browser hijacked qvo6.com malware

[Benutzer]

Part 2 of OTL.txt
---------------------

========== Files Created - No Company Name ==========

[2013.07.02 01:50:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.02 01:50:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.02 01:50:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.02 01:50:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.02 01:50:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.30 23:55:45 | 000,000,786 | ---- | C] () -- C:\Users\HEF01\Desktop\Mein SugarSync.lnk
[2013.06.30 23:50:31 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync.lnk
[2013.06.30 23:50:31 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013.06.30 22:45:48 | 000,000,000 | -H-- | C] () -- C:\Users\HEF01\Documents\Default.rdp
[2013.06.22 17:12:31 | 353,889,239 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.19 22:13:26 | 000,002,102 | ---- | C] () -- C:\Users\HEF01\Desktop\SEPA Account Converter.lnk
[2013.06.15 11:08:10 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\ITN Converter.lnk
[2013.05.23 21:28:01 | 000,000,861 | ---- | C] () -- C:\Users\HEF01\AppData\Local\recently-used.xbel
[2013.05.04 00:50:01 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013.04.15 18:53:12 | 000,046,592 | ---- | C] () -- C:\Windows\System32\boost_thread-vc90-mt-1_47.dll
[2013.04.15 18:53:00 | 000,038,912 | ---- | C] () -- C:\Windows\System32\boost_date_time-vc90-mt-1_47.dll
[2013.04.15 18:52:44 | 000,227,840 | ---- | C] () -- C:\Windows\System32\boost_serialization-vc90-mt-1_47.dll
[2013.04.15 18:52:42 | 000,704,000 | ---- | C] () -- C:\Windows\System32\boost_regex-vc90-mt-1_47.dll
[2013.04.15 18:52:40 | 000,012,800 | ---- | C] () -- C:\Windows\System32\boost_system-vc90-mt-1_47.dll
[2013.04.15 18:52:24 | 000,130,048 | ---- | C] () -- C:\Windows\System32\boost_filesystem-vc90-mt-1_47.dll
[2013.04.03 20:49:41 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2013.03.23 18:11:03 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini
[2013.03.20 17:38:47 | 000,041,544 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2013.02.12 11:36:05 | 000,003,072 | ---- | C] () -- C:\ProgramData\keytemplate.db3
[2013.02.12 11:36:01 | 000,018,432 | ---- | C] () -- C:\ProgramData\schluesselverwaltung.db3
[2013.02.08 12:29:58 | 000,000,036 | ---- | C] () -- C:\Windows\Uniformula.ini
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.01.24 12:24:13 | 000,000,102 | ---- | C] () -- C:\Windows\{E3B99F3D-9856-482A-9048-305E28E2510C}.ini
[2013.01.01 17:56:59 | 000,000,021 | ---- | C] () -- C:\Windows\TemplateWizard.INI
[2012.11.24 22:25:02 | 000,000,078 | ---- | C] () -- C:\Users\HEF01\govello20.properties
[2012.11.07 16:10:28 | 000,000,373 | ---- | C] () -- C:\Windows\System32\CNCMFP20.INI
[2012.08.19 12:14:36 | 000,000,079 | ---- | C] () -- C:\Users\HEF01\AppData\Local\CrystalDiskMark30.ini
[2012.08.16 18:42:36 | 000,003,168 | ---- | C] () -- C:\Windows\System32\HI-epanelLSPService.ini
[2012.08.16 18:42:36 | 000,001,864 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2012.08.11 23:05:29 | 000,000,017 | ---- | C] () -- C:\Users\HEF01\AppData\Local\resmon.resmoncfg
[2012.06.16 00:40:14 | 000,011,489 | ---- | C] () -- C:\Users\HEF01\gsview32.ini
[2012.06.10 23:18:29 | 000,000,223 | ---- | C] () -- C:\Windows\KcMV3DGD.ini
[2012.06.10 23:13:29 | 000,002,259 | ---- | C] () -- C:\Users\HEF01\PRINTSERVER-NetTool.ini
[2012.05.28 13:29:08 | 000,002,048 | ---- | C] () -- C:\Windows\null.exe
[2012.05.16 10:41:18 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2011.09.04 21:05:06 | 000,000,001 | ---- | C] () -- C:\Users\HEF01\.SIG_PINSTATUS_VOREINSTELLUNG
[2011.09.04 21:05:06 | 000,000,001 | ---- | C] () -- C:\Users\HEF01\.SIG_DIALOG_VOREINSTELLUNG
[2011.04.18 05:33:13 | 000,010,752 | ---- | C] () -- C:\Users\HEF01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.07 20:17:52 | 000,646,848 | ---- | C] () -- C:\Users\HEF01\AppData\Local\wanancsp.dat
[2011.04.07 19:18:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.16 15:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.07.02 13:48:12 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Avery
[2013.06.02 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\AVM
[2011.04.13 12:21:20 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Broad Intelligence
[2011.04.09 13:24:51 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Buhl Data Service
[2013.01.30 15:22:50 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Bytemobile
[2012.12.14 01:10:35 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\calibre
[2012.12.16 16:07:18 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Canneverbe Limited
[2012.11.28 17:20:47 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Canon
[2013.03.23 18:11:37 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Chipcardmaster
[2013.04.06 00:45:31 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\com.amazon.music.uploader
[2013.07.02 02:15:03 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\convert
[2011.04.12 21:49:32 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\DataDesign
[2012.01.01 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\DoublePics
[2013.07.02 01:00:03 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Dropbox
[2012.06.07 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\DVDVideoSoft
[2013.05.29 11:49:01 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\eIntaller
[2011.11.02 23:47:10 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\elsterformular
[2013.06.26 01:40:14 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FileZilla
[2012.10.04 23:15:50 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FreeFileSync
[2013.05.04 02:19:36 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FRITZ!
[2013.05.02 01:19:47 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2013.01.17 13:57:48 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\GetRightToGo
[2013.03.14 23:15:15 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\GLS Vereinsmeister
[2011.05.10 16:16:26 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\ImgBurn
[2012.09.07 20:02:00 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\InterVideo
[2013.05.20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\IPCamWizard
[2011.05.15 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\IrfanView
[2012.02.02 23:57:09 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Lenovo
[2011.04.12 21:31:22 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Lexware
[2013.03.08 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Motorola
[2013.03.08 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Motorola Mobility
[2012.01.04 02:43:34 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\NetMeter
[2012.06.08 00:41:01 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Notepad++
[2011.04.26 19:20:39 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\OpenOffice.org
[2011.05.05 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\PCDr
[2011.04.20 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Philipp Winterberg
[2012.11.24 01:44:54 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\PrivateTunnel
[2011.04.21 22:16:23 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\PwrMgr
[2013.04.08 23:42:24 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\QcWizard
[2012.05.26 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\RavensburgerTipToi
[2013.04.17 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Samsung
[2011.04.16 11:57:13 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\SmartLine
[2011.04.15 21:44:22 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Softland
[2013.03.24 02:01:01 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Synaptics
[2013.06.12 18:37:33 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TeamViewer
[2012.09.08 00:09:56 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Telefónica
[2012.09.08 00:09:56 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TGCMLog
[2011.04.09 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Thunderbird
[2012.01.20 01:41:20 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Total Immersion
[2011.04.24 17:43:12 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TuneUp Software
[2012.05.16 10:56:03 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TwonkyMedia
[2012.08.01 23:43:59 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TwonkyServer
[2011.12.27 23:31:45 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Ulead Systems
[2011.04.13 11:38:27 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Uniblue
[2011.05.05 14:44:14 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Update
[2013.01.01 01:49:29 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Vodafone
[2012.12.22 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Windows Live Writer
[2012.06.23 16:18:20 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Wireshark
[2013.02.22 00:24:16 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\YCanPDF

