Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   wssetup.exe sicher entfernen? benötige hilfe. (https://www.trojaner-board.de/136441-wssetup-exe-sicher-entfernen-benoetige-hilfe.html)

vivarium 12.06.2013 07:12
wssetup.exe sicher entfernen? benötige hilfe.
 
Hallo liebes Trojaner-Board,
ich benötige eure Hilfe. Ich habe auch das Problem, dass beim Systemstart (windows 7) dieses wssetup.exe auftaucht.

Was ist genau zu tun?
Vielen Dank schon mal.
LG

smeenk 12.06.2013 08:39
:hallo:

Ich bin smeenk und ich werde versuchen Dir zu helfen :)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

vivarium 12.06.2013 09:40
Habe es gemacht. Füge erst den OTL, an zweiter Stelle den EXTRAS ein. Danke schon mal und LG.

OTL Logfile:
Code:
OTL logfile created on: 12.06.2013 09:59:23 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 31,24% Memory free
5,85 Gb Paging File | 2,69 Gb Available in Paging File | 46,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,33 Gb Total Space | 62,01 Gb Free Space | 13,65% Space Free | Partition Type: NTFS
Drive Q: | 10,25 Gb Total Space | 5,07 Gb Free Space | 49,43% Space Free | Partition Type: NTFS
 
Computer Name: ***-THINK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
PRC - C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\GFilterSvc.exe ()
PRC - C:\Windows\System32\vaultsvd.exe ()
PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
PRC - C:\Programme\TP-LINK\USB Printer Controller\USB Printer Controller.exe ()
PRC - C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (Authentec Inc.)
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Synaptics\Scrybe\scrybe.exe (Synaptics Incorporated)
PRC - C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Programme\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
MOD - c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\TP-LINK\USB Printer Controller\USB Printer Controller.exe ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll ()
MOD - C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll ()
MOD - C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (GFilterSvc) -- C:\Windows\System32\GFilterSvc.exe ()
SRV - (ucsvc32) -- C:\Windows\System32\vaultsvd.exe ()
SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (ScrybeUpdater) -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PCDSRVC{3037D694-FD904ACA-06020200}_0) --  File not found
DRV - (MpKsl0c7e8d15) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B4DE3F4-FD17-44E3-89AF-429212DB0902}\MpKsl0c7e8d15.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (SmbDrvI) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\Netwsn00.sys (Intel Corporation)
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (TPLINKUDSMBus) -- C:\Windows\System32\drivers\TPLINKUDSMBus.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (TPLINKUDSTcpBus) -- C:\Windows\System32\drivers\TPLINKUDSTcpBus.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (5U877) -- C:\Windows\System32\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (pmxdrv) -- C:\Windows\System32\drivers\pmxdrv.sys ()
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (TurboB) -- C:\Windows\System32\drivers\TurboB.sys ()
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117unic) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {E668679A-8755-47E1-B2EE-49D9FA828DB8}
IE - HKLM\..\SearchScopes\{E668679A-8755-47E1-B2EE-49D9FA828DB8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ncr
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_pcp_3712_2&babsrc=SP_ss&mntrId=ea7941b1000000000000000000000000
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes\{A8945019-18BA-4ECC-B55E-160FD84D07CE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.25
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.02.28 16:46:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.03 23:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.14.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2012.12.22 00:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.14.1\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2013.05.17 13:27:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F74D5734-46F5-4B16-96F0-1E7FBF41B750}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2012.09.11 08:25:25 | 000,000,000 | ---D | M]
 
[2013.05.16 21:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.31 20:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.29 22:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2013.05.16 21:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4j4b4ll7.default\extensions
[2013.04.10 16:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\actxcumy.default\extensions
[2013.04.10 16:46:20 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\actxcumy.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.02.28 20:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.06 21:02:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.02.28 16:46:33 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2010.08.09 16:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files\mozilla firefox\plugins\npCortona.dll
[2012.04.02 10:51:29 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.09.15 19:43:53 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.04.26 10:54:51 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.08.12 10:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ShareazaWebSearch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Cortona3D Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Search Widget [aNTP] = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgndnbcojepcnagnllkapelleekeiil\1.2.7_0\
CHR - Extension: eBay.de = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbgbiabfdfeimjdoldhaomkcoppild\1.1_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Search by Image (by Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0\
CHR - Extension: Classic = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: eBay Deutschland = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeldiheickbpmkhmkgcpefjhkpjghki\1.0_0\
CHR - Extension: Erweiterung \RSS-Abonnement\ (von Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\
CHR - Extension: LEO W\u00F6rterbuchsuche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.4_0\
CHR - Extension: Google Quick Scroll = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2_0\
CHR - Extension: Instagram for Chrome = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.5.4_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0\
CHR - Extension: Google Reader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Search Widget [aNTP] = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgndnbcojepcnagnllkapelleekeiil\1.2.7_0\
CHR - Extension: eBay.de = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbgbiabfdfeimjdoldhaomkcoppild\1.1_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Search by Image (by Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0\
CHR - Extension: Classic = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: eBay Deutschland = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeldiheickbpmkhmkgcpefjhkpjghki\1.0_0\
CHR - Extension: Erweiterung \RSS-Abonnement\ (von Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\
CHR - Extension: LEO W\u00F6rterbuchsuche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.4_0\
CHR - Extension: Google Quick Scroll = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2_0\
CHR - Extension: Instagram for Chrome = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.5.4_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0\
CHR - Extension: Google Reader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.06.10 12:04:44 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\***\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Programme\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TP-Link USB Printer Controller] C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk = C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E46B758-E4D6-4596-807B-A57756BA850A}: NameServer = 212.23.115.148 212.23.115.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B51B8BBA-E8CB-4983-B6B7-846F9F533C63}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3510700-6A5A-4F8C-9078-2C97D0DBAB0B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5546EB2-46D7-4844-A476-1441BA3CB4D3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.10 13:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.06.10 09:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.10 09:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.10 09:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.10 09:49:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\redsn0w
[2013.05.30 14:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2013.05.30 14:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2013.05.17 13:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.05.16 09:10:43 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 09:10:42 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 09:10:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 09:10:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 09:10:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 09:10:40 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 09:10:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 09:10:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 09:10:40 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 09:10:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 08:43:12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 08:43:11 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 08:43:04 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 08:42:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.16 08:42:56 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.14 17:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.05.14 17:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\TP-LINK
[2013.05.14 14:41:54 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.14 14:41:54 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.14 14:41:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.14 14:41:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.14 14:41:54 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.14 14:41:53 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.14 14:41:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.14 14:41:53 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.14 14:41:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.14 14:41:52 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.14 14:41:52 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.14 14:41:52 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.14 14:41:52 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.14 14:41:52 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.14 14:41:52 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.14 14:41:52 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.14 14:41:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.14 14:41:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.14 14:41:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.14 14:41:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.14 14:41:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.14 14:41:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.14 14:41:51 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.14 14:41:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.14 14:41:51 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.14 14:41:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[21 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.12 10:00:40 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.12 09:32:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.12 09:22:09 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2424265513-2494307364-3588977769-1000Core.job
[2013.06.12 09:22:07 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2424265513-2494307364-3588977769-1000UA.job
[2013.06.12 07:32:47 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 07:32:47 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 07:30:19 | 017,646,942 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.12 07:30:19 | 005,621,204 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.12 07:30:19 | 000,336,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.12 07:30:19 | 000,052,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.12 07:24:15 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.12 07:23:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.12 07:23:43 | 2355,892,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.10 13:52:45 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.10 12:46:13 | 000,001,122 | ---- | M] () -- C:\Users\***\Desktop\Continue Codec Pack Installation.lnk
[2013.06.10 12:04:44 | 000,000,054 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.10 12:04:44 | 000,000,053 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2013.06.10 11:53:28 | 253,340,786 | ---- | M] () -- C:\Users\***\Desktop\iPhone1,2_3.1.2_7D11_Restore.ipsw
[2013.06.05 11:58:10 | 000,183,228 | ---- | M] () -- C:\Users\***\Desktop\Reklamation_***.pdf
[2013.05.31 10:04:35 | 000,005,693 | ---- | M] () -- C:\Users\***\Desktop\Anschreiben_20130531100342.pdf
[2013.05.31 10:00:00 | 000,016,766 | ---- | M] () -- C:\Users\***\Desktop\komprimierte Steuererklärung_ESt2012_***_Robert_Maximilian.pdf
[2013.05.30 14:12:09 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.05.17 13:26:03 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.17 12:31:16 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.05.17 08:52:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2013.05.16 13:57:38 | 000,462,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 08:57:12 | 000,204,091 | ---- | M] () -- C:\Users\***\Desktop\Einladung 1305.pdf
[2013.05.14 17:31:47 | 000,120,438 | ---- | M] () -- C:\Users\***\Documents\TP
[2013.05.14 17:17:19 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\USB Printer Controller.lnk
[2013.05.14 14:41:54 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.14 14:41:54 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.14 14:41:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.14 14:41:54 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.14 14:41:54 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.14 14:41:54 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.14 14:41:53 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.14 14:41:53 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.14 14:41:53 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.14 14:41:52 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.14 14:41:52 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.14 14:41:52 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.14 14:41:52 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.14 14:41:52 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.14 14:41:52 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.14 14:41:52 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.14 14:41:52 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.14 14:41:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.14 14:41:52 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.14 14:41:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.14 14:41:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.14 14:41:52 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.14 14:41:52 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.14 14:41:52 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.14 14:41:51 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.14 14:41:51 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.14 14:41:51 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.05.14 13:38:33 | 008,258,048 | ---- | M] () -- C:\Users\***\Desktop\wdr4300v1_en_3_13_23_up_boot(120810).bin
[2013.05.14 12:22:24 | 008,126,464 | ---- | M] () -- C:\Users\***\Desktop\wdr4300v1_en_3_13_31_up(130319).bin
[21 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.10 15:44:28 | 253,340,786 | ---- | C] () -- C:\Users\***\Desktop\iPhone1,2_3.1.2_7D11_Restore.ipsw
[2013.06.10 12:46:13 | 000,001,122 | ---- | C] () -- C:\Users\***\Desktop\Continue Codec Pack Installation.lnk
[2013.06.10 09:59:10 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.05 11:58:07 | 000,183,228 | ---- | C] () -- C:\Users\***\Desktop\Reklamation_***.pdf
[2013.05.31 10:04:35 | 000,005,693 | ---- | C] () -- C:\Users\***\Desktop\Anschreiben_20130531100342.pdf
[2013.05.31 09:59:59 | 000,016,766 | ---- | C] () -- C:\Users\***\Desktop\komprimierte Steuererklärung_ESt2012_***_Robert_Maximilian.pdf
[2013.05.30 14:12:09 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.05.17 13:26:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.17 13:26:03 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.17 07:22:17 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2013.05.16 08:57:12 | 000,204,091 | ---- | C] () -- C:\Users\***\Desktop\Einladung 1305.pdf
[2013.05.14 17:28:40 | 000,120,438 | ---- | C] () -- C:\Users\***\Documents\TP
[2013.05.14 17:17:19 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\USB Printer Controller.lnk
[2013.05.14 14:41:52 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.05.02 18:28:23 | 000,115,613 | ---- | C] () -- C:\Users\***\20130502_Kündigung Sicherheitspaket Unitymedia.jpg
[2013.01.14 22:14:08 | 000,001,495 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.09.15 19:43:37 | 000,093,696 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2012.09.15 19:43:35 | 000,065,024 | ---- | C] () -- C:\Windows\System32\vaultsvd.exe
[2012.09.11 08:20:12 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2012.09.11 08:12:09 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.09.11 08:12:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.09.11 08:12:07 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.09.11 08:12:05 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2011.10.17 10:19:36 | 000,096,256 | ---- | C] () -- C:\Windows\FunambolAddin.dll
[2011.05.17 13:07:27 | 037,211,611 | ---- | C] () -- C:\Users\***\04 Halt dich an mir fest (Duett Vers [Hohe Qualität und Größe].wmv
[2011.05.11 18:26:38 | 001,612,243 | ---- | C] () -- C:\Users\***\Romantische Beziehungen I Dimensionen der Liebe und Narzissmus (2).pdf
[2011.04.26 13:24:36 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010.12.21 23:28:42 | 000,001,454 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.12.06 10:31:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.30 19:11:54 | 000,009,728 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.07.18 11:28:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.09.15 19:43:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.09.06 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.06.18 17:54:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.06.18 17:53:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.30 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2013.01.01 13:27:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExpressFiles
[2013.04.14 19:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.04.26 11:02:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FrostWire
[2011.08.02 14:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Funambol
[2012.02.23 09:20:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC
[2011.05.26 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.01.05 13:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LaPrivate
[2010.11.19 22:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo
[2012.04.02 10:51:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs
[2011.10.23 17:39:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2010.11.29 20:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu
[2012.08.20 22:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook
[2011.06.05 15:49:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2012.09.11 09:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2013.06.10 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w
[2011.02.13 15:10:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SecondLife
[2011.02.28 16:59:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2012.01.15 18:58:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics
[2013.04.05 08:36:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telekom
[2010.12.31 20:03:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.01.05 14:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.07.23 13:40:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.06.05 14:41:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Update
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB65152$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 12.06.2013 09:59:23 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 31,24% Memory free
5,85 Gb Paging File | 2,69 Gb Available in Paging File | 46,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,33 Gb Total Space | 62,01 Gb Free Space | 13,65% Space Free | Partition Type: NTFS
Drive Q: | 10,25 Gb Total Space | 5,07 Gb Free Space | 49,43% Space Free | Partition Type: NTFS
 
