Windows 7: Browserstartseite ändert sich selbst

Terc · 01.07.2014, 08:54

Hallo,

ich habe noch keine Log-Files erstellt, denn es könnte sein, dass ich in den gewerblichen Bereich falle. Der Rechner wird akademisch genutzt und der einzige IT-Service bin ich, ein HIWI der mit seinem Wissen am Ende ist. Könnt ihr mir helfen?

Es geht um einen Wurm, der in der regedit sämtliche Browserstartseiteneinträge auf "https://www.google.de/?hl=de&gl=de" bzw. "https://www.google.de/?hl=de&gl=de&gws_rd=ssl" setzt.
Malwarebytes und Virenprogramme fanden den Wurm selbst bisher nicht. Wenn ich die Einträge in der regedit manuell lösche, taucht das Problem nach ein paar Tagen wieder auf.

Viele Grüße,

A.G.

schrauber · 01.07.2014, 09:08

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Terc · 03.07.2014, 09:10

Das ist die FRST.txt, die Addition.txt war nicht da.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by mifr001 (administrator) on MICHAEL_FROEHLI on 03-07-2014 10:03:24
Running from C:\Users\michael_***\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
() C:\Windows\System32\clidonfg.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Data Perceptions / PowerProgrammer) C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
() C:\Windows\System32\nwtray.exe
(Novell, Inc.) C:\Windows\System32\iprntctl.exe
(Novell, Inc.) C:\Windows\System32\iprntlgn.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office 2010\Office14\MSOSYNC.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\michael_***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office 2010\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-09] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289104 2012-05-08] (Lenovo Group Limited)
HKLM\...\Run: [ResetACGauge] => C:\Program Files (x86)\Lenovo\Access Connections\smbhlpr.exe [147456 2014-03-14] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [NWTRAY] => C:\Windows\system32\NWTRAY.EXE [37400 2010-03-10] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [iPrint Tray] => C:\Windows\system32\iprntctl.exe [66136 2011-07-25] (Novell, Inc.)
HKLM\...\Run: [iPrint Event Monitor] => C:\Windows\system32\iprntlgn.exe [69720 2011-07-25] (Novell, Inc.)
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [99840 2010-07-30] (Primax Electronics Ltd.)
HKLM\...\Run: [Mouse Suite 98 Daemon] => ICO.EXE
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office 2010\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155864 2013-04-17] (Lenovo)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-21] (Sophos Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-217626312-3170603926-1655130554-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office 2010\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-217626312-3170603926-1655130554-1001\...\MountPoints2: {1e70d881-af93-11e3-be97-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-217626312-3170603926-1655130554-1001\...\MountPoints2: {1e70d8a7-af93-11e3-be97-028037ec0200} - D:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-02-14] (NVIDIA Corporation)
AppInit_DLLs: , C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-21] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-14] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-21] (Sophos Limited)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\michael_***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\michael_***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=10B9372A-B0A3-4983-8915-DFC0CB734FF5&ind=2014022411&n=780b8b0b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = 
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 134.96.7.100 134.96.7.5 134.96.7.99

FireFox:
========
FF ProfilePath: C:\Users\michael_***\AppData\Roaming\Mozilla\Firefox\Profiles\loplpmpn.default
FF SearchEngineOrder.1: Amazon 
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @novell.com/iPrint - C:\Windows\SysWOW64 ()
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\michael_***\AppData\Roaming\Mozilla\Firefox\Profiles\loplpmpn.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-06-19]
FF HKLM-x32\...\Firefox\Extensions: [{E0A90014-D5C5-4A12-BF83-11F65D02D9F5}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{E0A90014-D5C5-4A12-BF83-11F65D02D9F5}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-06-24]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-06-19]
FF HKLM-x32\...\Firefox\Extensions: [{705EBC13-54EC-4407-93B0-8CEDB78B73AB}] - C:\Windows\Installer\{0410F1BA-37DA-4C22-BE96-969443040523}\{705EBC13-54EC-4407-93B0-8CEDB78B73AB}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{0410F1BA-37DA-4C22-BE96-969443040523}\{705EBC13-54EC-4407-93B0-8CEDB78B73AB}.xpi [2014-07-03]
FF Extension: No Name - C:\Windows\Installer\{461BCF88-3C28-42C9-B6E1-24DAAA5CC4C1}\{A2208F17-3673-4170-988C-7650AB61FEB9}.xpi []