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2010.01.05 07:00:49 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\PolicyDefinitions\de-DE\Explorer.adml
[2010.01.05 07:00:49 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_79e5ffbcdccafc09\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009.06.10 23:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009.06.10 23:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx

< MD5 for: EXPLORER.DMP >
[2012.04.23 14:03:33 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Users\Public\Lenovo\Access Connections\Explorer.dmp

< MD5 for: EXPLORER.EXE >
[2010.01.05 07:02:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2013.05.16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010.01.05 07:02:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2010.01.05 07:00:32 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\de-DE\explorer.exe.mui
[2010.01.05 07:00:32 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5cd80747e61754a0\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013.07.02 03:08:07 | 000,222,750 | ---- | M] () MD5=3620BDFEF8CBB3B3472C961C7AD6E744 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.BAT >
[2013.04.21 09:58:12 | 000,029,803 | ---- | M] () MD5=E4B95882FB080670179EA3605395889B -- C:\JRT\iexplore.bat

< MD5 for: IEXPLORE.EXE >
[2012.05.18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_b12560b1c817cfde\iexplore.exe
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Program Files\Internet Explorer\iexplore.exe
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\ERDNT\cache\iexplore.exe
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_ba6545dc65e543de\iexplore.exe
[2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_b1148f09c82553c5\iexplore.exe
[2012.05.18 00:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_b19f2c1ee1420ce6\iexplore.exe
[2012.10.08 10:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_b119907bc820d278\iexplore.exe
[2013.03.21 13:11:10 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_ba715a6a65dbf461\iexplore.exe
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
[2013.04.05 07:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_a39ee59e7f860811\iexplore.exe
[2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_b12660fbc816e935\iexplore.exe
[2013.05.17 03:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_a38c5d6c7f953fa9\iexplore.exe
[2012.08.24 09:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_b1a52ddae13ca4f0\iexplore.exe
[2013.01.09 00:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_b10dc045c829d512\iexplore.exe
[2011.04.09 23:39:23 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe
[2010.12.18 07:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_b3e23cc79f2c4cea\iexplore.exe
[2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_b1276145c816028c\iexplore.exe
[2013.02.25 01:52:40 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=A11C5E3E288256C540B7ED8BE3A04B01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_a39aa01e7f89ef98\iexplore.exe
[2013.02.02 06:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_b17dbc10e15b4762\iexplore.exe
[2010.12.18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_b384dff685ed56b3\iexplore.exe
[2013.04.05 08:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[2012.11.16 18:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=B201AF83DF2E85323E29EB83E4046810 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_b11b910fc81f0526\iexplore.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012.06.02 10:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_b1a12cb2e1403f94\iexplore.exe
[2012.11.16 05:08:47 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=C0BA71C1B3FB6E3DD432FF3CCAEBDC62 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_b1985d5ae1468e33\iexplore.exe
[2010.11.20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
[2012.10.08 10:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_b1955c7ce149422e\iexplore.exe
[2013.02.02 06:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_b0feef31c8358ba7\iexplore.exe
[2013.02.21 13:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_ba7371c665da0d6e\iexplore.exe
[2012.06.29 01:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_b1a22cfce13f58eb\iexplore.exe
[2013.01.08 23:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_b18b8cdae1507776\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2011.04.09 23:39:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=0272AAC78F0D1CC205B893CCF5835DC5 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_01f1be9610db4e6b\iexplore.exe.mui
[2011.04.09 23:39:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_aae2948effb95a30\iexplore.exe.mui
[2013.03.21 13:12:45 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui
[2013.03.21 13:12:45 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_0b2d19e8aeab2983\iexplore.exe.mui
[2013.03.21 13:11:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013.03.21 13:11:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
[2010.01.05 07:00:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=D74E70EF11B77E438111FE0C79AAFD97 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_de-de_0402b932ceea8ae4\iexplore.exe.mui
[2010.01.05 07:00:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=D74E70EF11B77E438111FE0C79AAFD97 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_0633ccfacbd90e7e\iexplore.exe.mui