Computer Name: ***-THINK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DD1C08-29A0-4C0A-B1B2-545C8B0E089D}" = rport=445 | protocol=6 | dir=out | app=system |
"{0437DC06-DAED-461B-A1BA-308F8382495B}" = lport=445 | protocol=6 | dir=in | app=system |
"{044347C3-F21C-4838-9078-088B5D3621AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{107337FB-AA13-49FE-A028-C490F43301D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{13BAE2E2-F5F3-40B2-83A2-DC9BB8DCF688}" = lport=138 | protocol=17 | dir=in | app=system |
"{1C6A9B1F-3876-45F5-868E-C5601D4E93B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2370B78A-C419-4515-8825-97989E49DFD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2AABEA4D-AA45-4A40-9F9F-067CDF57FA11}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3DEBEE30-37DA-4DC2-95D6-C55541730DAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D8A64AF-6EDD-4416-B12F-760896603637}" = rport=137 | protocol=17 | dir=out | app=system |
"{64F5522F-2825-4FCA-A4AC-B02C6B440592}" = lport=7437 | protocol=17 | dir=in | name=control center udp port |
"{73D29214-F13F-4791-A1A8-AE104E6B24F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{768D612A-4408-468F-9B88-31D92A48590D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7DA1BF92-FE27-4765-843E-52EAB8815E24}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82A12152-8C57-4FBD-A298-66CB921BCF24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9ECF89AF-D41F-4492-8310-EB49E5E924FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A260EE4B-0129-4304-8128-AA4AC825CFA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A89A529A-FA3F-4EFB-A493-2F483C01FAF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A978A990-DAF7-4CA4-9D02-7FB891101B60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCCC4492-77E6-418F-9C10-D5582051F996}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0639E8B-F539-49B5-B606-BC8F4D98DB26}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C60E1A34-612F-4CD9-B715-E2FFF7AF5507}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9383557-B324-4678-95CD-00A10AD23839}" = lport=137 | protocol=17 | dir=in | app=system |
"{CD6B5E0F-26A7-474C-B6BB-91D789D80CD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D5512926-3BFF-46AC-890C-023E5D1ECC2E}" = lport=3240 | protocol=17 | dir=in | name=tp-link usb print service |
"{DDC80B36-4BEE-43BC-BF77-1CE85E3281A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E0F145FB-2C37-4BA5-AA80-49AA382E5B61}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E353614E-E9AC-4A20-9A3F-8D39CD408063}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EF7FDC62-0911-4792-BB03-1E9F29DE225B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F6AFBA54-4D83-4414-B327-24904CC8D387}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CE9266-22F6-4E00-B7A0-7C29FD8B8DBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0983F77B-FD06-4015-9264-9AA586E2BBC1}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{0B6F7A75-F9A5-4570-BF40-E23D02829572}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16A1DBF3-A9DD-4467-97C3-12F84EAE404B}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{195E4E2F-36F7-4A4C-AFA4-BDA17979A7C1}" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe |
"{19C4DA07-FFE8-41D9-A761-ECA30B01CF9D}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{1B8D37AD-0A98-44DA-9E62-01460F46E861}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D3FFF4B-89DB-472B-9C84-A4AF1E662891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{315DBB0D-95CE-461D-B063-F184AE58B669}" = protocol=58 | dir=in | app=system |
"{32EFB4DF-6FE3-4F2C-8AA5-BDEDF96A58E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BA0A00A-2A42-48EB-A1BC-97E0EB13F701}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{3D18BDB1-3B1B-4D1C-B9C9-1FDD2B3D1F89}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{3F29C4BC-6A4A-4753-81F5-400FC2D8651D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3F782562-2179-4C18-904B-0A3058540C2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40FB6F6F-4C10-4125-814E-295077592AAE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{41E77854-FFB8-41DD-A2AF-281B822EFBFA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{47164F25-91BB-475E-98A4-D4B4C2E86389}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{48ADE850-5FDE-44FF-9C44-31FD04D2C010}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{4C0D562F-9C9A-46C5-8D27-E8074FDF6FAA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4CBC1933-D53C-4D2A-92D1-21A303CFBDDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4CDC3F07-F4FE-444A-802A-23C962CE7A6D}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{51065A62-E5CE-4139-BE1E-952A4648791F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{54DCBBAD-5B84-48D3-B8F0-16F610820357}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{574E0327-C0AE-45EF-B2BB-03B4E220E3D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{61D53D8C-9996-482E-BC8A-68B8E261F5EE}" = protocol=6 | dir=in | app=g:\easysetupassistant\tl-wdr4300\easysetupassistant.exe |
"{667ACB07-4999-4DFA-AAEF-00F7D576563D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A908D45-20B2-494E-A598-F63C38F6AA97}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{734FF14E-6163-411A-AF52-EE8DD1B448A2}" = protocol=6 | dir=out | app=system |
"{73E11193-3A61-477E-A7FC-35EDEE2CF80B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EE044C6-B653-4660-B1F5-153B7D4F6C79}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{7F40CF6F-E750-4D39-A7DE-D4470327084B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8C9FD93B-5AA8-41B1-A34A-00F459B1F00C}" = protocol=6 | dir=in | app=c:\program files\tp-link\usb printer controller\usb printer controller.exe |
"{9615FDEF-D814-41B0-94D9-4B54493FD0FE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{962C5EA6-D7E3-4746-9A1C-0AE3D6ED99C9}" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe |
"{991EBEA1-5654-4D9E-BD23-025388A9DB6F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A33C1733-1D1B-496D-8D56-C2D439D12576}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B00A282E-C444-480F-A8FC-E2EE2144904A}" = protocol=6 | dir=in | app=g:\alicesetup.exe |
"{BE673887-ACB5-4130-B9DB-3DA87F4D0429}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C400B8E6-88E9-48BA-BCB1-403CBAA7A584}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4070154-004F-4843-8397-04B825C1560C}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{C4AA2F64-8CDD-4690-8CFD-A6B839013150}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C565A1C9-CFFB-49CC-8035-DA2A7753B455}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{CDF8077B-7CD4-4F75-B511-46EFEBBFB037}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{D36EFF87-ECC5-4DCC-A683-6F89C9AFB516}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9552CDA-D1C0-44B9-9CFD-ACA076881142}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE3B4018-87FA-4EEA-BD17-029F7DDD8CF0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8D11D24-D475-447E-AB4A-0FFDDCCE405F}" = protocol=17 | dir=in | app=g:\alicesetup.exe |
"{EBF3DADE-AD5A-407D-98EE-E6909AF6FEE0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EC484A62-A702-467C-8F07-40EA2A844180}" = protocol=17 | dir=in | app=c:\program files\tp-link\usb printer controller\usb printer controller.exe |
"{EC5FDF68-5CC3-41A6-B07C-CB86588FB6B4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F01F5F0B-D6B0-4ACB-AFAE-321C2D42FB44}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0AD47DF-D482-49A8-B04F-BF9C13ED225D}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{F246DE01-7996-4697-856C-84E3A314C290}" = protocol=6 | dir=in | app=c:\program files\airport\apagent.exe |
"{F3CA71CA-51D8-472C-B706-66B408DA8BCB}" = protocol=17 | dir=in | app=g:\easysetupassistant\tl-wdr4300\easysetupassistant.exe |
"TCP Query User{027E2733-2FAF-405A-AA1E-1253F6C4BBAC}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"TCP Query User{05A1F74E-F505-4297-8B06-CA4B733A9DF4}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{208146A3-D63C-4DEB-A6CE-4F8E76A826C1}C:\program files\tp-link\usb printer controller\usb printer controller.exe" = protocol=6 | dir=in | app=c:\program files\tp-link\usb printer controller\usb printer controller.exe |
"TCP Query User{3492B820-A81F-44CF-BE19-777A0EA9F5F4}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{5DB91740-2774-466D-9133-FE45BED66300}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"TCP Query User{67EBFD5E-B551-4B96-8535-1CDCF5731473}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{705A532A-405C-49F8-BE0E-348F4FB890EA}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe |
"TCP Query User{72DF15D7-7C1E-4363-9BE9-19BBD9B59231}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"TCP Query User{79A397DE-F98B-41ED-91E4-EEDC5428FA6C}G:\easysetupassistant\tl-wdr4300\easysetupassistant.exe" = protocol=6 | dir=in | app=g:\easysetupassistant\tl-wdr4300\easysetupassistant.exe |
"TCP Query User{819E3AAC-D776-455D-8BC3-5D86C1892FC6}C:\users\***\downloads\tinyumbrella-6.14.00.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\tinyumbrella-6.14.00.exe |
"TCP Query User{87FAC5D1-1A9F-4B83-822D-E28A52A767AE}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8A051DF5-EA3D-4BE3-96EE-92F048D281A0}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{A4E23201-C060-47D2-84B2-4BC742D3417A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AF44BEB2-CBF5-4BDE-88EE-C5E6D126A24C}G:\usb print service client setup\tl-wdr4300\usb printer setup wizard.exe" = protocol=6 | dir=in | app=g:\usb print service client setup\tl-wdr4300\usb printer setup wizard.exe |
"TCP Query User{C31347D3-DAA4-4500-B4D0-84919973C544}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe |
"TCP Query User{C78C2D50-26C3-480F-9E0B-3EE2AB0C2DBB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DAB3E02A-F0A6-4E66-945F-61EE7ED4DC81}C:\program files\ibm\spss\smartreader\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\smartreader\19\jre\bin\javaw.exe |
"UDP Query User{0500BA70-D5CE-463F-B95E-532CB768DA19}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"UDP Query User{06A5F3F4-D03E-4429-994F-CF78F3BC7A20}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0F5CA654-B324-4057-849F-CCCBF2C49F0F}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"UDP Query User{11F2619A-40FF-490D-828F-3519D9ADA26C}C:\program files\ibm\spss\smartreader\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\smartreader\19\jre\bin\javaw.exe |
"UDP Query User{3E1713F8-1625-49AD-AEA9-DC3C2854E7BA}G:\easysetupassistant\tl-wdr4300\easysetupassistant.exe" = protocol=17 | dir=in | app=g:\easysetupassistant\tl-wdr4300\easysetupassistant.exe |
"UDP Query User{430D804D-0F56-4B00-9E65-6CAD16079D65}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{602655F2-C48C-4F43-A29C-49A41BDBADE8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{66252508-382D-4BA2-95E2-63B6561F71A9}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{849E57D0-F63B-4BFD-8334-B73D664F89B9}G:\usb print service client setup\tl-wdr4300\usb printer setup wizard.exe" = protocol=17 | dir=in | app=g:\usb print service client setup\tl-wdr4300\usb printer setup wizard.exe |
"UDP Query User{9CE822FD-BD52-476E-8DD3-71018966EEA5}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"UDP Query User{A26F51EB-0605-4F8C-BCE2-063C136532E4}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe |
"UDP Query User{A63BD71D-3BA2-4663-92DC-7512C80D7334}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{ADA8ED26-BCCC-4B4A-BC1B-AAA008D239D9}C:\users\***\downloads\tinyumbrella-6.14.00.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\tinyumbrella-6.14.00.exe |
"UDP Query User{B66A877C-54F9-4742-92CD-DC3B5F31B801}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe |
"UDP Query User{BFB49C7E-3E1E-4E65-8DBA-81B7965A0D18}C:\program files\tp-link\usb printer controller\usb printer controller.exe" = protocol=17 | dir=in | app=c:\program files\tp-link\usb printer controller\usb printer controller.exe |
"UDP Query User{C576DD9B-2FE4-407D-97DC-7E5AA9423E65}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{F7F2DCC2-D9B5-4CE8-8563-68A9096AB760}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi-Software
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{479016BF-5B8D-445F-BE15-A187F25D81C8}" = ThinkVantage Fingerprint Software
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E86E575-2B04-4FEC-ADA3-72D47CB4777C}" = Cortona3D Viewer
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58C50F5A-B7E2-4149-8911-B14CEC825F57}" = IBM SPSS Amos 20
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{9202762E-4B4C-48C9-A6CC-C27F9F85190A}" = Mobile Broadband Connect
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C38FC27A-C586-44F6-A47D-6193FB3024AB}" = Prezi Desktop
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.48
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1948A23-737D-47E0-823A-199F6E86D1EA}" = TP-LINK USB Printer Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EF0D5825-2FDE-4F02-9B92-A4DB1D7599C8}" = IBM SPSS Smartreader 19
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fa2dd0a9-2170-4b78-b577-f2f4d9375055}" = Nero 9 Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"098EBB26BF07167AB12D1575EC24F883F9435E59" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows-Treiberpaket - Intel (HECI) System  (09/17/2009 6.0.0.1179)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"5C7A2989588CD51E7DBF313D9E4B7DB4F66AE192" = Windows-Treiberpaket - Intel (e1kexpress) Net  (12/10/2009 11.5.10.0)
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
"ElsterFormular" = ElsterFormular
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
"FileZilla Client" = FileZilla Client 3.0.11
"FormatFactory" = FormatFactory 2.60
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"loadtbs-2.1" = loadtbs-2.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MP3-Cutter" = MP3-Cutter
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0
"Nvu_is1" = Nvu 1.0
"Office14.SingleImage" = Microsoft Office Professional 2010
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Riva FLV Player_is1" = Riva FLV Player
"SeaMonkey 2.14.1 (x86 de)" = SeaMonkey 2.14.1 (x86 de)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mediencenter" = Mediencenter 3.7.0.2204
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.06.2013 12:01:40 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 11.06.2013 12:01:40 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 11.06.2013 12:02:46 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 11.06.2013 12:03:08 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 11.06.2013 12:03:09 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 11.06.2013 12:13:23 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 11.06.2013 13:19:25 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 11.06.2013 13:45:34 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 11.06.2013 14:21:20 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 12.06.2013 01:30:18 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 27.02.2011 09:38:14 | Computer Name = ***-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
 Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 25.06.2012 04:23:05 | Computer Name = ***-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
 Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
[ Media Center Events ]
Error - 30.09.2012 06:43:10 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 12:43:10 - Fehler beim Herstellen der Internetverbindung.  12:43:10
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 06:43:18 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 12:43:15 - Fehler beim Herstellen der Internetverbindung.  12:43:15
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 07:47:58 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 13:47:58 - Fehler beim Herstellen der Internetverbindung.  13:47:58
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 07:48:04 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 13:48:03 - Fehler beim Herstellen der Internetverbindung.  13:48:03
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 12:41:32 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 18:41:32 - Fehler beim Herstellen der Internetverbindung.  18:41:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 12:41:38 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 18:41:38 - Fehler beim Herstellen der Internetverbindung.  18:41:38
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.10.2012 08:09:55 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 14:09:55 - Fehler beim Herstellen der Internetverbindung.  14:09:55
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.10.2012 08:10:06 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 14:10:00 - Fehler beim Herstellen der Internetverbindung.  14:10:00
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 09.10.2012 09:30:32 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 15:30:32 - Fehler beim Herstellen der Internetverbindung.  15:30:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.10.2012 05:46:36 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 10:46:32 - Fehler beim Herstellen der Internetverbindung.  10:46:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 11.06.2013 14:08:42 | Computer Name = ***-THINK | Source = DCOM | ID = 10010
Description =
 