==================== Services (Whitelisted) =================

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8447848 2011-11-09] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-01] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 ieUnattd; C:\Windows\system32\clidonfg.exe [106496 2012-09-11] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [176464 2012-05-08] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [32480 2013-04-17] (Macheen)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [177152 2010-04-22] () [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-21] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-21] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-21] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-21] (Sophos Limited)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WebUpdate4; C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe [278800 2013-01-16] (Data Perceptions / PowerProgrammer)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [655400 2012-02-03] (Ericsson AB)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [21016 2010-03-10] (Novell, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-02-14] (Broadcom Corporation.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [113176 2010-03-10] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [96792 2010-03-10] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [83480 2010-03-10] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119320 2010-03-10] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26136 2010-03-10] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31256 2010-03-10] (Novell, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-02-14] (NVIDIA Corporation)
S3 pelbtm; C:\Windows\System32\DRIVERS\pelbtm.sys [16384 2007-09-20] (Primax Electronics Ltd.)
R1 pelmoubt; C:\Windows\System32\DRIVERS\pelmoubt.sys [22016 2009-04-23] (Primax Electronics Ltd.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-21] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-21] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-21] (Sophos Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [282152 2011-12-07] (Ericsson AB)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [34328 2010-03-10] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [74776 2010-03-10] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [77848 2010-03-10] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [86552 2010-03-10] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49176 2010-03-10] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19480 2010-03-10] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [82968 2010-03-10] (Novell, Inc.)
U3 ndslpp; C:\Program Files\Novell\Client\XTier\Drivers\ndslpp.sys [23576 2010-03-10] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [38936 2010-03-10] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [52760 2010-03-10] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [33816 2010-03-10] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [24600 2010-03-10] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [35864 2010-03-10] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [57880 2010-03-10] (Novell, Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-03 10:03 - 2014-07-03 10:03 - 00033255 _____ () C:\Users\michael_***\Downloads\FRST.txt
2014-07-03 10:03 - 2014-07-03 10:03 - 00000000 ____D () C:\Users\michael_***\Downloads\FRST-OlderVersion
2014-07-03 10:02 - 2014-07-03 10:03 - 02083840 _____ (Farbar) C:\Users\michael_***\Downloads\FRST64.exe
2014-06-30 15:40 - 2014-06-30 15:40 - 05958656 _____ () C:\Users\michael_***\Desktop\Präsentation SWI Tag der Offenen Tuer 2014.ppt
2014-06-30 15:06 - 2014-06-30 15:06 - 03450041 ____N () C:\Users\michael_***\Desktop\Poster DinA0 NBA Baller Beats.pptx
2014-06-30 15:05 - 2014-06-30 15:05 - 00429243 ____N () C:\Users\michael_***\Desktop\Poster DinA0 NBA Baller Beats mit Bild.pptx
2014-06-30 08:29 - 2014-07-03 08:10 - 00000000 ____D () C:\Users\michael_***\Desktop\Decthlon 2014
2014-06-28 18:15 - 2014-07-03 07:42 - 00000616 _____ () C:\Windows\setupact.log
2014-06-28 18:15 - 2014-06-28 18:15 - 00000586 _____ () C:\Windows\PFRO.log
2014-06-28 18:15 - 2014-06-28 18:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-24 11:38 - 2014-06-27 17:39 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-06-24 11:38 - 2014-06-27 17:39 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-06-24 11:38 - 2014-06-27 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-06-24 11:19 - 2014-06-24 11:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 11:19 - 2014-06-24 11:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-24 11:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-24 11:19 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-24 11:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-18 09:20 - 2014-06-18 09:21 - 00000000 ____D () C:\Program Files\Progmon
2014-06-14 17:55 - 2014-06-14 18:20 - 00000000 ____D () C:\Users\michael_***\AppData\Roaming\Nico Mak Computing
2014-06-12 14:23 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 14:23 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 14:23 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 14:23 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 14:23 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 14:23 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 14:23 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 14:23 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 14:23 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 14:23 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 14:23 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 14:23 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 14:23 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 14:23 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 14:23 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 14:23 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 14:23 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 14:23 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 14:23 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 14:23 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 14:23 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 14:23 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 14:23 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 14:23 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 14:23 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 14:23 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 14:23 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 14:23 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 14:23 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 14:23 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 14:23 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 14:23 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 14:23 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 