< MD5 for: IEXPLORE.PNG >
[2011.07.18 08:46:32 | 000,016,619 | ---- | M] () MD5=2DC4DF31FA082FD9310B20F3F950432C -- C:\Program Files\Lenovo\SimpleTap\Add-ons\Lenovo\InternetExplorer\iexplore.png

< MD5 for: SERVICES >
[2012.08.15 17:51:44 | 002,497,591 | ---- | M] () MD5=644A5F77D534ABBF4EBABFB4128F925C -- C:\Program Files\Wireshark\services
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.ASFX >
[2012.09.23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012.09.23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744BA0000000010\11.0.0\services.cfg
[2013.05.11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.CNF >
[2001.09.25 22:48:16 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\HEF01\Documents\Eigene Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2013.04.22 05:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat

< MD5 for: SERVICES.DLL >
[2009.05.22 20:31:22 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\Program Files\Common Files\Lenovo\InvAgent\local\collect\services.dll
[2012.11.13 18:38:36 | 000,008,704 | ---- | M] () MD5=E41D70348B1B51C0C76B617EA572B105 -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll

< MD5 for: SERVICES.DLL.CONFIG >
[2012.11.01 18:05:50 | 000,000,305 | ---- | M] () MD5=126EB374FFE77DAA27113E5AD6307C0B -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll.config

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010.01.05 07:00:30 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5BB3A4AC670D245257DBA6C397DF2EEB -- C:\Windows\System32\de-DE\services.exe.mui
[2010.01.05 07:00:30 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5BB3A4AC670D245257DBA6C397DF2EEB -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c0e2c741986ab76d\services.exe.mui

< MD5 for: SERVICES.HTM >
[2013.06.12 15:27:07 | 000,010,020 | ---- | M] () MD5=3BB8966C4302BAB7B015A42792BDD688 -- C:\Users\HEF01\Documents\Websites\bmi25\www\services.htm
[2012.12.25 22:33:40 | 000,010,717 | ---- | M] () MD5=79C8C4D401F745689667453C4FE25745 -- C:\Users\HEF01\AppData\Local\VirtualStore\Program Files\1blu\1blu HomepageBuilder 2\onlineshop\services.htm
[2012.12.25 23:12:42 | 000,010,616 | ---- | M] () MD5=BD5449F06D2270FC459035DC9F1F84B8 -- C:\Users\HEF01\AppData\Local\VirtualStore\Program Files\1blu\homepage\services.htm

< MD5 for: SERVICES.HTML >
[1999.11.20 01:10:40 | 000,003,881 | ---- | M] () MD5=70AF558BFB9814F4C27BDEA2BECE06D7 -- C:\Users\HEF01\Documents\Websites\E DPC1\MG Dateien\MGF Dateien alt\MGF Platte\MGF-Web\Projects\bender\www.mgbspares.com\Services.html
[1999.08.10 05:49:52 | 000,006,829 | ---- | M] () MD5=7860035843CD461C946A1FC169337B33 -- C:\Users\HEF01\Documents\Websites\E DPC1\MG Dateien\MGF Dateien alt\MGF Platte\MGF-Web\Projects\bastian\www.mgcars.org.uk\mgcc\services.html
[1999.11.02 00:03:44 | 000,006,829 | ---- | M] () MD5=7860035843CD461C946A1FC169337B33 -- C:\Users\HEF01\Documents\Websites\E DPC1\MG Dateien\MGF Dateien alt\MGF Platte\MGF-Web\Projects\MGCC UK\www.mgcars.org.uk\mgcc\services.html

< MD5 for: SERVICES.JSP >
[2009.04.17 17:10:45 | 000,003,347 | ---- | M] () MD5=F6BC4DD21FC354287A1B1485CA13BDB5 -- C:\Users\HEF01\Documents\Websites\E DPC1\2005_10_EPC\System\Tomcat\server\webapps\admin\service\services.jsp
[2003.04.28 20:29:41 | 000,003,347 | ---- | M] () MD5=F6BC4DD21FC354287A1B1485CA13BDB5 -- C:\Users\HEF01\Documents\Websites\E DPC1\2005_EPC\System\Tomcat\server\webapps\admin\service\services.jsp

