 13:40:36 | 000,338,815 | ---- | C] () -- C:\Users\Vadmin\AppData\Local\speeddial.crx
[2013.01.24 01:34:21 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.09.28 05:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 05:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.09.28 05:12:10 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2012.02.24 20:27:44 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.28 16:25:45 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.01.28 16:25:45 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.11.18 19:54:11 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.11.18 11:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.18 11:32:29 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.11.18 11:31:27 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.18 11:31:27 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.18 11:31:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.18 11:31:27 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.18 11:31:26 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.18 11:31:26 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.18 11:22:48 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.12 00:57:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.25 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\DVDVideoSoft
[2011.12.24 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\Leadertech
[2012.09.02 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\LolClient
[2012.02.10 15:49:28 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\Mount&Blade
[2012.01.01 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2011.12.30 16:35:13 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\PCDr
[2011.12.25 00:18:18 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\PwrMgr
[2012.08.19 15:47:38 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\TP
[2012.11.03 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\DVDVideoSoft
[2011.12.30 18:00:35 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\Leadertech
[2012.01.04 19:53:25 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\Lenovo
[2012.01.01 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\LolClient
[2012.05.26 12:06:14 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\LolClient2
[2012.07.04 19:05:55 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\Mount&Blade
[2012.09.16 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2011.12.30 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\PwrMgr
[2012.01.19 20:07:51 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\SEGA
[2013.04.12 01:57:01 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\SoftGrid Client
[2013.01.06 21:23:17 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         



hier adwcleaner:
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 13/04/2013 um 21:41:28 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Vadmin - VADMIN-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ValiN\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserProtect
Gestoppt & Gelöscht : WajamUpdater

***** [Dateien / Ordner] *****

Datei Gelöscht : \END
Datei Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Datei Gelöscht : C:\Users\Vadmin\Desktop\Search The Web.url
Datei Gelöscht : C:\Users\ValiN\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\ValiN\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Program Files (x86)\SweetIM
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\PriceGong
Ordner Gelöscht : C:\Program Files (x86)\SearchYa!
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\APN
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Vadmin\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Vadmin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\SearchYa
Ordner Gelöscht : C:\Users\ValiN\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\ValiN\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\ValiN\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\ValiN\Desktop\Save
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\searchya
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\a2d6d8e13be443
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a2d6d8e13be443
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchya
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.searchya.com/?f=2&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir= --> hxxp://www.google.com

-\\ Google Chrome v12.0.742.112

Datei : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\ValiN\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [26080 octets] - [13/04/2013 21:41:28]

########## EOF - \AdwCleaner[S1].txt - [26141 octets] ##########
         
hoffentlich nicht allzu übel, oder?

Alt 14.04.2013, 19:37   #9
walter_h
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Hier otl
Code:
ATTFilter
OTL logfile created on: 13.04.2013 21:48:54 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ValiN\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 56,49% Memory free
7,82 Gb Paging File | 5,93 Gb Available in Paging File | 75,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,45 Gb Total Space | 568,57 Gb Free Space | 82,95% Space Free | Partition Type: NTFS
Drive D: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 11,72 Gb Total Space | 1,57 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
 