Error - 11.06.2013 14:16:07 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 11.06.2013 14:17:33 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 11.06.2013 14:17:55 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 11.06.2013 17:55:14 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 11.06.2013 17:58:08 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 11.06.2013 18:04:02 | Computer Name = ***-THINK | Source = DCOM | ID = 10010
Description =
 
Error - 12.06.2013 01:24:04 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 12.06.2013 01:25:30 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 12.06.2013 01:26:03 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
 
< End of report >
--- --- ---


[/CODE]

smeenk 12.06.2013 10:46
Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    emptyclsid;
    chromelook;
    fsutil reparsepoint delete C:\Windows\$NtUninstallKB65152$;b
    remove C:\Windows\$NtUninstallKB65152$ "%temp%\NtUninstallKB65152";b
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
    "SweetIM"=-;r
    "Sweetpacks Communicator"=-;r
    autoclean;
    startupall;
    filesrcm;
    firefoxlook;
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log

vivarium 12.06.2013 18:03
hey. danke!
das läuft jetzt schon seit du gepostet hast. ist das "normal", dass es so lange dauert?

lg

smeenk 12.06.2013 18:13
Nein eine Scan mit Zoek sollte nicht länger dann etwa 30 minuten dauern.

Mach mal eine Neustart und erstelle nachher eine neue Log-Datei mit OTL.
Poste mir bitte diese neue Log :)

vivarium 12.06.2013 18:23
okay. mach ich.

jetzt habe ich den neustart gemacht. hier steht beim start: der papierkorb auf c: ist beschädigt. Möchten Sie den Papierkorb für dieses Laufwerk leeren?

Sagt dir das was?
Ich dachte ich frage erstmal, bevor ich das mache. Soll ich leeren?

smeenk 12.06.2013 18:51
Versuch es mal, vielleicht wird das Problem automatisch behoben

vivarium 12.06.2013 18:55
okay. danke.
der otl-scan läuft jetzt...