< MD5 for: SERVICES.LNK >
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010.01.05 07:00:29 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\System32\de-DE\services.msc
[2010.01.05 07:00:29 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.RDB >
[2012.08.13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012.08.13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012.08.10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SERVICES.SBS >
[2011.03.01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011.03.01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs
[2008.06.02 14:25:44 | 000,063,501 | ---- | M] () MD5=A6D9C8B376ED8833763A935D56514AC0 -- C:\Program Files\SDistTest\includes\Services.sbs

< MD5 for: SERVICES.SBS-20110301.CAB >
[2013.05.30 01:56:26 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab

< MD5 for: WINLOGON.ADML >
[2010.01.05 07:00:47 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\PolicyDefinitions\de-DE\WinLogon.adml
[2010.01.05 07:00:47 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ebe991b24f578375\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009.06.10 23:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009.06.10 23:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010.01.05 07:00:29 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6D27EDFB15F475065FC18EB7CFCDB683 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21de11b5768bfbe6\winlogon.exe.mui
[2010.11.20 14:01:15 | 000,026,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\de-DE\winlogon.exe.mui
[2010.11.20 14:01:15 | 000,026,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_de-de_240f257d737a7f80\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2010.01.05 07:00:30 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\System32\wbem\de-DE\winlogon.mfl
[2010.01.05 07:00:30 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7fa0638091c4557b\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009.07.13 22:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009.07.13 22:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013.05.30 12:35:55 | 000,013,864 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013.05.30 12:38:04 | 000,000,370 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010.11.20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009.07.21 08:20:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013.07.02 03:00:40 | 000,045,060 | ---- | M] () -- C:\ComboFix.txt
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013.05.06 18:13:26 | 000,000,136 | ---- | M] () -- C:\GPEapSim.log
[2013.07.02 02:33:11 | 2406,219,776 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2013.02.20 22:56:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002.01.05 04:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002.01.05 04:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2012.09.12 21:11:16 | 000,006,594 | ---- | M] () -- C:\MPMSetup.log
[2013.02.20 22:56:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002.01.05 03:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
[2002.01.05 03:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2009.10.22 18:35:30 | 000,000,618 | ---- | M] () -- C:\NetworkCfg.xml
[2013.07.02 02:33:10 | 3208,294,400 | -HS- | M] () -- C:\pagefile.sys
[2011.09.08 11:53:15 | 000,000,207 | ---- | M] () -- C:\setup.log
[2012.12.30 19:54:55 | 000,000,024 | ---- | M] () -- C:\SISHashTodo
[2012.12.30 19:54:55 | 000,002,440 | ---- | M] () -- C:\SISTodo
[2013.07.01 22:45:52 | 000,174,712 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_01.07.2013_21.50.38_log.txt
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011.04.13 16:04:52 | 000,004,201 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2009.07.14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012.09.12 16:57:44 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2012.11.07 13:37:25 | 000,001,686 | -HS- | M] () -- C:\Users\HEF01\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Datentr„ger in Laufwerk C: ist Windows7_OS
Volumeseriennummer: 16C0-7A55
Verzeichnis von C:\
14.07.2009 06:53 <VERBINDUNG> Documents and Settings [C:\Users]
28.10.2010 14:58 <VERBINDUNG> Dokumente und Einstellungen [C:\Users]
28.10.2010 14:58 <VERBINDUNG> Programme [C:\Program Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files
28.10.2010 14:58 <VERBINDUNG> Gemeinsame Dateien [C:\Program Files\Common Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files\Windows NT
28.10.2010 14:58 <VERBINDUNG> Zubeh”r [C:\Program Files\Windows NT\Accessories]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Desktop [C:\Users\Public\Desktop]
14.07.2009 06:53 <VERBINDUNG> Documents [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Dokumente [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Favorites [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
28.10.2010 14:58 <VERBINDUNG> Startmen� [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 06:53 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates]
28.10.2010 14:58 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
28.10.2010 14:58 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPG-Fibu
28.02.2013 13:11 <VERBINDUNG> SPG-Fibu Anleitungen [\??\c:\spg\spg-fibu\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPG-Verein
16.06.2012 11:37 <VERBINDUNG> SPG-Verein Anleitungen [\??\C:\Users\HEF01\Documents\BVSG\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users
14.07.2009 06:53 <SYMLINKD> All Users [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Default User [C:\Users\Default]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Desktop [C:\Users\Public\Desktop]
14.07.2009 06:53 <VERBINDUNG> Documents [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Dokumente [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Favorites [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
28.10.2010 14:58 <VERBINDUNG> Startmen� [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 06:53 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates]
28.10.2010 14:58 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu
28.10.2010 14:58 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SPG-Fibu
28.02.2013 13:11 <VERBINDUNG> SPG-Fibu Anleitungen [\??\c:\spg\spg-fibu\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SPG-Verein
16.06.2012 11:37 <VERBINDUNG> SPG-Verein Anleitungen [\??\C:\Users\HEF01\Documents\BVSG\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Roaming]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Roaming]
28.10.2010 14:58 <VERBINDUNG> Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
28.10.2010 14:58 <VERBINDUNG> Eigene Dateien [C:\Users\Default\Documents]
14.07.2009 06:53 <VERBINDUNG> Local Settings [C:\Users\Default\AppData\Local]
28.10.2010 14:58 <VERBINDUNG> Lokale Einstellungen [C:\Users\Default\AppData\Local]
14.07.2009 06:53 <VERBINDUNG> My Documents [C:\Users\Default\Documents]
14.07.2009 06:53 <VERBINDUNG> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
28.10.2010 14:58 <VERBINDUNG> Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009 06:53 <VERBINDUNG> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009 06:53 <VERBINDUNG> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009 06:53 <VERBINDUNG> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009 06:53 <VERBINDUNG> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
28.10.2010 14:58 <VERBINDUNG> Startmen� [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009 06:53 <VERBINDUNG> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
28.10.2010 14:58 <VERBINDUNG> Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Local
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Local]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Local]
14.07.2009 06:53 <VERBINDUNG> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009 06:53 <VERBINDUNG> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
28.10.2010 14:58 <VERBINDUNG> Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
28.10.2010 14:58 <VERBINDUNG> Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\Documents
28.10.2010 14:58 <VERBINDUNG> Eigene Bilder [C:\Users\Default\Pictures]
28.10.2010 14:58 <VERBINDUNG> Eigene Musik [C:\Users\Default\Music]
28.10.2010 14:58 <VERBINDUNG> Eigene Videos [C:\Users\Default\Videos]
14.07.2009 06:53 <VERBINDUNG> My Music [C:\Users\Default\Music]
14.07.2009 06:53 <VERBINDUNG> My Pictures [C:\Users\Default\Pictures]
14.07.2009 06:53 <VERBINDUNG> My Videos [C:\Users\Default\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01
07.04.2011 17:04 <VERBINDUNG> Anwendungsdaten [C:\Users\HEF01\AppData\Roaming]
07.04.2011 17:04 <VERBINDUNG> Cookies [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Cookies]
07.04.2011 17:04 <VERBINDUNG> Druckumgebung [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07.04.2011 17:04 <VERBINDUNG> Eigene Dateien [C:\Users\HEF01\Documents]
07.04.2011 17:04 <VERBINDUNG> Lokale Einstellungen [C:\Users\HEF01\AppData\Local]
07.04.2011 17:04 <VERBINDUNG> Netzwerkumgebung [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07.04.2011 17:04 <VERBINDUNG> Recent [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Recent]
07.04.2011 17:04 <VERBINDUNG> SendTo [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\SendTo]
07.04.2011 17:04 <VERBINDUNG> Startmen� [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu]
07.04.2011 17:04 <VERBINDUNG> Vorlagen [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01\AppData\Local
07.04.2011 17:04 <VERBINDUNG> Anwendungsdaten [C:\Users\HEF01\AppData\Local]
07.04.2011 17:04 <VERBINDUNG> Temporary Internet Files [C:\Users\HEF01\AppData\Local\Microsoft\Windows\Temporary Internet Files]
07.04.2011 17:04 <VERBINDUNG> Verlauf [C:\Users\HEF01\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu
07.04.2011 17:04 <VERBINDUNG> Programme [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01\Documents
07.04.2011 17:04 <VERBINDUNG> Eigene Bilder [C:\Users\HEF01\Pictures]
07.04.2011 17:04 <VERBINDUNG> Eigene Musik [C:\Users\HEF01\Music]
07.04.2011 17:04 <VERBINDUNG> Eigene Videos [C:\Users\HEF01\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Public\Documents
28.10.2010 14:58 <VERBINDUNG> Eigene Bilder [C:\Users\Public\Pictures]
28.10.2010 14:58 <VERBINDUNG> Eigene Musik [C:\Users\Public\Music]
28.10.2010 14:58 <VERBINDUNG> Eigene Videos [C:\Users\Public\Videos]
14.07.2009 06:53 <VERBINDUNG> My Music [C:\Users\Public\Music]
14.07.2009 06:53 <VERBINDUNG> My Pictures [C:\Users\Public\Pictures]
14.07.2009 06:53 <VERBINDUNG> My Videos [C:\Users\Public\Videos]
0 Datei(en), 0 Bytes
Anzahl der angezeigten Dateien:
0 Datei(en), 0 Bytes
86 Verzeichnis(se), 443.905.892.352 Bytes frei