14:23 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 14:23 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 14:23 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 14:23 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 14:23 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 14:23 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 14:23 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 14:23 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 14:23 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 14:23 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 14:23 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 14:23 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 14:23 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 14:23 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 14:23 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 14:23 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 14:23 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 14:23 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 14:23 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 14:23 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 14:23 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 14:23 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 14:23 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 14:23 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 14:23 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 14:23 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 14:23 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 14:23 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 14:23 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 14:23 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 14:23 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 14:22 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 14:22 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-07-03 10:04 - 2014-07-03 10:03 - 00033255 _____ () C:\Users\michael_***\Downloads\FRST.txt
2014-07-03 10:03 - 2014-07-03 10:03 - 00000000 ____D () C:\Users\michael_***\Downloads\FRST-OlderVersion
2014-07-03 10:03 - 2014-07-03 10:02 - 02083840 _____ (Farbar) C:\Users\michael_***\Downloads\FRST64.exe
2014-07-03 10:03 - 2014-03-15 19:35 - 00000000 ____D () C:\FRST
2014-07-03 09:59 - 2013-02-20 16:27 - 00000000 ____D () C:\Users\michael_***\AppData\Roaming\Dropbox
2014-07-03 09:50 - 2013-02-23 16:51 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 09:48 - 2014-03-27 09:06 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-07-03 09:33 - 2012-10-04 07:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 09:00 - 2012-07-27 10:07 - 00000000 ____D () C:\Users\michael_***\Documents\Outlook-Dateien
2014-07-03 08:24 - 2012-09-13 14:40 - 00000000 ____D () C:\NDPS
2014-07-03 08:10 - 2014-06-30 08:29 - 00000000 ____D () C:\Users\michael_***\Desktop\Decthlon 2014
2014-07-03 07:50 - 2012-06-20 01:28 - 23367968 _____ () C:\Windows\system32\perfh007.dat
2014-07-03 07:50 - 2012-06-20 01:28 - 07534112 _____ () C:\Windows\system32\perfc007.dat
2014-07-03 07:50 - 2009-07-14 07:13 - 00006252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 07:50 - 2009-07-14 06:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 07:50 - 2009-07-14 06:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 07:47 - 2012-06-19 15:39 - 01988748 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 07:44 - 2014-05-07 10:52 - 00000000 ____D () C:\Users\michael_***\AppData\Roaming\DropboxMaster
2014-07-03 07:44 - 2013-02-20 16:28 - 00000000 ___RD () C:\Users\michael_***\Dropbox
2014-07-03 07:43 - 2013-02-23 16:51 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 07:42 - 2014-06-28 18:15 - 00000616 _____ () C:\Windows\setupact.log
2014-07-03 07:42 - 2012-06-19 15:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-03 07:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 13:14 - 2012-07-26 16:08 - 00000000 ____D () C:\Users\michael_***\AppData\Local\MobileAccess
2014-06-30 15:40 - 2014-06-30 15:40 - 05958656 _____ () C:\Users\michael_***\Desktop\Präsentation SWI Tag der Offenen Tuer 2014.ppt
2014-06-30 15:06 - 2014-06-30 15:06 - 03450041 ____N () C:\Users\michael_***\Desktop\Poster DinA0 NBA Baller Beats.pptx
2014-06-30 15:05 - 2014-06-30 15:05 - 00429243 ____N () C:\Users\michael_***\Desktop\Poster DinA0 NBA Baller Beats mit Bild.pptx
2014-06-29 19:11 - 2013-09-16 08:24 - 00137216 _____ () C:\Users\michael_***\Desktop\Trainingsliste 1999.xls
2014-06-28 18:15 - 2014-06-28 18:15 - 00000586 _____ () C:\Windows\PFRO.log
2014-06-28 18:15 - 2014-06-28 18:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-28 12:05 - 2014-02-03 17:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-27 17:39 - 2014-06-24 11:38 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-06-27 17:39 - 2014-06-24 11:38 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-06-27 17:39 - 2014-06-24 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-06-26 15:34 - 2012-09-12 09:09 - 02169226 _____ () C:\Users\michael_***\Desktop\Literaturdatenbank.enl
2014-06-24 12:35 - 2012-07-27 06:05 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-24 11:48 - 2012-07-26 16:08 - 00123232 _____ () C:\Users\michael_***\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-24 11:46 - 2009-07-14 06:45 - 00437112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-24 11:37 - 2012-06-19 15:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-24 11:20 - 2014-06-24 11:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 11:19 - 2014-06-24 11:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-24 11:19 - 2014-03-13 11:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-24 09:50 - 2013-03-18 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-20 20:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-20 13:45 - 2013-02-23 16:51 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 13:45 - 2013-02-23 16:51 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 09:21 - 2014-06-18 09:20 - 00000000 ____D () C:\Program Files\Progmon
2014-06-16 12:27 - 2014-01-08 12:03 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-06-14 18:20 - 2014-06-14 17:55 - 00000000 ____D () C:\Users\michael_***\AppData\Roaming\Nico Mak Computing
2014-06-13 10:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 16:04 - 2013-08-16 09:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 16:02 - 2012-07-27 06:23 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 16:01 - 2012-07-26 12:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 16:00 - 2014-05-06 17:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 10:17 - 2013-06-23 10:31 - 00000000 ____D () C:\ldiag
2014-06-08 11:13 - 2014-06-12 14:22 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 14:22 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\michael_***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8crllc.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 10:18