Computer Name: VADMIN-THINK | User Name: Vadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.06 16:33:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ValiN\Desktop\OTL.exe
PRC - [2013.03.28 03:41:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 03:41:32 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.03.28 03:41:29 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 03:41:29 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.31 20:03:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.08.11 12:04:16 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.07.12 09:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.06.24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011.05.31 11:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.05.31 11:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011.05.31 11:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.05.25 15:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011.02.24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.07 05:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 08:25:49 | 000,329,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll
MOD - [2011.06.24 08:25:47 | 003,649,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\pdf.dll
MOD - [2011.06.24 08:24:21 | 000,104,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avutil-50.dll
MOD - [2011.06.24 08:24:20 | 000,203,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avformat-52.dll
MOD - [2011.06.24 08:24:18 | 001,846,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\12.0.742.112\avcodec-52.dll
MOD - [2010.04.06 10:05:16 | 002,085,888 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cv210.dll
MOD - [2010.04.06 10:04:06 | 002,201,088 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cxcore210.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.08.11 04:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.05.11 15:53:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.03.29 20:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.12.17 00:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.28 03:41:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 03:41:32 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.28 03:41:29 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 01:52:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.31 20:03:00 | 000,173,416 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.08.31 20:03:00 | 000,087,400 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.07.27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.07.27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.07.27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.12 09:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 09:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.07.12 09:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.07.08 18:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2011.05.31 11:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011.05.31 11:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2011.04.28 00:41:18 | 000,968,480 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.02.24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.02.22 05:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 05:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.07 05:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.28 03:41:47 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 03:41:47 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 03:41:47 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.28 05:12:10 | 000,023,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UHSfiltv.sys -- (UHSfiltv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.18 20:07:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.18 20:07:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.11.18 11:47:57 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.31 20:03:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.08.11 04:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011.08.09 01:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.08.03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.06.21 16:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.21 16:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.25 18:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011.05.19 14:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.11 19:16:38 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.11 15:16:54 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.27 17:50:38 | 000,436,776 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.04.27 17:50:32 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.04.27 17:50:32 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.04.27 17:50:32 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.04.27 17:50:32 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.03.29 20:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.03.29 20:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.03.24 08:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.04 19:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.07 07:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.07.08 18:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{01AAAA62-E68F-1ABA-8920-766B98002504}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{30AB421B-649D-983B-5C91-4BDD52A9FE83}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{01AAAA62-E68F-1ABA-8920-766B98002504}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE464
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=a481e782000000000000f0def1a6fa4a
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{FD5B919B-DA89-4584-8779-FA9A9E20EAB9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3661c9a3-d3cf-4928-b4df-f6049a675ac0&apn_sauid=9D958D85-4BF2-4CE6-89CD-42E71EBCAECF
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\..\SearchScopes\{66ADE9BD-4112-4B80-B3BD-9477BB290F79}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3661c9a3-d3cf-4928-b4df-f6049a675ac0&apn_sauid=9D958D85-4BF2-4CE6-89CD-42E71EBCAECF
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE464
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
[2013.02.18 13:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\
CHR - Extension: No name found = C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.)
O4 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [*ForceDelete] C:\Users\ValiN\Downloads\adwcleaner.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 ()
O7 - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vadmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vadmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D0A9268-F6E1-459A-83D1-7A6B0CCE20D7}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63ACE54F-655C-4852-BCEC-3EDEAF429440}: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.16 18:49:08 | 000,000,038 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{187e85c6-11c5-11e1-864f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{187e85c6-11c5-11e1-864f-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.06 18:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2013.04.06 18:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2013.03.28 03:42:00 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 03:42:00 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 03:42:00 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.16 22:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.16 22:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.16 22:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.13 21:53:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.04.13 21:52:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.13 21:51:58 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 21:51:58 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 21:51:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.04.13 21:48:48 | 001,614,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.13 21:48:48 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.13 21:48:48 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.13 21:48:48 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.13 21:48:48 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.13 21:45:29 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.13 21:44:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.13 21:44:16 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 21:43:11 | 000,000,189 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.13 00:29:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.10 19:45:33 | 000,303,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.06 18:33:06 | 000,000,941 | ---- | M] () -- C:\Users\Vadmin\Desktop\HD Tune.lnk
[2013.04.06 16:32:33 | 000,000,000 | ---- | M] () -- C:\Users\Vadmin\defogger_reenable
[2013.03.28 03:41:47 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 03:41:47 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 03:41:47 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.13 21:41:58 | 000,000,189 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.06 18:33:06 | 000,000,941 | ---- | C] () -- C:\Users\Vadmin\Desktop\HD Tune.lnk
[2013.04.06 16:32:33 | 000,000,000 | ---- | C] () -- C:\Users\Vadmin\defogger_reenable
[2013.02.18 13:40:36 | 000,338,815 | ---- | C] () -- C:\Users\Vadmin\AppData\Local\speeddial.crx
[2013.01.24 01:34:21 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.09.28 05:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 05:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.09.28 05:12:10 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2012.02.24 20:27:44 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.28 16:25:45 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.01.28 16:25:45 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.11.18 19:54:11 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.11.18 11:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.18 11:32:29 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.11.18 11:31:27 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.18 11:31:27 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.18 11:31:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.18 11:31:27 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.18 11:31:26 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.18 11:31:26 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.18 11:22:48 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.12 00:57:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.25 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\DVDVideoSoft
[2011.12.24 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\Leadertech
[2012.09.02 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\LolClient
[2012.02.10 15:49:28 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\Mount&Blade
[2012.01.01 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2011.12.30 16:35:13 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\PCDr
[2011.12.25 00:18:18 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\PwrMgr
[2012.08.19 15:47:38 | 000,000,000 | ---D | M] -- C:\Users\Vadmin\AppData\Roaming\TP
[2012.11.03 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\DVDVideoSoft
[2011.12.30 18:00:35 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\Leadertech
[2012.01.04 19:53:25 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\Lenovo
[2012.01.01 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\LolClient
[2012.05.26 12:06:14 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\LolClient2
[2012.07.04 19:05:55 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\Mount&Blade
[2012.09.16 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2011.12.30 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\PwrMgr
[2012.01.19 20:07:51 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\SEGA
[2013.04.12 01:57:01 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\SoftGrid Client
[2013.01.06 21:23:17 | 000,000,000 | ---D | M] -- C:\Users\ValiN\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         



hier adwcleaner:
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 13/04/2013 um 21:41:28 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Vadmin - VADMIN-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ValiN\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserProtect
Gestoppt & Gelöscht : WajamUpdater