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011.04.09 23:42:25 | 000,000,221 | -HS- | M] () -- C:\Users\HEF01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013.05.30 13:51:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HEF01\Desktop\OTL.exe
[2013.02.12 18:14:45 | 001,239,976 | ---- | M] (Microsoft Corporation) -- C:\Users\HEF01\Desktop\wlsetup-web.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2011.12.19 03:04:46 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-07-02 09:06:52

< End of report >

[oldman960]

Hi Benutzer,

Are you still getting the qvo6.com?

No you didn't do anything wrong. OTL only produces an Extra.txt the first time it's ran.

This should get us a new Extra.txt

Please open OTL.

• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, click the None button near the top (it may looked greyed out)
  
• In the Extra Registry section check All
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, Extra.Txt. Please post this log.

[Benutzer]

Hi Oldman960,

yes, it's stil there. On start of IE and also when starting Firefox a tab gets added with that.
Also, beside of the slowish system I realised a problem with the standard windos explorer. No idea whether it's related to that malware problem.
On mouse right button click to any folder in the explorer left window the Explorer frequently stalls and crashes instead of opening the context menu.
However after own research i read that such problem happend to other user recently when playing with cloud drives. So may have nothing to do with the qvo6.com malware.

Anyway, this is the EXTRA.txt
-----------------------------
OTL Extras logfile created on: 03.07.2013 15:09:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HEF01\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 29,98% Memory free
5,97 Gb Paging File | 3,02 Gb Available in Paging File | 50,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 687,71 Gb Total Space | 413,12 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 9,76 Gb Total Space | 2,99 Gb Free Space | 30,68% Space Free | Partition Type: NTFS