OTL Logfile:
Code:
OTL logfile created on: 12.06.2013 19:55:24 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 50,62% Memory free
5,85 Gb Paging File | 3,63 Gb Available in Paging File | 62,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,33 Gb Total Space | 61,77 Gb Free Space | 13,60% Space Free | Partition Type: NTFS
Drive Q: | 10,25 Gb Total Space | 5,07 Gb Free Space | 49,43% Space Free | Partition Type: NTFS
 
Computer Name: ***-THINK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
PRC - C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\GFilterSvc.exe ()
PRC - C:\Windows\System32\vaultsvd.exe ()
PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
PRC - C:\Programme\TP-LINK\USB Printer Controller\USB Printer Controller.exe ()
PRC - C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (Authentec Inc.)
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Synaptics\Scrybe\scrybe.exe (Synaptics Incorporated)
PRC - C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
MOD - c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\TP-LINK\USB Printer Controller\USB Printer Controller.exe ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (GFilterSvc) -- C:\Windows\System32\GFilterSvc.exe ()
SRV - (ucsvc32) -- C:\Windows\System32\vaultsvd.exe ()
SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (ScrybeUpdater) -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (SmbDrvI) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\Netwsn00.sys (Intel Corporation)
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (TPLINKUDSMBus) -- C:\Windows\System32\drivers\TPLINKUDSMBus.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (TPLINKUDSTcpBus) -- C:\Windows\System32\drivers\TPLINKUDSTcpBus.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (5U877) -- C:\Windows\System32\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (pmxdrv) -- C:\Windows\System32\drivers\pmxdrv.sys ()
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (TurboB) -- C:\Windows\System32\drivers\TurboB.sys ()
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117unic) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {E668679A-8755-47E1-B2EE-49D9FA828DB8}
IE - HKLM\..\SearchScopes\{E668679A-8755-47E1-B2EE-49D9FA828DB8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ncr
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_pcp_3712_2&babsrc=SP_ss&mntrId=ea7941b1000000000000000000000000
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes\{A8945019-18BA-4ECC-B55E-160FD84D07CE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.25
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.02.28 16:46:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.01.03 23:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.14.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2012.12.22 00:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.14.1\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2013.05.17 13:27:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F74D5734-46F5-4B16-96F0-1E7FBF41B750}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2012.09.11 08:25:25 | 000,000,000 | ---D | M]
 
[2013.05.16 21:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.31 20:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.29 22:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2013.05.16 21:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4j4b4ll7.default\extensions
[2013.04.10 16:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\actxcumy.default\extensions
[2013.04.10 16:46:20 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\mozilla\SeaMonkey\Profiles\actxcumy.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.02.28 20:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.06 21:02:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.02.28 16:46:33 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2010.08.09 16:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files\mozilla firefox\plugins\npCortona.dll
[2012.04.02 10:51:29 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.09.15 19:43:53 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.04.26 10:54:51 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.08.12 10:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ShareazaWebSearch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Cortona3D Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Search Widget [aNTP] = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgndnbcojepcnagnllkapelleekeiil\1.2.7_0\
CHR - Extension: eBay.de = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbgbiabfdfeimjdoldhaomkcoppild\1.1_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Search by Image (by Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0\
CHR - Extension: Classic = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: eBay Deutschland = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeldiheickbpmkhmkgcpefjhkpjghki\1.0_0\
CHR - Extension: Erweiterung \RSS-Abonnement\ (von Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\
CHR - Extension: LEO W\u00F6rterbuchsuche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.4_0\
CHR - Extension: Google Quick Scroll = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2_0\
CHR - Extension: Instagram for Chrome = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.5.4_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0\
CHR - Extension: Google Reader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Search Widget [aNTP] = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgndnbcojepcnagnllkapelleekeiil\1.2.7_0\
CHR - Extension: eBay.de = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbgbiabfdfeimjdoldhaomkcoppild\1.1_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Search by Image (by Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0\
CHR - Extension: Classic = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: eBay Deutschland = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeldiheickbpmkhmkgcpefjhkpjghki\1.0_0\
CHR - Extension: Erweiterung \RSS-Abonnement\ (von Google) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\
CHR - Extension: LEO W\u00F6rterbuchsuche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.4_0\
CHR - Extension: Google Quick Scroll = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2_0\
CHR - Extension: Instagram for Chrome = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.5.4_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0\
CHR - Extension: Google Reader = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.06.10 12:04:44 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (SwissAcademic.Citavi.Picker.IEPicker) - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (Microsoft Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\***\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Programme\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TP-Link USB Printer Controller] C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe ()
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk = C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E46B758-E4D6-4596-807B-A57756BA850A}: NameServer = 212.23.115.148 212.23.115.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B51B8BBA-E8CB-4983-B6B7-846F9F533C63}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3510700-6A5A-4F8C-9078-2C97D0DBAB0B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5546EB2-46D7-4844-A476-1441BA3CB4D3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.12 19:27:06 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Settings
[2013.06.12 14:08:31 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.12 14:08:31 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.12 14:05:36 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.12 14:05:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.06.12 14:05:36 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.12 14:05:35 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.12 14:05:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.12 14:05:34 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.06.12 14:05:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.06.12 14:05:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.06.12 07:34:40 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.06.12 07:34:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.12 07:34:14 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 07:34:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 07:33:57 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.12 07:33:56 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.10 13:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.06.10 09:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.10 09:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.10 09:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.10 09:49:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\redsn0w
[2013.05.30 14:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2013.05.30 14:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2013.05.17 13:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.05.16 08:43:12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 08:43:11 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 08:43:04 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 08:42:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.16 08:42:56 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.14 17:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.05.14 17:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\TP-LINK
[2013.05.14 14:41:54 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.14 14:41:54 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.14 14:41:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.14 14:41:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.14 14:41:54 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.14 14:41:53 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.14 14:41:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.14 14:41:53 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.14 14:41:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.14 14:41:52 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.14 14:41:52 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.14 14:41:52 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.14 14:41:52 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.14 14:41:52 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.14 14:41:52 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.14 14:41:52 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.14 14:41:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.14 14:41:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.14 14:41:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.14 14:41:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.14 14:41:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.14 14:41:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.14 14:41:51 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.14 14:41:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.14 14:41:51 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.14 14:41:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[21 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.12 19:35:39 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 19:35:39 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.12 19:32:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.12 19:31:30 | 017,676,526 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.12 19:31:30 | 005,630,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.12 19:31:30 | 000,336,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.12 19:31:30 | 000,052,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.12 19:27:15 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.12 19:26:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.12 19:26:44 | 2355,892,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.12 19:22:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2424265513-2494307364-3588977769-1000UA.job
[2013.06.12 14:15:12 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.12 09:22:09 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2424265513-2494307364-3588977769-1000Core.job
[2013.06.10 13:52:45 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.10 12:46:13 | 000,001,122 | ---- | M] () -- C:\Users\***\Desktop\Continue Codec Pack Installation.lnk
[2013.06.10 12:04:44 | 000,000,054 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.10 12:04:44 | 000,000,053 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2013.06.10 11:53:28 | 253,340,786 | ---- | M] () -- C:\Users\***\Desktop\iPhone1,2_3.1.2_7D11_Restore.ipsw
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.05 11:58:10 | 000,183,228 | ---- | M] () -- C:\Users\***\Desktop\Reklamation_***.pdf
[2013.05.31 10:04:35 | 000,005,693 | ---- | M] () -- C:\Users\***\Desktop\Anschreiben_20130531100342.pdf
[2013.05.31 10:00:00 | 000,016,766 | ---- | M] () -- C:\Users\***\Desktop\komprimierte Steuererklärung_ESt2012_***_Robert_Maximilian.pdf
[2013.05.30 14:12:09 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.05.17 13:26:03 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.17 12:31:16 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.05.17 08:52:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2013.05.17 03:26:04 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.17 03:25:33 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.17 03:25:27 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.17 03:25:27 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.17 03:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.17 03:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.17 03:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 13:57:38 | 000,462,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 08:57:12 | 000,204,091 | ---- | M] () -- C:\Users\***\Desktop\Einladung 1305.pdf
[2013.05.14 17:31:47 | 000,120,438 | ---- | M] () -- C:\Users\***\Documents\TP
[2013.05.14 17:17:19 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\USB Printer Controller.lnk
[2013.05.14 14:41:54 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.14 14:41:54 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.14 14:41:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.14 14:41:54 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.14 14:41:54 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.14 14:41:54 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.14 14:41:53 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.14 14:41:53 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.14 14:41:53 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.14 14:41:52 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.14 14:41:52 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.14 14:41:52 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.14 14:41:52 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.14 14:41:52 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.14 14:41:52 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.14 14:41:52 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.14 14:41:52 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.14 14:41:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.14 14:41:52 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.14 14:41:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.14 14:41:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.14 14:41:52 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.14 14:41:52 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.14 14:41:52 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.14 14:41:51 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.14 14:41:51 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.14 14:41:51 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.05.14 13:38:33 | 008,258,048 | ---- | M] () -- C:\Users\***\Desktop\wdr4300v1_en_3_13_23_up_boot(120810).bin
[2013.05.14 12:22:24 | 008,126,464 | ---- | M] () -- C:\Users\***\Desktop\wdr4300v1_en_3_13_31_up(130319).bin
[2013.05.14 10:40:13 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[21 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.10 15:44:28 | 253,340,786 | ---- | C] () -- C:\Users\***\Desktop\iPhone1,2_3.1.2_7D11_Restore.ipsw
[2013.06.10 12:46:13 | 000,001,122 | ---- | C] () -- C:\Users\***\Desktop\Continue Codec Pack Installation.lnk
[2013.06.10 09:59:10 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.05 11:58:07 | 000,183,228 | ---- | C] () -- C:\Users\***\Desktop\Reklamation_***.pdf
[2013.05.31 10:04:35 | 000,005,693 | ---- | C] () -- C:\Users\***\Desktop\Anschreiben_20130531100342.pdf
[2013.05.31 09:59:59 | 000,016,766 | ---- | C] () -- C:\Users\***\Desktop\komprimierte Steuererklärung_ESt2012_***_Robert_Maximilian.pdf
[2013.05.30 14:12:09 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.05.17 13:26:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.17 13:26:03 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.17 07:22:17 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2013.05.16 08:57:12 | 000,204,091 | ---- | C] () -- C:\Users\***\Desktop\Einladung 1305.pdf
[2013.05.14 17:28:40 | 000,120,438 | ---- | C] () -- C:\Users\***\Documents\TP
[2013.05.14 17:17:19 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\USB Printer Controller.lnk
[2013.05.14 14:41:52 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.05.02 18:28:23 | 000,115,613 | ---- | C] () -- C:\Users\***\20130502_Kündigung Sicherheitspaket Unitymedia.jpg
[2013.01.14 22:14:08 | 000,001,495 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.09.15 19:43:37 | 000,093,696 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2012.09.15 19:43:35 | 000,065,024 | ---- | C] () -- C:\Windows\System32\vaultsvd.exe
[2012.09.11 08:20:12 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2012.09.11 08:12:09 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.09.11 08:12:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.09.11 08:12:07 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.09.11 08:12:05 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2011.12.19 23:02:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2011.10.17 10:19:36 | 000,096,256 | ---- | C] () -- C:\Windows\FunambolAddin.dll
[2011.05.17 13:07:27 | 037,211,611 | ---- | C] () -- C:\Users\***\04 Halt dich an mir fest (Duett Vers [Hohe Qualität und Größe].wmv
[2011.05.11 18:26:38 | 001,612,243 | ---- | C] () -- C:\Users\***\Romantische Beziehungen I Dimensionen der Liebe und Narzissmus (2).pdf
[2011.04.26 13:24:36 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010.12.21 23:28:42 | 000,001,454 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.12.06 10:31:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.30 19:11:54 | 000,009,728 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.07.18 11:28:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.09.15 19:43:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.09.06 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.06.18 17:54:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.06.18 17:53:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.30 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2013.01.01 13:27:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ExpressFiles
[2013.04.14 19:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.04.26 11:02:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FrostWire
[2011.08.02 14:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Funambol
[2012.02.23 09:20:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC
[2011.05.26 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.01.05 13:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LaPrivate
[2010.11.19 22:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo
[2012.04.02 10:51:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs
[2011.10.23 17:39:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2010.11.29 20:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu
[2012.08.20 22:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook
[2011.06.05 15:49:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2012.09.11 09:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2013.06.10 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w
[2011.02.13 15:10:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SecondLife
[2011.02.28 16:59:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2012.01.15 18:58:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics
[2013.04.05 08:36:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telekom
[2010.12.31 20:03:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.01.05 14:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.07.23 13:40:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.06.05 14:41:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Update
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB65152$] ->  -> Unknown point type