==================== End Of Log ============================

--- --- ---

schrauber · 03.07.2014, 12:29

FRST öffnen, Haken setzen bei Addition und scannen, poste jetzt bitte die Addition.txt.

Terc · 10.07.2014, 13:48

Entschuldigen Sie bitte die Verzögerung,
hier die Addtion.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by mifr001 at 2014-07-10 13:28:51
Running from C:\Users\michael_***\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

"Nero SoundTrax Help (x32 Version: 4.4.32.0 - Nero AG) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch
(HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe
Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version:
14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001})
(Version: 10.1.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.12.00 - )
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task)
(Version: 1.5.0.3 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for
ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version:
3.3.0.5 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 -
Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
(HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0
- Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon
Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version:
1.3.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX
(HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon
Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 -
Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card
Utility) (Version: 1.1.0.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Cisco Systems VPN Client 5.0.07.0440
(HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems,
Inc.)
Corel Burn.Now Lenovo Edition
(HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0
- Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition
(HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0
- Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version:
10.0.6.385 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6})
(Version: 1.20.0.00 - Lenovo Group Limited)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43})
(Version:  - Microsoft)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
(HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DisplayLink Core Software (HKLM\...\{B57D4097-F2FE-4222-BA02-46C6EC8B7944})
(Version: 6.1.35392.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613})
(Version: 7.2.7000.11 - Dolby Laboratories Inc)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version:
16.0.1.6599 - Thomson Reuters)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.30
- )
G*Power 3.1.5 (HKLM-x32\...\{118369CE-EBB6-49EA-92FD-42D4EBC8C6B1}) (Version: 3.1.5
- Franz Faul, Uni Kiel, Germany)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version:
1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version:
19.0.0 - SPSS Inc., an IBM Company)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.18
(HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Components
(HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel
Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573})
(Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA})
(Version: 8.15.10.2639 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver
(HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel
Corporation)
Intel(R) WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version:
3.0.13.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830})
(Version:  - )
Intel® PROSet/Wireless WiFi-Software
(HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel
Corporation)
Intel® Trusted Connect Service Client
(HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel
Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Graphics Software (HKLM\...\{A8CAC260-092D-41DA-A38F-73AF4226B021}) (Version:
6.1.35401.0 - Lenovo)
Lenovo Mobile Access (HKLM-x32\...\{4DD171A1-70FB-48EE-8844-98A7AA4C8DCC}) (Version:
3.2.30417.1301 - Lenovo)
Lenovo Mobile Broadband Activation
(HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.2.0009.00 - Lenovo
Group Limited)
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.43 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version:
1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version:
1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82})
(Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C})
(Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version:
1.67.00.02 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version:
1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version:
3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version:
2.3.002.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version:
5.05.0009 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version:
1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521})
(Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version:
3.1.0017.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes
Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version:
3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation)
Hidden
Microsoft .NET Framework 4.5.1 (Deutsch)
(HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 -
Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} -
1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 -
Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version:
14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 -
Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 -
Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft
Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft
Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft
Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
(HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
(HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
(HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
(HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
(HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
(HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft
Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
(HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 -
Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09})
(Version: 7.1.1.0 - Ericsson AB)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
(Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC})
(Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM-x32\...\{0a3678f8-16f2-4142-912a-7b49855d28fa}) (Version:  - Nero AG)
Nero Burning ROM Help (x32 Version: 9.4.17.100 - Nero AG) Hidden