Computer Name: HEF01-THINK | User Name: HEF01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB7519-0DB5-4313-963D-73A6CB27DC79}" = lport=2066 | protocol=17 | dir=in | name=avm usb udp |
"{01FF9E49-C746-4526-8B37-CE7AAB6A17C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{03016725-262E-4537-8813-AD22DE669E38}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{0D199F27-A546-4B68-8AD0-4B77181F4EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FA58806-4AB5-4542-A8DC-488486BCA39E}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{2430364D-39B7-4E38-9001-6F4DFF2700F8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{246DF8D8-9F42-4118-98E2-7984F33FCD22}" = lport=139 | protocol=6 | dir=in | app=system |
"{27E1461C-BD8D-47B8-AC53-E15EE14025A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2978456B-0EE2-4536-994E-0034F26A1890}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33D6DA5E-CDA8-432D-853E-610402310A10}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{34C2BDEB-475D-4CCF-8357-F5A7C6B4C98A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{398C43FA-DAAA-453A-A78C-AC05ED307414}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{3BD599A2-917C-453A-ACBB-EA36ACE4C8D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40354F74-5CB1-49BF-8148-4BAE73BB9E0C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{51C8D5E0-06D5-45F5-84DA-7F6200DEF2CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54198E8D-B9A2-4A4A-930A-B6F72044581D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6251C81F-BF7D-450A-A73D-CC76C1B3BD1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{63C155B0-75E5-4782-B691-9E1CF0C11360}" = rport=139 | protocol=6 | dir=out | app=system |
"{6AC51AE8-E506-4F50-900B-0720EC3FD631}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B5C09AA-04F4-4F2F-981D-05E82D30200C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{761C2B65-6CB9-4346-B56D-0E49832C3B71}" = rport=138 | protocol=17 | dir=out | app=system |
"{78630546-6E12-4DD3-842A-BB3615C9D9B5}" = lport=2066 | protocol=17 | dir=out | name=avm usb udp |
"{8C34E5AB-2DAA-4232-8D4E-D40BC2519701}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{8CB9CFC0-C255-4736-850C-A4B0D3B61DF3}" = lport=138 | protocol=17 | dir=in | app=system |
"{9238BFF6-5F92-4409-B155-FE66A45434C7}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{9C69F87F-04CD-4AF2-9E9E-DEC126A8284F}" = lport=2066 | protocol=6 | dir=in | name=avm usb tcp |
"{AD5A41B3-2628-4B31-8238-9A515E1CDBA4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AE185C65-1922-4808-B90A-1BAF3759D7D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B206E53D-E54B-48FA-A885-805E43BC2832}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B326A6A0-C0BE-45A4-A348-4FBE4F1AC349}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C0530A6E-9EB4-4B64-BAA9-681A18A51B52}" = lport=445 | protocol=6 | dir=in | app=system |
"{C34805C5-3034-4AED-AF19-1ADC63E6DC7B}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{C3813A94-6C06-4696-A82A-59115490A9CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCA24F95-8139-4FB9-BB59-1C54BDAD8F6F}" = rport=445 | protocol=6 | dir=out | app=system |
"{CCC82C09-1FDD-404C-9673-8BD160FB8991}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CEE30EFA-A288-4072-BAFA-3D25B687CA4C}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0D13103-596C-4824-80C8-E82E07268EF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB056A9D-749E-4B90-9E1C-FA3201BD13B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDEC54E6-4F73-4A19-808D-DFA142FDF804}" = lport=2066 | protocol=6 | dir=out | name=avm usb tcp |
"{E3E2EF2B-CB7A-4A46-B1AB-9259045C87D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC792370-31FA-4A22-95D6-801F3CD1BD3C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F516F422-20EE-4E60-A791-1262DF121B41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F757A666-DED2-478E-B622-249A90D76437}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FFC1BE5E-2714-4903-B005-E6C9C91B4503}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003CFDA7-5A7B-412A-8A38-933E2A96A2C9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{09D6E061-E0D4-440B-9348-F53689B2D16D}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{0A1EF171-365D-4517-9811-EBBDD48B9A63}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{179C4065-CFDF-4DC2-9A56-E31F2E189767}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{19E5CABF-61B7-412B-A950-52D3E67B5A52}" = dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{1B630084-9A49-47E2-9A4A-DD0F39A0FA6C}" = protocol=17 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"{1E06A745-2C3C-413C-83C0-7DD9BB05674C}" = protocol=17 | dir=in | app=c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{1E229250-95F4-460E-BB08-3C6B1EE6A645}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{235261BA-C195-445A-8BCF-B3883A621F8D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{24A286BB-F466-4B32-A86E-6A9C1A003E6C}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{26B27D35-51CB-4350-961F-408A306B9926}" = protocol=6 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"{2933FCD4-7CDF-4098-B388-F16E9614D6E7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A89E51C-5BE7-4AEB-B47D-99D3605EAEAB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C287D44-63A5-4AA0-A412-4C6E8843FAAB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{307B62BA-67B5-46F5-A85C-BCBDFAC1F8CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31C98B4F-299F-4E33-AAB3-086A72CD032A}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"{31FF00D3-67FB-4308-915A-701609D57418}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{345598EF-7AC4-4BBF-974B-2F3687E9A0F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{357E0DC9-B0B2-4E71-A789-F58B4FCA1A6C}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{3F53D034-AD0B-439E-BFC4-35D2DFEA17C3}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{457E2D43-0342-4234-B821-694254F5E41F}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{4A4B0D16-67DC-47B3-9D0E-D6738524732E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E66E75F-BD7B-421E-A918-37E15947A47A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{5223F2DB-F862-4FF1-9F50-A03AF93DE75F}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe |
