| Jimbohigh | 01.05.2013 11:23 |
So hoffe nu is alles richtig. Sorry hab letze mal nicht richtig gelesen.
Malware: Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.04.04.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
donny1982 :: DONNY1982-THINK [Administrator]
Schutz: Aktiviert
01.05.2013 10:18:49
MBAM-log-2013-05-01 (11-53-32).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 422823
Laufzeit: 1 Stunde(n), 34 Minute(n), 2 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 4
C:\Download\Software\AVS Video Converter 8.1.2.510\activator.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
C:\Download\Software\CloneDVD v2.9.3.0\core-keygen.exe.vir (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\core-keygen.exe.vir (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\donny1982\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2EOP8C4\50f47504ee60d[1].exe.vir (PUP.FakePlug) -> Keine Aktion durchgeführt.
(Ende)
OTL.txt
OTL Logfile: Code:
OTL logfile created on: 01.05.2013 12:02:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\donny1982\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 48,31% Memory free
7,77 Gb Paging File | 5,48 Gb Available in Paging File | 70,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464,29 Gb Total Space | 379,64 Gb Free Space | 81,77% Space Free | Partition Type: NTFS
Computer Name: DONNY1982-THINK | User Name: donny1982 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\donny1982\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\SearchScopes\{3A6967C4-F161-4BB7-A843-166EBBDBD3A8}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE475DE478
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\SearchScopes\{988600D7-6B86-413C-B577-C7814F8BD744}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=60433927-97B7-4D83-83A5-4B92312E5F8C&apn_sauid=977FBA54-1D2F-4EA5-B5DB-C916D1624015
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={1A6DEF70-B90B-4697-8E57-2E69F8EA74D1}&src=2&crg=3.1010000&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.14 22:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.11 22:11:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.11 22:11:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.05.24 20:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\Extensions
[2012.05.24 20:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.01.24 12:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\Firefox\Profiles\ui7ikhwp.default\extensions
[2013.01.24 12:50:57 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\donny1982\AppData\Roaming\mozilla\Firefox\Profiles\ui7ikhwp.default\extensions\50f47504d6fd9@50f47504d7012.com
[2012.11.01 07:06:30 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\donny1982\AppData\Roaming\mozilla\Firefox\Profiles\ui7ikhwp.default\extensions\toolbar@ask.com
[2012.12.16 20:52:47 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\firefox\profiles\ui7ikhwp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.13 13:32:23 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\firefox\profiles\ui7ikhwp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.11.01 07:06:30 | 000,002,308 | ---- | M] () -- C:\Users\donny1982\AppData\Roaming\mozilla\firefox\profiles\ui7ikhwp.default\searchplugins\askcom.xml
[2012.10.21 19:25:44 | 000,003,915 | ---- | M] () -- C:\Users\donny1982\AppData\Roaming\mozilla\firefox\profiles\ui7ikhwp.default\searchplugins\sweetim.xml
[2012.05.21 22:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.11 22:11:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.11 22:11:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.11 22:11:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.11 22:11:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.11 22:11:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.11 22:11:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.11 22:11:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - Extension: SaveByclick = C:\Users\donny1982\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecpcopodiflbfakoimmapkaejdmcjnm\1\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (SaveByclick) - {28C10440-BE8D-A1E7-843C-C3A31833AA60} - C:\ProgramData\SaveByclick\50f47504d716b.dll File not found
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Users\donny1982\Desktop\mbar-1.01.0.1020\mbar\Data\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\donny1982\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\donny1982\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\donny1982\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\donny1982\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5606821E-786A-4189-AA75-549261DD8ACD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644B01BB-FDD5-44A8-8884-25E5384553D4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\slpcsrj.bat) - C:\ProgramData\slpcsrj.bat ()
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\slpcsrj.bat) - C:\ProgramData\slpcsrj.bat ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.01 11:59:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\donny1982\Desktop\OTL.exe