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 12.06.2013 19:55:24 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 50,62% Memory free
5,85 Gb Paging File | 3,63 Gb Available in Paging File | 62,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,33 Gb Total Space | 61,77 Gb Free Space | 13,60% Space Free | Partition Type: NTFS
Drive Q: | 10,25 Gb Total Space | 5,07 Gb Free Space | 49,43% Space Free | Partition Type: NTFS
 
Computer Name: ***-THINK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DD1C08-29A0-4C0A-B1B2-545C8B0E089D}" = rport=445 | protocol=6 | dir=out | app=system |
"{0437DC06-DAED-461B-A1BA-308F8382495B}" = lport=445 | protocol=6 | dir=in | app=system |
"{044347C3-F21C-4838-9078-088B5D3621AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{107337FB-AA13-49FE-A028-C490F43301D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{13BAE2E2-F5F3-40B2-83A2-DC9BB8DCF688}" = lport=138 | protocol=17 | dir=in | app=system |
"{1C6A9B1F-3876-45F5-868E-C5601D4E93B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2370B78A-C419-4515-8825-97989E49DFD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2AABEA4D-AA45-4A40-9F9F-067CDF57FA11}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3DEBEE30-37DA-4DC2-95D6-C55541730DAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D8A64AF-6EDD-4416-B12F-760896603637}" = rport=137 | protocol=17 | dir=out | app=system |
"{64F5522F-2825-4FCA-A4AC-B02C6B440592}" = lport=7437 | protocol=17 | dir=in | name=control center udp port |
"{73D29214-F13F-4791-A1A8-AE104E6B24F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{768D612A-4408-468F-9B88-31D92A48590D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7DA1BF92-FE27-4765-843E-52EAB8815E24}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82A12152-8C57-4FBD-A298-66CB921BCF24}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9ECF89AF-D41F-4492-8310-EB49E5E924FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A260EE4B-0129-4304-8128-AA4AC825CFA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A89A529A-FA3F-4EFB-A493-2F483C01FAF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A978A990-DAF7-4CA4-9D02-7FB891101B60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCCC4492-77E6-418F-9C10-D5582051F996}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0639E8B-F539-49B5-B606-BC8F4D98DB26}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C60E1A34-612F-4CD9-B715-E2FFF7AF5507}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9383557-B324-4678-95CD-00A10AD23839}" = lport=137 | protocol=17 | dir=in | app=system |
"{CD6B5E0F-26A7-474C-B6BB-91D789D80CD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D5512926-3BFF-46AC-890C-023E5D1ECC2E}" = lport=3240 | protocol=17 | dir=in | name=tp-link usb print service |
"{DDC80B36-4BEE-43BC-BF77-1CE85E3281A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E0F145FB-2C37-4BA5-AA80-49AA382E5B61}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E353614E-E9AC-4A20-9A3F-8D39CD408063}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EF7FDC62-0911-4792-BB03-1E9F29DE225B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F6AFBA54-4D83-4414-B327-24904CC8D387}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CE9266-22F6-4E00-B7A0-7C29FD8B8DBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0983F77B-FD06-4015-9264-9AA586E2BBC1}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{0B6F7A75-F9A5-4570-BF40-E23D02829572}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16A1DBF3-A9DD-4467-97C3-12F84EAE404B}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{195E4E2F-36F7-4A4C-AFA4-BDA17979A7C1}" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe |
"{19C4DA07-FFE8-41D9-A761-ECA30B01CF9D}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{1B8D37AD-0A98-44DA-9E62-01460F46E861}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D3FFF4B-89DB-472B-9C84-A4AF1E662891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{315DBB0D-95CE-461D-B063-F184AE58B669}" = protocol=58 | dir=in | app=system |
"{32EFB4DF-6FE3-4F2C-8AA5-BDEDF96A58E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BA0A00A-2A42-48EB-A1BC-97E0EB13F701}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{3D18BDB1-3B1B-4D1C-B9C9-1FDD2B3D1F89}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{3F29C4BC-6A4A-4753-81F5-400FC2D8651D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3F782562-2179-4C18-904B-0A3058540C2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40FB6F6F-4C10-4125-814E-295077592AAE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{41E77854-FFB8-41DD-A2AF-281B822EFBFA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{47164F25-91BB-475E-98A4-D4B4C2E86389}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{48ADE850-5FDE-44FF-9C44-31FD04D2C010}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{4C0D562F-9C9A-46C5-8D27-E8074FDF6FAA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4CBC1933-D53C-4D2A-92D1-21A303CFBDDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4CDC3F07-F4FE-444A-802A-23C962CE7A6D}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{51065A62-E5CE-4139-BE1E-952A4648791F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{54DCBBAD-5B84-48D3-B8F0-16F610820357}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{574E0327-C0AE-45EF-B2BB-03B4E220E3D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{61D53D8C-9996-482E-BC8A-68B8E261F5EE}" = protocol=6 | dir=in | app=g:\easysetupassistant\tl-wdr4300\easysetupassistant.exe |
"{667ACB07-4999-4DFA-AAEF-00F7D576563D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A908D45-20B2-494E-A598-F63C38F6AA97}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{734FF14E-6163-411A-AF52-EE8DD1B448A2}" = protocol=6 | dir=out | app=system |
"{73E11193-3A61-477E-A7FC-35EDEE2CF80B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EE044C6-B653-4660-B1F5-153B7D4F6C79}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{7F40CF6F-E750-4D39-A7DE-D4470327084B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8C9FD93B-5AA8-41B1-A34A-00F459B1F00C}" = protocol=6 | dir=in | app=c:\program files\tp-link\usb printer controller\usb printer controller.exe |
"{9615FDEF-D814-41B0-94D9-4B54493FD0FE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{962C5EA6-D7E3-4746-9A1C-0AE3D6ED99C9}" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe |
"{991EBEA1-5654-4D9E-BD23-025388A9DB6F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A33C1733-1D1B-496D-8D56-C2D439D12576}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B00A282E-C444-480F-A8FC-E2EE2144904A}" = protocol=6 | dir=in | app=g:\alicesetup.exe |
"{BE673887-ACB5-4130-B9DB-3DA87F4D0429}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C400B8E6-88E9-48BA-BCB1-403CBAA7A584}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4070154-004F-4843-8397-04B825C1560C}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{C4AA2F64-8CDD-4690-8CFD-A6B839013150}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C565A1C9-CFFB-49CC-8035-DA2A7753B455}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{CDF8077B-7CD4-4F75-B511-46EFEBBFB037}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{D36EFF87-ECC5-4DCC-A683-6F89C9AFB516}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9552CDA-D1C0-44B9-9CFD-ACA076881142}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE3B4018-87FA-4EEA-BD17-029F7DDD8CF0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8D11D24-D475-447E-AB4A-0FFDDCCE405F}" = protocol=17 | dir=in | app=g:\alicesetup.exe |
"{EBF3DADE-AD5A-407D-98EE-E6909AF6FEE0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EC484A62-A702-467C-8F07-40EA2A844180}" = protocol=17 | dir=in | app=c:\program files\tp-link\usb printer controller\usb printer controller.exe |
"{EC5FDF68-5CC3-41A6-B07C-CB86588FB6B4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F01F5F0B-D6B0-4ACB-AFAE-321C2D42FB44}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0AD47DF-D482-49A8-B04F-BF9C13ED225D}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{F246DE01-7996-4697-856C-84E3A314C290}" = protocol=6 | dir=in | app=c:\program files\airport\apagent.exe |
"{F3CA71CA-51D8-472C-B706-66B408DA8BCB}" = protocol=17 | dir=in | app=g:\easysetupassistant\tl-wdr4300\easysetupassistant.exe |
"TCP Query User{027E2733-2FAF-405A-AA1E-1253F6C4BBAC}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"TCP Query User{05A1F74E-F505-4297-8B06-CA4B733A9DF4}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{208146A3-D63C-4DEB-A6CE-4F8E76A826C1}C:\program files\tp-link\usb printer controller\usb printer controller.exe" = protocol=6 | dir=in | app=c:\program files\tp-link\usb printer controller\usb printer controller.exe |
"TCP Query User{3492B820-A81F-44CF-BE19-777A0EA9F5F4}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{5DB91740-2774-466D-9133-FE45BED66300}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"TCP Query User{67EBFD5E-B551-4B96-8535-1CDCF5731473}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{705A532A-405C-49F8-BE0E-348F4FB890EA}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe |
"TCP Query User{72DF15D7-7C1E-4363-9BE9-19BBD9B59231}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"TCP Query User{79A397DE-F98B-41ED-91E4-EEDC5428FA6C}G:\easysetupassistant\tl-wdr4300\easysetupassistant.exe" = protocol=6 | dir=in | app=g:\easysetupassistant\tl-wdr4300\easysetupassistant.exe |
"TCP Query User{819E3AAC-D776-455D-8BC3-5D86C1892FC6}C:\users\***\downloads\tinyumbrella-6.14.00.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\tinyumbrella-6.14.00.exe |
"TCP Query User{87FAC5D1-1A9F-4B83-822D-E28A52A767AE}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8A051DF5-EA3D-4BE3-96EE-92F048D281A0}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{A4E23201-C060-47D2-84B2-4BC742D3417A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AF44BEB2-CBF5-4BDE-88EE-C5E6D126A24C}G:\usb print service client setup\tl-wdr4300\usb printer setup wizard.exe" = protocol=6 | dir=in | app=g:\usb print service client setup\tl-wdr4300\usb printer setup wizard.exe |
"TCP Query User{C31347D3-DAA4-4500-B4D0-84919973C544}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe |
"TCP Query User{C78C2D50-26C3-480F-9E0B-3EE2AB0C2DBB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DAB3E02A-F0A6-4E66-945F-61EE7ED4DC81}C:\program files\ibm\spss\smartreader\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\smartreader\19\jre\bin\javaw.exe |
"UDP Query User{0500BA70-D5CE-463F-B95E-532CB768DA19}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"UDP Query User{06A5F3F4-D03E-4429-994F-CF78F3BC7A20}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0F5CA654-B324-4057-849F-CCCBF2C49F0F}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"UDP Query User{11F2619A-40FF-490D-828F-3519D9ADA26C}C:\program files\ibm\spss\smartreader\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\smartreader\19\jre\bin\javaw.exe |
"UDP Query User{3E1713F8-1625-49AD-AEA9-DC3C2854E7BA}G:\easysetupassistant\tl-wdr4300\easysetupassistant.exe" = protocol=17 | dir=in | app=g:\easysetupassistant\tl-wdr4300\easysetupassistant.exe |
"UDP Query User{430D804D-0F56-4B00-9E65-6CAD16079D65}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{602655F2-C48C-4F43-A29C-49A41BDBADE8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{66252508-382D-4BA2-95E2-63B6561F71A9}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{849E57D0-F63B-4BFD-8334-B73D664F89B9}G:\usb print service client setup\tl-wdr4300\usb printer setup wizard.exe" = protocol=17 | dir=in | app=g:\usb print service client setup\tl-wdr4300\usb printer setup wizard.exe |
"UDP Query User{9CE822FD-BD52-476E-8DD3-71018966EEA5}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"UDP Query User{A26F51EB-0605-4F8C-BCE2-063C136532E4}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe |
"UDP Query User{A63BD71D-3BA2-4663-92DC-7512C80D7334}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{ADA8ED26-BCCC-4B4A-BC1B-AAA008D239D9}C:\users\***\downloads\tinyumbrella-6.14.00.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\tinyumbrella-6.14.00.exe |
"UDP Query User{B66A877C-54F9-4742-92CD-DC3B5F31B801}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe |
"UDP Query User{BFB49C7E-3E1E-4E65-8DBA-81B7965A0D18}C:\program files\tp-link\usb printer controller\usb printer controller.exe" = protocol=17 | dir=in | app=c:\program files\tp-link\usb printer controller\usb printer controller.exe |
"UDP Query User{C576DD9B-2FE4-407D-97DC-7E5AA9423E65}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{F7F2DCC2-D9B5-4CE8-8563-68A9096AB760}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi-Software
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{479016BF-5B8D-445F-BE15-A187F25D81C8}" = ThinkVantage Fingerprint Software
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E86E575-2B04-4FEC-ADA3-72D47CB4777C}" = Cortona3D Viewer
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58C50F5A-B7E2-4149-8911-B14CEC825F57}" = IBM SPSS Amos 20
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{9202762E-4B4C-48C9-A6CC-C27F9F85190A}" = Mobile Broadband Connect
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C38FC27A-C586-44F6-A47D-6193FB3024AB}" = Prezi Desktop
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.48
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1948A23-737D-47E0-823A-199F6E86D1EA}" = TP-LINK USB Printer Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EF0D5825-2FDE-4F02-9B92-A4DB1D7599C8}" = IBM SPSS Smartreader 19
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fa2dd0a9-2170-4b78-b577-f2f4d9375055}" = Nero 9 Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"098EBB26BF07167AB12D1575EC24F883F9435E59" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows-Treiberpaket - Intel (HECI) System  (09/17/2009 6.0.0.1179)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"5C7A2989588CD51E7DBF313D9E4B7DB4F66AE192" = Windows-Treiberpaket - Intel (e1kexpress) Net  (12/10/2009 11.5.10.0)
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
"ElsterFormular" = ElsterFormular
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
"FileZilla Client" = FileZilla Client 3.0.11
"FormatFactory" = FormatFactory 2.60
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"loadtbs-2.1" = loadtbs-2.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MP3-Cutter" = MP3-Cutter
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0
"Nvu_is1" = Nvu 1.0
"Office14.SingleImage" = Microsoft Office Professional 2010
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Riva FLV Player_is1" = Riva FLV Player
"SeaMonkey 2.14.1 (x86 de)" = SeaMonkey 2.14.1 (x86 de)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mediencenter" = Mediencenter 3.7.0.2204
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.06.2013 13:45:34 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 11.06.2013 14:21:20 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 12.06.2013 01:30:18 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 12.06.2013 06:03:34 | Computer Name = ***-THINK | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack200.exe"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 12.06.2013 06:03:45 | Computer Name = ***-THINK | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 12.06.2013 06:05:18 | Computer Name = ***-THINK | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dll".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Smartreader\19\JRE\bin\unpack.dll"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 12.06.2013 06:05:45 | Computer Name = ***-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.06.2013 08:22:03 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 12.06.2013 11:00:44 | Computer Name = ***-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swxcacls.exe, Version: 1.0.2.1, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: swxcacls.exe, Version: 1.0.2.1, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004b42  ID des fehlerhaften Prozesses:
 0x181c  Startzeit der fehlerhaften Anwendung: 0x01ce676c3ea4bdc3  Pfad der fehlerhaften
 Anwendung: C:\Users\***\AppData\Local\Temp\swxcacls.exe  Pfad des fehlerhaften
 Moduls: C:\Users\***\AppData\Local\Temp\swxcacls.exe  Berichtskennung: daa02589-d370-11e2-898d-70f395445e99
 