"{557D1116-57B8-4FEA-944D-440D1DD5F366}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56436A71-2CFF-445D-B68B-B59D560BC4CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5727900D-0E1E-41C0-9158-BE4178DA528B}" = protocol=6 | dir=out | app=system |
"{59D0D5B2-9906-428C-8315-781DAE033F1C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5CD03436-6EF3-4317-8695-6AEF6D01B6D7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{5F745E20-D76B-4966-A751-B6A72D53F981}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"{6F405D51-AD9F-4001-96C9-06F4D091CD8E}" = protocol=6 | dir=in | app=c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{7E3CBC28-D85D-4FD8-98DC-5A7F5EDFBE87}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83A05E8C-F2EC-4162-B9F6-07979D6A782B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{857D4947-6BD4-49FB-9BF5-C2580DC6E577}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{88238FC5-482D-41B5-B298-B88D7D5B47BA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88A608BC-CFB6-4D4A-B30E-E5F085CD572E}" = dir=in | app=c:\users\hef01\appdata\local\microsoft\skydrive\skydrive.exe |
"{8BF1D549-D644-4300-97C0-D6CD9EAE09E2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C3AB7CC-B69F-4371-A15A-E169B6AC0CD9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{904C84F4-866F-442B-A048-212C2C71EEDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9488452D-783B-4291-AADE-829B3175DA67}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97DE165E-9543-407B-9015-CD4FC5D73713}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{9FEDF310-23E8-4128-9687-62AEEB134E17}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A039BD49-B1DA-40F4-A6BF-95C970F0EA43}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{A74D8F6F-E0FC-4FDF-AF67-5C2EEBB20F36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A83AC840-148A-4ECC-989D-1178549D8ACD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD6895C0-6232-4602-A4A8-2F6982C691A2}" = dir=in | app=%systemdrive%\programme\avira\antivir desktop\avnotify.exe |
"{AEF378C5-9889-4BBA-A699-8F83D01D9DE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF552B4A-D978-48B0-BB57-CD5F25977DF0}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe |
"{B22CAE23-1216-4408-81A4-C84DAFA712C1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B5016C59-488F-4731-BFDE-6FA4870998A9}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{C03D795E-7418-4ED9-876B-551714B59045}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C3941E18-646C-4C4A-9D19-F505419F01F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7AD9810-CC7B-49A6-92F7-8BD5072B4BD7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8811641-1430-4FE6-91C5-09CEC37A3B0F}" = protocol=17 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"{D0C231A4-0F58-477D-8C24-009900E6532F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7D23882-8046-4E98-B1AA-D7EB3A4F8540}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D802A799-7D10-4C68-BE03-2AABB27BE155}" = protocol=6 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"{D87E9DF9-671E-47FA-BEA9-956D3B31812C}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |
"{DB7CFFF9-B8D1-4422-9DE4-4FC0D2107CFE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF04E5AF-AE67-4750-9E7A-B58F93E64C4C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{E3636088-ADCE-45E2-BBD8-9E783A9C114B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E525007B-EDD1-46CE-B2C5-7EE95DF7416F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F14306AC-E0A2-4707-8A83-8B1897FEA279}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2B12DCC-981D-470D-A3D7-D75A309D6747}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{F372DF75-9748-4F05-B243-09CD6A48FC26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F56519F0-C7C3-407C-9633-3F6CD3C4E864}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6EB3C7F-99D8-43DF-BB3F-46839EBFC752}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |
"{FF5B94CD-A078-4807-84C4-2D41BA0B1D43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{16BC7813-DAD1-4358-A858-812772248D98}C:\program files\network tool for clients\kmcl.exe" = protocol=6 | dir=in | app=c:\program files\network tool for clients\kmcl.exe |
"TCP Query User{1BC521ED-983C-4DDF-B2D3-E93B22DAE05A}C:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe |
"TCP Query User{2B787D69-512D-4F27-8073-58282E57ED31}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=6 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"TCP Query User{389BD4DA-4D81-4B0D-AFE3-E64AC6B10ABC}C:\program files\philips\mediamanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files\philips\mediamanager\twonkymanager.exe |
"TCP Query User{3916AD10-6EB1-4780-8349-579CAE2A3B54}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"TCP Query User{4A20D853-4C26-482D-B183-9B02D356B4A9}C:\program files\network print monitor\kmnv.exe" = protocol=6 | dir=in | app=c:\program files\network print monitor\kmnv.exe |
"TCP Query User{5D9CB152-C468-4A5F-8E9A-EAEE1DF0A4D9}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{64036234-B5DA-4B26-9A1A-0F85DA010A75}C:\program files\philips\mediamanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files\philips\mediamanager\twonkyrenderer.exe |