[2013.05.01 10:17:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.01 10:17:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.01 10:17:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.01 10:17:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.01 10:17:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.01 10:17:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.01 10:17:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.01 10:17:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.01 10:17:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.01 10:17:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.01 10:17:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.01 10:17:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.01 10:17:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.01 10:17:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.01 10:17:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.27 19:43:06 | 000,000,000 | ---D | C] -- C:\Users\donny1982\AppData\Roaming\Malwarebytes
[2013.04.27 19:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.27 19:42:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.27 19:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.27 19:32:36 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.27 19:32:36 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.27 19:32:36 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.27 19:32:36 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.27 19:32:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.27 19:32:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.27 19:28:05 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.27 19:28:04 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.27 19:28:04 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.27 19:28:04 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.27 19:28:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.27 19:28:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.27 19:27:56 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2012.04.01 21:27:29 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\donny1982\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2013.05.01 12:04:07 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.01 12:04:07 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.01 12:04:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.05.01 12:03:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.05.01 12:01:35 | 000,657,016 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.01 12:01:35 | 000,618,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.01 12:01:35 | 000,131,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.01 12:01:35 | 000,107,836 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.01 12:01:34 | 001,506,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.01 11:57:34 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.01 11:56:08 | 000,322,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.01 11:55:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.01 11:55:25 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.01 11:45:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.01 11:15:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.01 11:13:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\donny1982\Desktop\OTL.exe
[2013.05.01 10:42:20 | 001,057,785 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.05.01 10:42:20 | 000,054,533 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.04.27 19:47:02 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.27 19:47:02 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.27 19:42:59 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.27 19:10:39 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2013.04.27 19:10:39 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2013.04.27 19:10:39 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013.04.27 19:42:59 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.02 15:37:51 | 000,000,153 | ---- | C] () -- C:\ProgramData\slpcsrj.reg
[2013.02.02 15:37:51 | 000,000,082 | ---- | C] () -- C:\ProgramData\slpcsrj.bat
[2013.02.02 15:37:43 | 095,023,320 | ---- | C] () -- C:\ProgramData\slpcsrj.pad
[2012.06.11 18:56:58 | 000,004,096 | -H-- | C] () -- C:\Users\donny1982\AppData\Local\keyfile3.drm
[2012.05.09 21:21:11 | 000,000,600 | ---- | C] () -- C:\Users\donny1982\AppData\Local\PUTTY.RND
[2012.04.02 20:45:34 | 000,017,408 | ---- | C] () -- C:\Users\donny1982\AppData\Local\WebpageIcons.db
[2012.04.02 06:57:21 | 000,000,131 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.04.01 21:27:46 | 000,001,041 | ---- | C] () -- C:\Users\donny1982\AppData\Roaming\vso_ts_preview.xml
[2012.04.01 21:27:29 | 000,099,384 | ---- | C] () -- C:\Users\donny1982\AppData\Roaming\inst.exe
[2012.04.01 21:27:29 | 000,007,859 | ---- | C] () -- C:\Users\donny1982\AppData\Roaming\pcouffin.cat
[2012.04.01 21:27:29 | 000,001,167 | ---- | C] () -- C:\Users\donny1982\AppData\Roaming\pcouffin.inf
[2012.04.01 21:19:19 | 001,057,785 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.04.01 21:13:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.18 21:22:47 | 001,692,288 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012.03.18 21:22:47 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012.03.18 21:22:46 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012.03.18 21:22:46 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012.03.18 21:22:46 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012.03.16 01:40:49 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.03.16 01:40:18 | 001,543,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.23 21:07:01 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.02.23 12:40:03 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.23 12:40:02 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.23 12:40:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