Nero BurnRights (x32 Version: 3.4.11.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.22.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (x32 Version: 2.4.22.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.12.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.17.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Live (x32 Version: 1.4.48.0 - Nero AG) Hidden
Nero Live Help (x32 Version: 1.4.48.0 - Nero AG) Hidden
Nero PhotoSnap (x32 Version: 1.53.2.0 - Nero AG) Hidden
Nero PhotoSnap Help (x32 Version: 1.53.2.0 - Nero AG) Hidden
Nero Recode (x32 Version: 4.4.31.0 - Nero AG) Hidden
Nero Recode Help (x32 Version: 4.4.31.0 - Nero AG) Hidden
Nero Rescue Agent (x32 Version: 2.4.12.100 - Nero AG) Hidden
Nero RescueAgent Help (x32 Version: 2.4.4.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.14.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.10.205 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.8.100 - Nero AG) Hidden
Nero WaveEditor (x32 Version: 5.4.32.0 - Nero AG) Hidden
NeroBurningROM (x32 Version: 9.4.17.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.17.100 - Nero AG) Hidden
NeroLiveGadget (x32 Version: 1.2.16.100 - Nero AG) Hidden
NeroLiveGadget Help (x32 Version: 1.2.16.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NICI (64 bit) (HKLM\...\{559D2B32-5066-4762-A2F2-52831AC6F67B}) (Version: 2.7.6 -
Novell, Inc.)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
(HKLM-x32\...\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}) (Version:  - )
NMAS Challenge Response Method (HKLM\...\{54031C8D-F80D-47BB-B3CA-5E9BD7750C27})
(Version: 2.8.1.0 - Novell, Inc.)
NMAS Client (HKLM\...\{22859902-78CE-40B0-9429-6FE7A00BBF85}) (Version: 3.4.4.3 -
Novell, Inc.)
Novell Client for Windows (HKLM\...\Novell Client for Windows) (Version:  - Novell,
Inc.)
Novell iPrint Client v05.69.00 (HKLM\...\Novell iPrint Client) (Version:  - Novell,
Inc.)
NVIDIA 3D Vision Treiber 295.80
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 295.80
- NVIDIA Corporation)
NVIDIA Grafiktreiber 295.80
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.80 -
NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.12.0
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0
- NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9580 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 295.80 (Version: 295.80 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.12
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 -
NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.21 -
Lenovo)
Realtek High Definition Audio Driver
(HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek
Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
(HKLM\...\EnablePS) (Version: 1.00 - )
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper)
(Version:  - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458})
(Version: 2.14.18.01 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B})
(Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  -
Microsoft) Hidden
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version:
10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version:
3.1.1.18 - Sophos Limited)
SoundTrax (x32 Version: 4.4.32.0 - Nero AG) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.59.88888 - SugarSync, Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software
(HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2330 - Broadcom
Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.45.0 - )
ThinkVantage Access Connections
(HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Access Connections
(HKLM-x32\...\{9C551D9B-5D36-46A2-9414-F658D934B129}) (Version: 5.93 - Lenovo)
ThinkVantage Communications Utility
(HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.10.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002})
(Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version:
2.80 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz
(HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31})
(Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443})
(Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
(HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443})
(Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3})
(Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
(HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
(HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
(HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
(HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B})
(Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB})
(Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E})
(Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
(HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E})
(Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D})
(Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
(HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9})
(Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872})
(Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
(HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64})
(Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035})
(Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
(HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035})
(Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A})
(Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F})
(Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
(HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD})
(Version:  - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13
- VeriSign)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Mesh ActiveX control for remote connections
(HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 -
Microsoft Corporation)
Windows-Treiberpaket - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0)
(HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0
- Intel)
Windows-Treiberpaket - Intel System  (01/11/2012 9.3.0.1020)
(HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020
- Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011)
(HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011
- Intel)
Windows-Treiberpaket - Intel System  (08/26/2011 9.3.0.1011)
(HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011
- Intel)
Windows-Treiberpaket - Intel USB  (08/26/2011 9.3.0.1011)
(HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011
- Intel)
Windows-Treiberpaket - Lenovo 1.65.04.00 (01/11/2012 1.65.04.00)
(HKLM\...\789DF697FC48238DE07F6917CCE1C7DBEBAD3096) (Version: 01/11/2012 1.65.04.00
- Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (02/09/2012 15.3.45.0)
(HKLM\...\8926A51887C9CEEAB7E0720A1C9BEC5B3A8A2F05) (Version: 02/09/2012 15.3.45.0 -
Synaptics)
XMind 2013 (v3.4.0) (HKLM-x32\...\XMind_is1) (Version: 3.4.0.201311050558 - XMind Ltd.)