***** [Dateien / Ordner] *****

Datei Gelöscht : \END
Datei Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Datei Gelöscht : C:\Users\Vadmin\Desktop\Search The Web.url
Datei Gelöscht : C:\Users\ValiN\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\ValiN\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Gelöscht mit Neustart : C:\Program Files (x86)\SweetIM
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\PriceGong
Ordner Gelöscht : C:\Program Files (x86)\SearchYa!
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\APN
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Vadmin\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Vadmin\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Vadmin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Vadmin\AppData\Roaming\SearchYa
Ordner Gelöscht : C:\Users\ValiN\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\ValiN\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\ValiN\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\ValiN\Desktop\Save
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\searchya
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\a2d6d8e13be443
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a2d6d8e13be443
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchya
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.searchya.com/?f=2&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?f=1&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir= --> hxxp://www.google.com

-\\ Google Chrome v12.0.742.112

Datei : C:\Users\Vadmin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\ValiN\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [26080 octets] - [13/04/2013 21:41:28]

########## EOF - \AdwCleaner[S1].txt - [26141 octets] ##########
         
hoffentlich nicht allzu übel, oder?

Alt 14.04.2013, 19:53   #10
aharonov
/// TB-Ausbilder
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Hallo,

Zitat:
hoffentlich nicht allzu übel, oder?
Nein, das sieht bis jetzt eigentlich gut aus.
Wir machen noch eine Kontrolle:


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1003\..\SearchScopes\{66ADE9BD-4112-4B80-B3BD-9477BB290F79}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3661c9a3-d3cf-4928-b4df-f6049a675ac0&apn_sauid=9D958D85-4BF2-4CE6-89CD-42E71EBCAECF
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=a481e782000000000000f0def1a6fa4a
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE - HKU\S-1-5-21-2400426189-3141206545-2464574721-1000\..\SearchScopes\{FD5B919B-DA89-4584-8779-FA9A9E20EAB9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3661c9a3-d3cf-4928-b4df-f6049a675ac0&apn_sauid=9D958D85-4BF2-4CE6-89CD-42E71EBCAECF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0AyC0F0AyE0A0EyBzztBtN0D0Tzu0CyEtCyDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1263039757&ir=

:files
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\SweetIM
C:\ProgramData\BrowserProtect

:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Malware .
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Downloade dir bitte SecurityCheck (Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 5

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL
__________________
cheers,
Leo

Alt 17.04.2013, 16:12   #11
walter_h
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Die Schritte von oben kann ich erst morgen durchführen (Do) Bitte behalte mich auf der Watch-List!
Viele Grüße
walter_h

Alt 17.04.2013, 16:36   #12
aharonov
/// TB-Ausbilder
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Alles klar, danke für die Mitteilung.
__________________
cheers,
Leo

Alt 26.04.2013, 13:47   #13
walter_h
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Sorry für die Verzögerungen. Habe gerade otl mit dem Text gestartet. Nach einer kurzen Weile kam die Meldung "kritischer Fehler, Windows wird in Kürze neu gestaretet". Dann ging es noch ca. 1 Minute mit Aktivitäten von otl (grüne Balken unten, die sich verändern). Dann erfolgte der Neustart.

Wie soll ich da jetzt weitermachen? otl erneut aufrufen und wieder den Text hineinkopieren?

unter c:\_otl\movedfiles gibt es keine *.log-Datei, sondern einen Unterordner (mit Datum als Name). In diesem Unterordner sind wieder zweit Unterordner c_Programm files (x86) und c_programm data. Auch in diesen Unterordnern ist keine *.log-Datei.

Mit der (unsäglichen) Suchfunktion des W7-Explorers habe ich auch nach *.log gesucht - vergebens.