--- --- ---
extras.txt
OTL Logfile: Code:
OTL Extras logfile created on: 01.05.2013 12:02:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\donny1982\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 48,31% Memory free
7,77 Gb Paging File | 5,48 Gb Available in Paging File | 70,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464,29 Gb Total Space | 379,64 Gb Free Space | 81,77% Space Free | Partition Type: NTFS
Computer Name: DONNY1982-THINK | User Name: donny1982 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A4E39C5-5CBB-4CF7-8D7B-ACAF05951A06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1F602BC5-1759-4B38-A420-A15AF4E37C76}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2CB34BCA-2175-4D57-9945-C8D30400B109}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30B2E3C9-B730-42C4-9462-077EB40561E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3FF89EE6-D101-4EC9-9C38-3ECC13A2FDBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C76D0DF-92E5-43D2-80F2-BA494EF319C3}" = lport=3389 | protocol=6 | dir=in | app=system |
"{646EDDB1-98C5-45D2-80EE-D8CDB5F043F4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{69A803DD-CFE3-436D-B2B8-78A83A3EB5C3}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{6B4616E6-5F93-4507-A357-68082A168B2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB943BAE-06C0-4339-9248-C65D1B71A699}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D85A8676-8BC5-4F1C-B28C-7D6EAC866DEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9D28883-BB88-43CF-82AA-5296F7D3A442}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F54E7197-C020-4ECA-80D1-5E9DA85674AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02953322-B048-4D38-886B-BA9243387E98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{031F3FD9-3243-49F0-B533-5DD93D8A5201}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{17C1E2E7-60A8-4361-A533-F3DFD76429C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1ABDFFBF-4EDB-4C93-B4DE-AE71715DE5E9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{26CBD4E0-2B49-4824-A95A-CD84A7384A7C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2983DD26-3363-4485-A7D8-4414A128E3AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30510965-DCE6-4901-B9EC-0C745B8FAA60}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{38648BC7-B3DD-4B1C-9C63-B1F55E4FFFF8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3E8062E5-516E-4C0A-A4BC-83DB23D40851}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{426E4B9D-5DD2-4B06-9315-BC5712AF8283}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{44231DA7-6F2A-4E14-9487-CE5F2E46A766}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A13C49A-354A-488F-957D-46CF96C02EAA}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{4EECA9D4-E60E-4398-9015-6B0426F23F86}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{56F324E7-DB5C-4807-ABF0-4B9838A2C866}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{58B2DEDF-888F-44AF-BA49-3273EFA00AE2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AF95DAE-3892-4D70-9580-93410409B4DB}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6A78ACFA-5FA8-4724-A60F-3E11443B1C17}" = protocol=6 | dir=out | app=system |
"{6E06865A-189B-47CE-B7FB-90C17B6229E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78E3B460-F074-4C62-98D4-4A2C00114258}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{82BD43E4-CD52-47EE-B4BB-9EFCE524EC11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{83C92993-AE19-4C70-98D3-2D9B43078EF3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{90228575-80D0-43E4-891F-7783E7EF69A0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{95D0F951-417E-4833-ACC6-95D05DD6D703}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99B5B823-C69F-42F8-9CC0-EEA1F233C2BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D75750C-2396-4588-AE8D-1F38CD3C93C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FD5039C-9DFA-4608-9E3F-917011E22597}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{A5497C3F-EDD0-48B5-8E43-6EED752A3323}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AC961243-4EBA-42C3-9B0B-D8C91E4EAE12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ADF7274F-0472-4AA6-8F41-A442ACB15A2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE770071-864A-4636-AA2E-8E9B975E64AE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B57A920E-572F-4352-95F1-CB087056FE14}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{BAF69C09-0219-4F63-8D62-8CB06D29F5B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1CF4DF6-4504-411D-BCBE-3FF94E6917AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1D0DEC4-1C5F-4E26-B588-AB6ABEFFB0FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C59788D6-3843-45B3-A83D-2039E1DA5869}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C77A7C3D-E3C0-4910-A089-048C6CBFE9E5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0B2FA45-DE9F-419A-B2C7-66ECE866DFCD}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{D49F08C9-B962-49D3-A3D9-96AC2BB8B3AD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E3738AED-0B4A-41BC-AD2E-C7D99A8113E6}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E9E8B61F-552C-496E-B492-B540F3C7B60C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.71
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C94EB447-5772-48DC-AA37-1F5012AD96B1}" = SaveByClick
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011)
"0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021)