==================== Restore Points  =========================

27-06-2014 12:32:58 Windows Update
28-06-2014 07:37:09 Windows Update
28-06-2014 10:10:40 Windows Update
29-06-2014 09:00:03 Windows Update
29-06-2014 15:57:39 Windows Update
29-06-2014 17:15:45 Windows Update
30-06-2014 05:56:47 Windows-Sicherung
30-06-2014 14:52:57 Windows Update
01-07-2014 05:00:55 Windows Update
02-07-2014 05:41:45 Windows Update
02-07-2014 13:03:32 Windows Update
03-07-2014 13:25:25 Windows Update
04-07-2014 12:14:11 Windows Update
05-07-2014 08:25:19 Windows Update
05-07-2014 12:55:47 Windows Update
06-07-2014 07:58:26 Windows Update
07-07-2014 05:46:09 Windows Update
07-07-2014 05:52:41 Windows-Sicherung
08-07-2014 15:26:44 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N
C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {171C9EBD-E93F-41C3-9F1F-C3586700B1BC} -
System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {1C4D86C9-CACE-41E8-9E89-43360E03B5B1} - System32\Tasks\CCleanerSkipUAC =>
C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {1F6889A8-8CA4-4119-848A-5925AFC85723} - System32\Tasks\Lenovo\Lenovo Customer
Feedback Program => C:\Program Files\Lenovo\Customer Feedback
Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {22C11C05-2D59-42AF-849E-616BEA649481} -
System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d
sdengin2.dll,ExecuteScheduledBackup
Task: {3159401C-1CAE-480F-BDF2-03C087CD2A48} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {3A378ED5-84C8-4DAD-B04A-9F7BAA588D7A} - System32\Tasks\Lenovo\SimpleTap\Start
SimpleTap for michael_froehli.mifr001 => C:\Program
Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {45F442FF-E6AF-4E62-9E64-FF4585908B6E} - System32\Tasks\Lenovo\Lenovo Solution
Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe
[2013-09-25] (Lenovo)
Task: {4E39F9CE-9FD7-4A48-9389-71C411CDACEE} - System32\Tasks\Lenovo\Message Center
Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
[2012-05-15] (Lenovo)
Task: {5D401EDB-0340-4D2E-B008-E1C39263A2B1} - System32\Tasks\TVT\LenovoWERMonitor
=> C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21]
(Microsoft)
Task: {6EB0CA7E-1614-4CED-A41D-CF3E3CEFB5A6} - System32\Tasks\Adobe Flash Player
Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[2014-07-09] (Adobe Systems Incorporated)
Task: {715610C6-59EC-43B8-9B5A-34E2D2BD558D} -
System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe
C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {7F827CA1-3E66-4BB1-9006-428EB579239D} - System32\Tasks\PMTask => C:\Program
Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-01] (Lenovo Group Limited)
Task: {972B35BB-AED7-417C-8FFF-2471AA946FE7} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2013-02-23] (Google Inc.)
Task: {A03584BA-6EBB-4783-8A2A-50DE1CA053CD} - System32\Tasks\Lenovo\Lenovo Customer
Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback
Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {B3ABECE3-62FD-4603-AE9F-6475FC1F49E7} -
System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution
Center\LSC.exe [2013-09-25] ()
Task: {CF07819B-A7AC-42C6-9FAC-231EFF163ABC} - System32\Tasks\TVT\TVSUUpdateTask =>
C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-27 08:55 - 2010-03-10 14:47 - 00031256 _____ () C:\Windows\system32\ncv1_0.DLL
2012-07-27 08:55 - 2010-03-10 14:47 - 01039896 _____ ()
C:\Windows\system32\ncnetprovider.dll
2012-07-27 08:55 - 2010-03-10 14:47 - 00125464 _____ ()
C:\Windows\system32\NCLangID.dll
2012-07-27 08:55 - 2010-03-10 14:47 - 00181784 _____ () C:\Windows\system32\MAPBASE.dll
2012-07-27 08:55 - 2010-03-10 14:47 - 00280600 _____ ()
C:\Windows\system32\NWSHLXNT.dll
2012-07-27 08:55 - 2010-03-10 13:43 - 00016384 _____ ()
C:\Windows\system32\nls\ENGLISH\NCLangIDR.DLL
2012-07-27 08:55 - 2010-03-10 13:47 - 00094208 _____ ()