Error - 12.06.2013 13:31:30 | Computer Name = ***-THINK | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 27.02.2011 09:38:14 | Computer Name = ***-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
 Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 25.06.2012 04:23:05 | Computer Name = ***-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
 Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
[ Media Center Events ]
Error - 30.09.2012 06:43:10 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 12:43:10 - Fehler beim Herstellen der Internetverbindung.  12:43:10
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 06:43:18 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 12:43:15 - Fehler beim Herstellen der Internetverbindung.  12:43:15
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 07:47:58 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 13:47:58 - Fehler beim Herstellen der Internetverbindung.  13:47:58
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 07:48:04 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 13:48:03 - Fehler beim Herstellen der Internetverbindung.  13:48:03
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 12:41:32 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 18:41:32 - Fehler beim Herstellen der Internetverbindung.  18:41:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.09.2012 12:41:38 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 18:41:38 - Fehler beim Herstellen der Internetverbindung.  18:41:38
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.10.2012 08:09:55 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 14:09:55 - Fehler beim Herstellen der Internetverbindung.  14:09:55
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.10.2012 08:10:06 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 14:10:00 - Fehler beim Herstellen der Internetverbindung.  14:10:00
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 09.10.2012 09:30:32 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 15:30:32 - Fehler beim Herstellen der Internetverbindung.  15:30:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.10.2012 05:46:36 | Computer Name = ***-THINK | Source = MCUpdate | ID = 0
Description = 10:46:32 - Fehler beim Herstellen der Internetverbindung.  10:46:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 12.06.2013 01:25:30 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 12.06.2013 01:26:03 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 12.06.2013 08:04:20 | Computer Name = ***-THINK | Source = DCOM | ID = 10010
Description =
 
Error - 12.06.2013 08:15:42 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 12.06.2013 08:17:16 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 12.06.2013 08:18:05 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 12.06.2013 13:23:50 | Computer Name = ***-THINK | Source = DCOM | ID = 10010
Description =
 
Error - 12.06.2013 13:27:06 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 12.06.2013 13:28:32 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 12.06.2013 13:29:08 | Computer Name = ***-THINK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
 
< End of report >
--- --- ---


[/CODE]

smeenk 12.06.2013 19:43
Code:
:OTL
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
MOD - C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
MOD - c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_pcp_3712_2&babsrc=SP_ss&mntrId=ea7941b1000000000000000000000000
[2012.04.02 10:51:29 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.09.15 19:43:53 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.04.26 10:54:51 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.08.12 10:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ShareazaWebSearch.xml
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\***\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
:services
:files
:reg
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

vivarium 12.06.2013 20:29
Als nächstes mache ich dann wie oben beschrieben weiter. hier schon mal die datei vom desktop

Code:
All processes killed
Error: Unable to interpret <:OTL SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () MOD - C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () MOD - c:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000 IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000 IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchSco> in the current context!
Error: Unable to interpret <pes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_pcp_3712_2&babsrc=SP_ss&mntrId=ea7941b1000000000000000000000000 [2012.04.02 10:51:29 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.09.15 19:43:53 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.04.26 10:54:51 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2010.08.12 10:21:06 | 000,002,510 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ShareazaWebSearch.xml CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll O3 - HKLM\..\Tool> in the current context!
Error: Unable to interpret <bar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\***\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2424265513-2494307364-3588977769-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) :services :files :reg :Commands [purity] [emptytemp] > in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 06122013_212044

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Das Programm lief die ganze Zeit (blaues Fenster). Habe nicht am PC gearbeitet. Keine Datei erschienen. Wlan-Verbindung brach ab, so dass ich Neustart gemacht habe.

Soll ich das Programm noch mal laufen lassen?

Das Programm combofix lief die ganze Zeit (blaues Fenster). Habe nicht am PC gearbeitet. Keine Datei erschienen. Wlan-Verbindung brach ab, so dass ich Neustart gemacht habe.

Soll ich das Programm noch mal laufen lassen?

smeenk 12.06.2013 21:39
Versuche Zoek.exe noch ein mal.
Kopiere folgende Kode im Fenster ein:
Code:
standardsearch;
Drucke nachher auf "Run Script".

vivarium 12.06.2013 21:54
Diesmal hat zoek.exe funktioniert. Hier das Ergebnis.