"43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)
"8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011)
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SpeedCommander 14 (x64)" = SpeedCommander 14 (x64)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{09531CAE-B186-49A9-B44F-C607CC54FA2A}" = PDF Architect
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1341F917-C3E5-413E-A11C-AA58273843C4}" = SpeedMaxPc
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}" =
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{556F81B4-EDCD-4009-8A07-95BFE1E19F28}" = roomeon 3D-Planer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.312
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"DBox II - Bootmanager" = DBox II - Bootmanager
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 5.0.1 Professional
"FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar
"Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.2.1
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"PokerStars.eu" = PokerStars.eu
"ProInst" = Intel PROSet Wireless
"SP_661c9f97" =
"TeamViewer 7" = TeamViewer 7
"TomTom HOME" = TomTom HOME 2.8.3.2499
"UltraStar Deluxe" = UltraStar Deluxe
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"EverestPoker.com" = EverestPoker.com
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.12.2012 13:50:54 | Computer Name = donny1982-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc541 Name des fehlerhaften Moduls: nvwgf2umx.dll, Version: 8.17.12.6871,
Zeitstempel: 0x4ddd7f4f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000c957b
ID
des fehlerhaften Prozesses: 0xfdc Startzeit der fehlerhaften Anwendung: 0x01cdd17e207b2e29
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\nvwgf2umx.dll Berichtskennung: fba8e0ac-3d71-11e2-a19a-f0def1cfaf0e
Error - 03.12.2012 14:54:01 | Computer Name = donny1982-THINK | Source = System Restore | ID = 8193
Description =
Error - 05.12.2012 13:59:00 | Computer Name = donny1982-THINK | Source = WinMgmt | ID = 10
Description =
Error - 05.12.2012 14:32:43 | Computer Name = donny1982-THINK | Source = System Restore | ID = 8193
Description =
Error - 06.12.2012 11:43:24 | Computer Name = donny1982-THINK | Source = Winlogon | ID = 4005
Description = Der Windows-Anmeldeprozess wurde unerwartet beendet.
Error - 06.12.2012 11:44:35 | Computer Name = donny1982-THINK | Source = WinMgmt | ID = 10
Description =
Error - 06.12.2012 18:30:25 | Computer Name = donny1982-THINK | Source = WinMgmt | ID = 10
Description =
Error - 06.12.2012 20:33:32 | Computer Name = donny1982-THINK | Source = System Restore | ID = 8193
Description =
Error - 07.12.2012 15:42:20 | Computer Name = donny1982-THINK | Source = System Restore | ID = 8193
Description =
Error - 08.12.2012 05:59:30 | Computer Name = donny1982-THINK | Source = WinMgmt | ID = 10
Description =
[ Lenovo-Lenovo Patch Utility/Admin Events ]
Error - 15.09.2012 07:22:54 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
Error - 15.09.2012 07:22:54 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
Error - 15.09.2012 07:22:54 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to get available patch. Return 2.
Error - 29.09.2012 08:26:04 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
konnten nicht übersetzt werden.
Error - 29.09.2012 08:26:06 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
Error - 29.09.2012 08:26:06 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
Error - 29.09.2012 08:26:06 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to get available patch. Return 2.
Error - 05.10.2012 14:00:04 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
konnten nicht übersetzt werden.
Error - 05.10.2012 14:00:09 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
Error - 05.10.2012 14:00:09 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
[ Lenovo-Message Center Plus/Admin Events ]
Error - 26.04.2012 04:26:18 | Computer Name = donny1982-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
Error - 28.05.2012 14:58:11 | Computer Name = donny1982-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
[ System Events ]
Error - 19.08.2012 13:38:17 | Computer Name = donny1982-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?08.?2012 um 19:36:16 unerwartet heruntergefahren.
Error - 22.08.2012 13:42:33 | Computer Name = donny1982-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?08.?2012 um 19:40:37 unerwartet heruntergefahren.
Error - 28.08.2012 13:39:42 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc erreicht.
Error - 29.08.2012 00:34:22 | Computer Name = donny1982-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?08.?2012 um 22:14:16 unerwartet heruntergefahren.
Error - 01.09.2012 06:51:54 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc erreicht.
Error - 01.09.2012 06:54:41 | Computer Name = donny1982-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?09.?2012 um 12:53:24 unerwartet heruntergefahren.
Error - 03.09.2012 10:28:43 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc erreicht.
Error - 07.09.2012 13:57:36 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc erreicht.
Error - 08.09.2012 11:04:45 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc erreicht.
Error - 14.09.2012 12:40:12 | Computer Name = donny1982-THINK | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200e fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.135.1218.0)
< End of report >
--- --- ---
vielen Dank im Voraus
mfg
Jimbo |
Malwarebytes Anti-Malware