C:\Windows\system32\nls\ENGLISH\MAPBASER.DLL
2012-07-27 08:55 - 2010-03-10 13:48 - 00110592 _____ ()
C:\Windows\system32\nls\ENGLISH\NWSHLXNTR.DLL
2012-07-27 08:55 - 2010-03-10 13:50 - 00495616 _____ ()
C:\Windows\system32\nls\ENGLISH\ncnetproviderR.DLL
2012-07-27 08:55 - 2010-03-10 14:47 - 00172056 _____ () C:\Program
Files\Novell\Client\XTier\Common\ipctlcp.dll
2012-07-27 08:55 - 2010-03-10 14:47 - 00104472 _____ () C:\Program
Files\Novell\Client\XTier\Common\libslp.dll
2013-06-30 12:54 - 2010-04-22 14:20 - 00177152 ____N () C:\Program
Files\Lenovo\Lenovo Mouse Suite\PelService.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common
Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-19 15:46 - 2012-02-01 04:34 - 00094208 _____ ()
C:\Windows\System32\IccLibDll_x64.dll
2012-07-27 08:55 - 2010-03-10 14:47 - 00037400 _____ () C:\Windows\System32\nwtray.exe
2012-07-27 08:55 - 2010-03-10 14:47 - 01039896 _____ ()
C:\Windows\System32\NCNetProvider.DLL
2012-07-27 08:55 - 2010-03-10 14:47 - 00125464 _____ ()
C:\Windows\System32\NCLangID.dll
2012-07-27 08:55 - 2010-03-10 14:47 - 00181784 _____ () C:\Windows\System32\MAPBASE.dll
2012-07-27 08:55 - 2010-03-10 14:47 - 00280600 _____ ()
C:\Windows\System32\NWSHLXNT.dll
2012-07-27 08:55 - 2010-03-10 13:43 - 00016384 _____ ()
C:\Windows\System32\nls\ENGLISH\NCLangIDR.DLL
2012-07-27 08:55 - 2010-03-10 13:47 - 00094208 _____ ()
C:\Windows\System32\nls\ENGLISH\MAPBASER.DLL
2012-07-27 08:55 - 2010-03-10 13:48 - 00110592 _____ ()
C:\Windows\System32\nls\ENGLISH\NWSHLXNTR.DLL
2012-07-27 08:55 - 2010-03-10 13:50 - 00495616 _____ ()
C:\Windows\System32\nls\ENGLISH\NCNetProviderR.DLL
2012-06-19 15:50 - 2012-05-01 23:30 - 00103936 ____N () C:\Program Files
(x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2013-06-30 12:54 - 2008-11-27 16:16 - 00018432 ____N () C:\Program
Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
2013-06-30 12:54 - 2010-06-02 11:37 - 00228352 ____N () C:\Program
Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco
Systems\VPN Client\vpnapi.dll
2012-06-19 15:56 - 2012-01-17 08:29 - 00030512 ____N () C:\Program Files
(x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2012-06-19 15:51 - 2011-08-02 04:58 - 02201088 _____ () C:\Program
Files\Lenovo\Communications Utility\cxcore210.dll
2012-06-19 15:51 - 2011-08-02 04:58 - 02085888 _____ () C:\Program
Files\Lenovo\Communications Utility\cv210.dll
2012-06-19 15:46 - 2011-07-13 10:10 - 00065576 ____R () C:\Program Files
(x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files
(x86)\Lenovo\Access Connections\AcWrpc.dll
2014-07-10 07:47 - 2014-07-10 07:47 - 00043008 _____ ()
c:\Users\michael_***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm2t5jv.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ ()
C:\Users\michael_***\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-08 13:22 - 2014-05-08 13:22 - 00019968 _____ () C:\Program Files
(x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files
(x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-05-08 13:21 - 2014-05-08 13:21 - 02897280 _____ () C:\Program Files
(x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2014-05-08 13:22 - 2014-05-08 13:22 - 01446400 _____ () C:\Program Files
(x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files
(x86)\Microsoft Office 2010\Office14\ADDINS\UmOutlookAddin.dll
2010-10-20 16:08 - 2010-10-20 16:08 - 00122720 _____ () C:\Program Files
(x86)\Microsoft Office 2010\Office14\OUTLCTL.DLL
2012-06-19 15:44 - 2012-02-21 05:09 - 01198872 _____ () C:\Program Files
(x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This
starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2014 00:15:24 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für
"assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2"
in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist
ungültig.