Code:

Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by *** on 12.06.2013 at 22:41:11,78.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results12.06.2013-1454.log        213 bytes

==== Possible Rootkit Infection ======================

C:\Windows\$NtUninstallKB65152$\674048338\U

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\winlogon.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\GFilterSvc.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\system32\vaultsvd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Lenovo\Access Connections\ACTray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\Scrybe\scrybe.exe
C:\Users\***\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\***\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k HsfXAudioService

==== System Specs ======================

Windows: Windows XP Professional Service Pack 2 (Build 2600)
Memory (RAM): 2996 MB
CPU Info: Intel(R) Core(TM) i5 CPU      M 520  @ 2.40GHz
CPU Speed: 2393,3 MHz
Sound Card: Lautsprecher (Conexant 20585 Sm |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; ThinkPad Display 1600x900 |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Intel(R) Centrino(R) Advanced-N 6200 AGN | Intel(R) 82577LM Gigabit Network Connection | Bluetooth-Gerät (PAN)
CD / DVD Drives: 1x (G: | ) G: Optiarc DVD RW AD-7700H
Ports: COM3 | COM6 | COM5 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  454,3GB | Q:  10,3GB
Hard Disks - Free: C:  61,4GB | Q:  5,1GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 09/23/10 | LENOVO - 1340
Time Zone: Mitteleuropäische Zeit
Motherboard *: LENOVO 4349W1P
Internet Explorer Version: 10.0.9200.16618
Sun Java version: 1.7.0_07
Country: Deutschland
Language: DEU

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-06-12 19:34:24        F042EE4C8D66248D9B86DCF52ABAE416        256000        ----a-w-        C:\Windows\PEV.exe
2013-06-12 19:34:24        9E05A9C264C8A908A8E79450FCBFF047        80412        ----a-w-        C:\Windows\grep.exe
2013-06-12 19:34:24        5E832F4FAF5F481F2EAF3B3A48F603B8        68096        ----a-w-        C:\Windows\zip.exe
2013-06-12 19:34:24        0297C72529807322B152F517FDB0A9FC        406528        ----a-w-        C:\Windows\SWSC.exe
2013-06-12 19:34:24        0277C027A26428DB64EF4F64F52BB4FD        208896        ----a-w-        C:\Windows\MBR.exe
====== C:\Users\***\AppData\Local\Temp ====
2013-06-12 19:37:14        2F8F1D62382AD78ACEB22C4E22C5EC59        53248        ----a-w-        C:\Users\***\AppData\Local\Temp\catchme.dll
2013-06-10 10:46:08        FC97F7D7B15DF2617BBE11AEAFBBD50D        774080        ----a-w-        C:\Users\***\AppData\Local\Temp\ICReinstall_CodecPack.exe
====== C:\Windows\system32 =====
2013-06-12 12:08:31        F67B1B348CBBCB60DAEC276712582E8C        2706432        ----a-w-        C:\Windows\System32\mshtml.tlb
2013-06-12 12:08:31        B3DC4D1658093C1E486CA9F22180BECF        1141248        ----a-w-        C:\Windows\System32\urlmon.dll
2013-06-12 12:08:31        5E2D9C88284AA3BECF15BEA0920A1903        391168        ----a-w-        C:\Windows\System32\ieui.dll
2013-06-12 12:08:29        FCA0837B2739C044EEC00AF0DDD73FFC        13760512        ----a-w-        C:\Windows\System32\ieframe.dll
2013-06-12 12:08:27        F383B1AD5D7FDC1ACB0D900B50572F8D        2046976        ----a-w-        C:\Windows\System32\iertutil.dll
2013-06-12 12:08:27        05920BD009621D06722A1CD339DA6481        14327808        ----a-w-        C:\Windows\System32\mshtml.dll
2013-06-12 12:05:38        091C7153A1292F19BE34FAC07FFF12EC        690688        ----a-w-        C:\Windows\System32\jscript.dll
2013-06-12 12:05:36        A10E7B582DEA86572510CB73CCCECA34        61440        ----a-w-        C:\Windows\System32\iesetup.dll
2013-06-12 12:05:36        97FA62873FF759574B20DF39FF22CC27        2877440        ----a-w-        C:\Windows\System32\jscript9.dll
2013-06-12 12:05:36        4395AC0BC02009AFAAB01368BA38AF30        39424        ----a-w-        C:\Windows\System32\jsproxy.dll
2013-06-12 12:05:35        0FEED965B909BA2D210CE78C21626A69        493056        ----a-w-        C:\Windows\System32\msfeeds.dll
2013-06-12 12:05:34        DD09C65E52F3D5574F9774EE0D4DAA57        33280        ----a-w-        C:\Windows\System32\iernonce.dll
2013-06-12 12:05:34        CE3EC9D85ED88ED4AD948B90BB9ED31D        71680        ----a-w-        C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 12:05:34        64DF9B793072A53F245515E08D8F5E37        42496        ----a-w-        C:\Windows\System32\ie4uinit.exe
2013-06-12 12:05:33        9593EA1AE5F39C1174B532213D47664B        109056        ----a-w-        C:\Windows\System32\iesysprep.dll
2013-06-12 12:05:31        2473CA6595A2659D7039A4A89FECA269        1767936        ----a-w-        C:\Windows\System32\wininet.dll
2013-06-12 05:34:40        6DE66FE7C526637E74CD066461C7C871        1505280        ----a-w-        C:\Windows\System32\d3d11.dll
2013-06-12 05:34:36        45FBAFFA68CBC29AC2563985CEE72B9C        24576        ----a-w-        C:\Windows\System32\cryptdlg.dll
2013-06-12 05:34:25        FC415B303B1ECF80B5F130A1F7203D02        492544        ----a-w-        C:\Windows\System32\win32spl.dll
2013-06-12 05:34:14        0D52559AEF4AA5EAC82F530617032283        903168        ----a-w-        C:\Windows\System32\certutil.exe
2013-06-12 05:34:13        92245C959E5BC378809D2CC5E9F6E9C7        1160192        ----a-w-        C:\Windows\System32\crypt32.dll
2013-06-12 05:34:13        8A8B277067C22F4BF6AA9A31692FC4D3        103936        ----a-w-        C:\Windows\System32\cryptnet.dll
2013-06-12 05:34:12        CC917AC4D3F8756FF13174980B474791        43008        ----a-w-        C:\Windows\System32\certenc.dll
2013-06-12 05:34:12        3897DFF247D9ED0006190349DE264E14        140288        ----a-w-        C:\Windows\System32\cryptsvc.dll
2013-06-12 05:33:58        5B2E4E90C04FB9AE9F2C5E99FF59B283        1230336        ----a-w-        C:\Windows\System32\WindowsCodecs.dll
2013-06-12 05:33:57        575DDD83B40880E1DEB48758673BDA71        3913576        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2013-06-12 05:33:56        3F63CF7DF313428CA9C5D1F410DF4645        3968872        ----a-w-        C:\Windows\System32\ntkrnlpa.exe
====== C:\Windows\system32\drivers =====
2013-06-12 05:33:54        D32FDAC73FCD76B85389C39BC1087F2A        1293672        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2013-06-10 07:59:05        185ADA973B5020655CEE342059A86CBB        26840        ----a-w-        C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-05-16 06:43:04        E405328A0E38BF823E2361C413283F6D        218984        ----a-w-        C:\Windows\System32\drivers\dxgmms1.sys
2013-05-16 06:43:04        16498EBC04AE9DD07049A8884B205C05        728424        ----a-w-        C:\Windows\System32\drivers\dxgkrnl.sys
====== C:\Windows\Tasks ======
2013-06-12 12:52:50        8D7C86906B8670AA12BFFF09ED214E5B        3138        ----a-w-        C:\Windows\system32\Tasks\{3D1B1DB5-FF62-4B9E-A79C-53C6F9A36A7B}
2013-05-17 05:22:17        885E8C2D509869F40B79A2B7EE6D208F        528        ----a-w-        C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2013-05-17 05:22:17        088ECC7AFBB9A53DDCB1662A3C050AD3        3376        ----a-w-        C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask-Delay
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-06-10 07:57:44        --------        d-----w-        C:\Program Files\iPod
2013-06-10 07:57:39        --------        d-----w-        C:\Program Files\iTunes
2013-05-30 12:11:48        --------        d-----w-        C:\Program Files\ElsterFormular
2013-05-17 11:25:49        --------        d-----w-        C:\Program Files\Common Files\Adobe
2013-05-14 15:17:17        --------        d-----w-        C:\Program Files\TP-LINK
======= C: =====
====== C:\Users\***\AppData\Roaming ======
2013-06-10 07:49:10        --------        d-----w-        C:\users\***\AppData\Roaming\redsn0w
====== C:\Users\*** ======
2013-06-12 07:58:19        4ADCFEE16EE9978F06157634669D36FB        602112        ----a-w-        C:\Users\***\Downloads\OTL.exe
2013-06-10 11:52:31        --------        d-----w-        C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-10 11:48:54        602D4D0C0146444D90BAE9201A8D9F97        89111376        ----a-w-        C:\Users\***\Downloads\iTunesSetup (3).exe
2013-06-10 10:45:04        FC97F7D7B15DF2617BBE11AEAFBBD50D        774080        ----a-w-        C:\Users\***\Downloads\CodecPack.exe
2013-06-10 09:50:16        251743DFD3FDA414570524BAC9E55381        50449456        ----a-w-        C:\Users\***\Downloads\dotNetFx40_Full_x86_x64.exe
2013-06-10 09:49:22        635D3950D813B96B7B624D81C9C5EF82        20214408        ----a-w-        C:\Users\***\Downloads\Windows-KB890830-V4.20.exe
2013-06-10 09:49:14        53406E9988306CBD4537677C5336ABA4        889416        ----a-w-        C:\Users\***\Downloads\dotNetFx40_Full_setup.exe
2013-06-10 09:25:22        9A29665529AD92F5FCF266D7E96B5169        2816512        ----a-w-        C:\Users\***\Downloads\tinyumbrella-6.14.00.exe
2013-06-10 07:59:10        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-05-30 12:12:08        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2013-05-30 12:08:32        F5EF6F76D2E5F281808079ABF64E3DCF        69486216        ----a-w-        C:\Users\***\Downloads\ElsterFormular-14.3.20130522p.exe
2013-05-14 15:17:19        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK

====== C: exe-files ==
2013-06-12 07:58:19        4ADCFEE16EE9978F06157634669D36FB        602112        ----a-w-        C:\Documents and Settings\***\Downloads\OTL.exe
2013-06-10 11:48:54        602D4D0C0146444D90BAE9201A8D9F97        89111376        ----a-w-        C:\Documents and Settings\***\Downloads\iTunesSetup (3).exe
2013-06-10 10:46:08        FC97F7D7B15DF2617BBE11AEAFBBD50D        774080        ----a-w-        C:\Documents and Settings\***\AppData\Local\Temp\ICReinstall_CodecPack.exe
2013-06-10 10:45:04        FC97F7D7B15DF2617BBE11AEAFBBD50D        774080        ----a-w-        C:\Documents and Settings\***\Downloads\CodecPack.exe
2013-06-10 09:50:16        251743DFD3FDA414570524BAC9E55381        50449456        ----a-w-        C:\Documents and Settings\***\Downloads\dotNetFx40_Full_x86_x64.exe
2013-06-10 09:49:22        635D3950D813B96B7B624D81C9C5EF82        20214408        ----a-w-        C:\Documents and Settings\***\Downloads\Windows-KB890830-V4.20.exe
2013-06-10 09:49:14        53406E9988306CBD4537677C5336ABA4        889416        ----a-w-        C:\Documents and Settings\***\Downloads\dotNetFx40_Full_setup.exe
2013-06-10 09:25:22        9A29665529AD92F5FCF266D7E96B5169        2816512        ----a-w-        C:\Documents and Settings\***\Downloads\tinyumbrella-6.14.00.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:42        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\All Users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 11.0.4.4\SetupAdmin.exe
2013-06-10 07:50:41        FEB21CC8A23452BE3F463E1143883E07        77136        ----a-w-        C:\Documents and Settings\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DC74SOPH\SetupAdmin[1].exe
2013-06-06 18:22:48        1EA998DE136184740B292FB9DCDD49AC        746848        ----a-w-        C:\Documents and Settings\***\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.110\27.0.1453.110_27.0.1453.94_chrome_updater.exe
2013-06-06 05:36:23        743F1A9EA5DDE7054CC3BA0FDE85BE6C        3334136        ----a-w-        C:\Documents and Settings\***\AppData\Local\Temp\908209415\wssetup.exe
=== C: other files ==
2013-06-10 13:41:48        76C95B2FE4767D2E404718E4370A6335        12463895        ----a-w-        C:\Documents and Settings\***\Downloads\redsn0w-win_0.9.4.zip
2013-06-10 11:43:32        23EFA482D0603AB4031C34C40E99CE7C        614616        ----a-w-        C:\Documents and Settings\***\Downloads\itunesmobiledevice.zip
2013-06-10 09:15:36        DBE8D96A48B08D90EB5C113141CBBE8F        480416        ----a-w-        C:\Documents and Settings\***\Downloads\RecBoot_1.3_Windows.zip
2013-06-10 09:06:10        1FAFC9F8C25A4E42839E1D0C34301F81        382853        ----a-w-        C:\Documents and Settings\***\Downloads\RecBoot_1.1_Windows.zip
2013-06-10 08:05:31        AF725D624F0F11A4DAF2FFBFB3EAD98D        16478098        ----a-w-        C:\Documents and Settings\***\Downloads\redsn0w_win_0.9.14b1 (1).zip
2013-06-10 07:47:42        AF725D624F0F11A4DAF2FFBFB3EAD98D        16478098        ----a-w-        C:\Documents and Settings\***\Downloads\redsn0w_win_0.9.14b1.zip

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RotateImage"="C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe"
"TpShocks"="TpShocks.exe"
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe silent"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ACTray"="C:\Program Files\Lenovo\Access Connections\ACTray.exe"
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe"
"Sweetpacks Communicator"="C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"
"TP-Link USB Printer Controller"="C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Akamai NetSession Interface"="\"C:\\Users\\***\\AppData\\Local\\Akamai\\netsession_win.exe\""
"Google Update"="\"C:\\Users\\***\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Message Center Plus"="C:\\Program Files\\LENOVO\\Message Center Plus\\MCPLaunch.exe /start"
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"AcWin7Hlpr"="C:\\Program Files\\Lenovo\\Access Connections\\AcTBenabler.exe"
"AirPort Base Station Agent"="\"C:\\Program Files\\AirPort\\APAgent.exe\""
"HTC Sync Loader"="\"C:\\Program Files\\HTC\\HTC Sync 3.0\\htcUPCTLoader.exe\" -startup"
"IgfxTray"="C:\\Windows\\system32\\igfxtray.exe"
"Persistence"="C:\\Windows\\system32\\igfxpers.exe"
"HotKeysCmds"="C:\\Windows\\system32\\hkcmd.exe"
"LENOVO.TPKNRRES"="C:\\Program Files\\Lenovo\\Communications Utility\\TPKNRRES.exe"
"MSC"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey"
"IMSS"="\"C:\\Program Files\\Intel\\Intel(R) Management Engine Components\\IMSS\\PIconStartup.exe\""
"RotateImage"="C:\\Program Files\\Integrated Camera Driver\\RCIMGDIR.exe"
"SmartAudio"="C:\\Program Files\\CONEXANT\\SAII\\SAIICpl.exe /t"
"ACTray"="C:\\Program Files\\Lenovo\\Access Connections\\ACTray.exe"
"TpShocks"="TpShocks.exe"
"PWMTRV"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWMTR32V.DLL,PwrMgrBkGndMonitor"
"cssauth"="\"C:\\Program Files\\Lenovo\\Client Security Solution\\cssauth.exe\" silent"
"SynTPEnh"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe"
"TPHOTKEY"="C:\\Program Files\\Lenovo\\HOTKEY\\TPOSDSVC.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""


==== Startup Folders ======================

2013-04-05 06:36:08        1156        ----a-w-        C:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
2012-01-15 16:41:33        2669        ------w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
2011-01-12 11:20:23        2641        ------w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15.08.2012 16:10]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undertermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2424265513-2494307364-3588977769-1000Core.job --a------ C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [16.09.2012 19:17]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2424265513-2494307364-3588977769-1000UA.job --a------ C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [16.09.2012 19:17]
C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job --a------ C:\Program Files\PC-Doctor\uaclauncher.exe [27.06.2011 17:54]
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job --a------ C:\Program Files\PC-Doctor\uaclauncher.exe [27.06.2011 17:54]
C:\Windows\tasks\SystemToolsDailyTest.job --a------ C:\Program Files\PC:-DoC:tor\uaC:launC:her.exe []

==== Firefox Extensions ======================

ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4j4b4ll7.default
- Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- DataMngr - %AppDir%\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

==== Firefox Plugins ======================

Profilepath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4j4b4ll7.default
D39C9C30478DAD291879949172A6A236        - C:\Program Files\Java\jre7\bin\npjpi170_07.dll -        Java(TM) Platform SE 7 U7
810DB3DB28E776DDE5BA380DDA37A0E3        - C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll -        Cortona3D Viewer
0A1FF0B674E2F268799442A434A63BB3        - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -        Windows Live? Photo Gallery
632F5B29E8C27631E7AC76E330FE2980        - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -        Java(TM) Platform SE 7 U7
AB87C54CA19675880B0CAE65B8AF140C        - C:\Windows\system32\npDeployJava1.dll -        Java Deployment Toolkit 7.0.70.11
270EE43CC00609B9937AAF94E1E970D4        - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -        iTunes Application Detector
E7BC792810EC02DD1F7ED25D830E9324        - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll -        Shockwave Flash
33B942EF84AE52DCF1C16A43DF4BB27A        - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll -        AmazonMP3DownloaderPlugin
3D928B3FE97C403A33F803B3D1A260C9        - C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll -        Google Update
8FEDB25FDCCFFDE9A3254351C2D3E532        - C:\Users\***\Desktop\Schreibtisch\20111215 Qimonda\QIMONDA\PortableApps\FirefoxPortable\App\Firefox\plugins\npnul32.dll -        Mozilla Default Plug-in
3D928B3FE97C403A33F803B3D1A260C9        - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll -        Google Update


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files\TornTV.com\torn11.crx[]
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[01.01.2013 13:22]
pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files\Gophoto.it\gophotoit14.crx[31.07.2012 13:58]

Google Search Widget [aNTP] - *** - Default\Extensions\amgndnbcojepcnagnllkapelleekeiil
eBay.de - *** - Default\Extensions\bdhbgbiabfdfeimjdoldhaomkcoppild
YouTube - *** - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Search by Image by Google - *** - Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Classic - *** - Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn
eBay Deutschland - *** - Default\Extensions\lpeldiheickbpmkhmkgcpefjhkpjghki
RSS Subscription Extension by Google - *** - Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd
LEO W\u00F6rterbuchsuche - *** - Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp
Google Quick Scroll - *** - Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc
Instagram for Chrome - *** - Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb
20-20 3D Viewer for IKEA - *** - Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp
Google Reader - *** - Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm
Gmail - *** - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/ncr"
"BrowserMngr Start Page"="hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000"
"bProtector Start Page"="hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=HP_ss&mntrId=ea7941b1000000000000000000000000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3712_2&babsrc=NT_ss&mntrId=ea7941b1000000000000000000000000"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Search the web (Babylon) Url="hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_pcp_3712_2&babsrc=SP_ss&mntrId=ea7941b1000000000000000000000000"
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Unknown  Url="Not_Found"
{A8945019-18BA-4ECC-B55E-160FD84D07CE} Yahoo//de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}"
{E668679A-8755-47E1-B2EE-49D9FA828DB8} Unknown  Url="Not_Found"

==== HijackThis Entries ======================

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\***\AppData\Roaming\loadtbs\toolbar.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\Lenovo\Access Connections\ACTray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [TP-Link USB Printer Controller] C:\Program Files\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Mediencenter.lnk = ***\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
O4 - Global Startup: Scrybe.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Citavi Picker... - file://C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (file missing)
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E46B758-E4D6-4596-807B-A57756BA850A}: NameServer = 212.23.115.148 212.23.115.132
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\PROGRA~2\BROWSE~1\261339~1.144\{16CDF~1\BROWSE~1.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: G-Filter Service (GFilterSvc) - Unknown owner - C:\Windows\System32\GFilterSvc.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Scrybe-Updateprogramm (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Intel(R) Management Ericsson (ucsvc32) - Unknown owner - C:\Windows\system32\vaultsvd.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

==== EOF on 12.06.2013 at 22:51:33,58 ======================
Das sollte ich doch posten? Oder?

smeenk 12.06.2013 22:16
Das wollte ich sehen :daumenhoc

Versuche Zoek.exe noch ein mal.
Kopiere folgende Kode im Fenster ein:
Code:
C:\Program Files\SweetIM;fs
C:\ProgramData\Browser Manager;fs
C:\Windows\$NtUninstallKB65152$;f
%appdata%\redsn0w;fs
%appdata%\loadtbs;fs
Browser Manager;s
{DFEFCDEE-CF1A-4FC8-88AD-129872198372};c
{D0F4A166-B8D4-48b8-9D63-80849FE137CB};c
%localappdata%\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847};fs
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main];r
"BrowserMngr Start Page"=-;r
"bProtector Start Page"=-;r
jbpkiefagocgkmemidfngdkamloieekf;chr
jcdgjdiieiljkfkdcloehkohchhpekkn;chr
pfmopbbadnfoelckkcmjjeaaegjpjjbk;chr
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"SweetIM"=-;r
"Sweetpacks Communicator"=-;r
C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433};fs
Drucke nachher auf "Run Script".

vivarium 12.06.2013 22:27
mache ich morgen vormittag. schaffe ich jetzt nicht mehr.
danke schon mal für die tolle hilfe. melde mich morgen dann wieder. LG und gute n8.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:38 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131