Alt 26.04.2013, 17:28   #14
aharonov
/// TB-Ausbilder
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



Hallo,

versuch diesen OTL-Fix bitte noch einmal.
__________________
cheers,
Leo

Alt 28.04.2013, 18:07   #15
walter_h
 
Lenovo 520 Notebook - Standard

Lenovo 520 Notebook



So, hier das otl-Ergebniss

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll deleted successfully.
File c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll not found.
Registry key HKEY_USERS\S-1-5-21-2400426189-3141206545-2464574721-1003\Software\Microsoft\Internet Explorer\SearchScopes\{66ADE9BD-4112-4B80-B3BD-9477BB290F79}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66ADE9BD-4112-4B80-B3BD-9477BB290F79}\ not found.
Registry key HKEY_USERS\S-1-5-21-2400426189-3141206545-2464574721-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2400426189-3141206545-2464574721-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-2400426189-3141206545-2464574721-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FD5B919B-DA89-4584-8779-FA9A9E20EAB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD5B919B-DA89-4584-8779-FA9A9E20EAB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Ask.com not found.
File\Folder C:\Program Files (x86)\SweetIM not found.
File\Folder C:\ProgramData\BrowserProtect not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Vadmin
->Temp folder emptied: 188420 bytes
->Temporary Internet Files folder emptied: 353036 bytes
->Google Chrome cache emptied: 6953559 bytes
->Flash cache emptied: 0 bytes
 
User: ValiN
->Temp folder emptied: 198583 bytes
->Temporary Internet Files folder emptied: 147080214 bytes
->Google Chrome cache emptied: 313636226 bytes
->Flash cache emptied: 96014 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2465444253 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 4745685939 bytes
 
Total Files Cleaned = 7.324,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04282013_184724

Files\Folders moved on Reboot...
C:\Users\Vadmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
und hier nun mbam:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vadmin :: VADMIN-THINK [Administrator]

28.04.2013 19:16:35
mbam-log-2013-04-28 (19-16-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232637
Laufzeit: 4 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Antwort

Themen zu Lenovo 520 Notebook
antivir, avira, avira searchfree toolbar, battle.net, bho, computer, converter, error, failed, festplatte, firefox, flash player, format, google, homepage, igdpmd64.sys, install.exe, league of legends, logfile, microsoft office starter 2010, mp3, msiexec.exe, object, pando media booster, popup, pwmtr64v.dll, realtek, registry, revo uninstaller, rundll, security, software, svchost.exe, sweetpacks, udp, wajam, windows




Ähnliche Themen: Lenovo 520 Notebook


  1. Lenovo Notebook G770 mit Windows 7 Home Premium / unsicher
    Plagegeister aller Art und deren Bekämpfung - 26.06.2015 (16)
  2. Notebook fährt ohne Grund ständig runter! Virus? Trojaner oder neues Notebook?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (9)
  3. Lenovo T61
    Log-Analyse und Auswertung - 24.02.2015 (2)
  4. Positive Finds eingefangen - Win 8.1. Lenovo Notebook alle Updates aktuell
    Plagegeister aller Art und deren Bekämpfung - 09.02.2015 (9)
  5. Lenovo - Fehler bei Update auf Win 8.1
    Alles rund um Windows - 02.02.2015 (6)
  6. Bluescreen - Polizeiwarnung - Lenovo Ultrabook startet nur bis Lenovo-Symbol!
    Mülltonne - 08.10.2014 (1)
  7. Lenovo White Screen
    Log-Analyse und Auswertung - 18.07.2014 (7)
  8. lenovo g570 testen
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (9)
  9. GVU Trojaner auf lenovo notbook
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (13)
  10. BKA TRojaner, Windows 7 , Lenovo Laptop, 64 Bit
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (21)
  11. BKA-Trojaner Win 7 Lenovo-Notebook
    Log-Analyse und Auswertung - 24.06.2013 (17)
  12. 4 GB RAM für Lenovo S430
    Netzwerk und Hardware - 06.01.2013 (11)
  13. GVU-Trojaner auf Lenovo IdeaPad S12
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (22)
  14. Lenovo langsam
    Log-Analyse und Auswertung - 01.03.2012 (8)
  15. Lenovo erneut mit Trojaner-Problemen
    Nachrichten - 19.10.2010 (0)
  16. OpenSuse Auf Lenovo S10 Treiber?
    Alles rund um Mac OSX & Linux - 19.02.2010 (3)
  17. Lenovo - TR/Drop.Agent.bct
    Plagegeister aller Art und deren Bekämpfung - 09.10.2008 (6)

Zum Thema Lenovo 520 Notebook - So nach und nach checken wir alle Computer im Hause. Hier die Scans von OTL Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 06.04.2013 16:35:10 - Run 1 OTL - Lenovo 520 Notebook...
Archiv
Du betrachtest: Lenovo 520 Notebook auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.