Error: (07/10/2014 00:11:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für
"assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2"
in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist
ungültig.

Error: (07/10/2014 09:57:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für
"assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2"
in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist
ungültig.

Error: (07/10/2014 07:57:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: clidonfg.exe, Version: 1.0.0.1,
Zeitstempel: 0x4fcb778e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000002c46894
ID des fehlerhaften Prozesses: 0xb3c
Startzeit der fehlerhaften Anwendung: 0xclidonfg.exe0
Pfad der fehlerhaften Anwendung: clidonfg.exe1
Pfad des fehlerhaften Moduls: clidonfg.exe2
Berichtskennung: clidonfg.exe3

Error: (07/10/2014 07:53:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011)
(User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im
Datenbereich.

Error: (07/10/2014 07:53:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012)
(User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der
Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance"
auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert
"BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der
Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist
das dritte DWORD im Datenbereich.

Error: (07/10/2014 07:53:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012)
(User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der
Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance"
auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert
"BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der
Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist
das dritte DWORD im Datenbereich.

Error: (07/10/2014 07:46:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >
990x80041003

Error: (07/09/2014 09:49:00 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für
"assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2"
in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist
ungültig.

Error: (07/09/2014 09:46:43 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für
"assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2"
in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist
ungültig.


System errors:
=============
Error: (07/10/2014 07:59:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BD57A9B2-4E7D-4892-9107-9F4106472DA4}

Error: (07/10/2014 07:57:51 AM) (Source: Service Control Manager) (EventID: 7034)
(User: )
Description: Dienst "Shockprf WiDi stexstor" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error: (07/10/2014 07:45:43 AM) (Source: Service Control Manager) (EventID: 7000)
(User: )
Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden
Fehlers nicht gestartet: 
%%2

Error: (07/09/2014 02:34:04 PM) (Source: Schannel) (EventID: 4120) (User:
NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne
Fehlerstatus lautet: 252.

Error: (07/09/2014 10:20:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BD57A9B2-4E7D-4892-9107-9F4106472DA4}

Error: (07/09/2014 07:49:55 AM) (Source: Service Control Manager) (EventID: 7000)
(User: )
Description: Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden
Fehlers nicht gestartet: 
%%2

Error: (07/08/2014 05:27:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient)
(EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2835364)

Error: (07/08/2014 09:41:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BD57A9B2-4E7D-4892-9107-9F4106472DA4}

Error: (07/08/2014 07:49:43 AM) (Source: Service Control Manager) (EventID: 7000)
(User: )
Description: Der Dienst "DNS-Client" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/08/2014 07:49:43 AM) (Source: Service Control Manager) (EventID: 7009)
(User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
DNS-Client erreicht.


Microsoft Office Sessions:
=========================
Error: (07/10/2014 00:15:24 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dllC:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll19

Error: (07/10/2014 00:11:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exeC:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe19

Error: (07/10/2014 09:57:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exeC:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe19

Error: (07/10/2014 07:57:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description:
clidonfg.exe1.0.0.14fcb778eunknown0.0.0.000000000c00000050000000002c46894b3c01cf9c024c03a6b2C:\Windows\system32\clidonfg.exeunknown201eb3be-07f7-11e4-aaaf-028037ec0200

Error: (07/10/2014 07:53:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011)
(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/10/2014 07:53:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012)
(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (07/10/2014 07:53:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012)
(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (07/10/2014 07:46:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage >
990x80041003

Error: (07/09/2014 09:49:00 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dllC:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll19

Error: (07/09/2014 09:46:43 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exeC:\Program
Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe19


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 3819.94 MB
Available physical RAM: 1561.2 MB
Total Pagefile: 7638.06 MB
Available Pagefile: 4545.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:385.67 GB) NTFS ==>[System
with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:15.12 GB) (Free:9.86 GB) FAT32
Drive g: (Iomega_HDD) (Fixed) (Total:465.76 GB) (Free:188.54 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:11.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F675EA44)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 7974A4C6)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 11.07.2014, 10:55

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

03.07.2014, 12:29	#4
schrauber /// the machine /// TB-Ausbilder	Windows 7: Browserstartseite ändert sich selbst FRST öffnen, Haken setzen bei Addition und scannen, poste jetzt bitte die Addition.txt. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: Browserstartseite ändert sich selbst

Log-Analyse und Auswertung: Windows 7: Browserstartseite ändert sich selbst