"TCP Query User{6D3C4C52-9850-4C44-BBC9-E43B9E39F3A2}C:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe" = protocol=6 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"TCP Query User{6F11BF42-D797-4E10-A979-6FD8D108A006}C:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe" = protocol=6 | dir=in | app=c:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe |
"TCP Query User{7082CB21-F94F-4EA4-8EF9-91229F784D1F}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"TCP Query User{712ED90A-CA57-40F3-9B88-CFEE21CB1C1C}C:\namo\webeditor 9\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"TCP Query User{9468DD01-79F6-46D8-A2CB-D48590180339}C:\program files\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files\calibre2\calibre.exe |
"TCP Query User{99D218F3-31E1-47CE-8AAC-D1330135D143}C:\program files\ip camera wizard\ipcamwizard.exe" = protocol=6 | dir=in | app=c:\program files\ip camera wizard\ipcamwizard.exe |
"TCP Query User{A3F3CAC1-C15C-4939-978D-1D0988F84EE5}C:\program files\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\vlc\vlc.exe |
"TCP Query User{AE91AB72-A052-43A0-AD76-60CEA8AC25B5}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{B303AEAF-D7E1-40FD-9FE5-0E5E742CA9AE}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C2A75905-6670-4BEF-B8B6-B494787B2079}C:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe" = protocol=6 | dir=in | app=c:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe |
"TCP Query User{C97B3089-8241-482F-B554-F8FB48AAB07A}C:\program files\network camera\camera setup\camerasetup.exe" = protocol=6 | dir=in | app=c:\program files\network camera\camera setup\camerasetup.exe |
"TCP Query User{CB8A781E-CB0D-4039-91A9-3787E2FFABB9}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=6 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"TCP Query User{CB96C31C-3771-418C-AD8F-F97B9C6B0CB5}C:\users\hef01\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\client\googleearth.exe |
"TCP Query User{EFAC3726-2AB8-4EB1-B627-173D2E5D25E7}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{02BAAB1C-9392-4D88-8078-CCD20572DDC5}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=17 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"UDP Query User{06EA58E3-9ADF-4B1C-9235-01E1710EB27B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{0B2519DA-F3CD-4AF6-A2E3-EC0D08DCC691}C:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe" = protocol=17 | dir=in | app=c:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe |
"UDP Query User{246CB6F6-D439-4419-AC69-9F5006937C92}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=17 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"UDP Query User{24E27523-EEF7-4CE8-930D-F675223D8FE7}C:\namo\webeditor 9\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"UDP Query User{576485F8-906D-4AEE-B583-D0CC04756758}C:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe" = protocol=17 | dir=in | app=c:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe |
"UDP Query User{5EAA05E0-E1BC-4A42-958B-7C51C2FFF3CC}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"UDP Query User{6297DEBE-0597-4696-A1F0-54468DE8E04F}C:\program files\network print monitor\kmnv.exe" = protocol=17 | dir=in | app=c:\program files\network print monitor\kmnv.exe |
"UDP Query User{683DC679-CDE3-498C-AB41-D68A720B1314}C:\program files\philips\mediamanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files\philips\mediamanager\twonkymanager.exe |
"UDP Query User{68948812-6B0D-4C7B-963D-48DB74DAB489}C:\users\hef01\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\client\googleearth.exe |
"UDP Query User{6AD1951A-4D9E-49A1-ACC4-C5B5E44CF775}C:\program files\network camera\camera setup\camerasetup.exe" = protocol=17 | dir=in | app=c:\program files\network camera\camera setup\camerasetup.exe |
"UDP Query User{75838355-5E93-409C-BB00-50B829BD2B2B}C:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe |
"UDP Query User{8E5094FD-3D26-47B7-A7DC-7341C517CD1A}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{8FDE0FBC-EBE8-4352-AC73-33D434D5B638}C:\program files\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files\calibre2\calibre.exe |
"UDP Query User{9C2B3750-7E6B-49E6-87DB-5E564C3FA18B}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"UDP Query User{9FA01F33-9A20-4BA1-BEF1-18F626B13DA8}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{A065A9D7-2B77-4285-8BD8-9150028CE14D}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{BB1BD170-53D7-4B5C-BD13-2D44FFE371A5}C:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe" = protocol=17 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"UDP Query User{D9DE3A35-B271-4E91-A80A-F4C6DFA31B9C}C:\program files\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\vlc\vlc.exe |
"UDP Query User{DB59C9C7-100D-4C24-BE8A-D8C306855FE6}C:\program files\philips\mediamanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files\philips\mediamanager\twonkyrenderer.exe |
"UDP Query User{F6FD8474-716E-4AE3-99D7-89010FC330AD}C:\program files\network tool for clients\kmcl.exe" = protocol=17 | dir=in | app=c:\program files\network tool for clients\kmcl.exe |
"UDP Query User{FE7DD497-703B-49D5-8C6F-2041A39C2293}C:\program files\ip camera wizard\ipcamwizard.exe" = protocol=17 | dir=in | app=c:\program files\ip camera wizard\ipcamwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1" = Advanced Fix 2013 version 2.0.1.106
"{0194272E-B903-4098-9AF5-CF6D0ACF11E3}" = MGF-TF Workshop Companion
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{05DB19DE-A540-4CF8-B262-BFAADE53CE75}" = DTAUSmacher
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{10E931A1-471D-46C6-AEFE-98E2BD6FC00C}" = AllShare Framework DMS
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15C58B72-77EA-4ACE-B70C-A843A79FE8D9}" = SimonsVoss Locking System Management Basic 3.1 Demo
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{18815D2C-C62D-4066-94F3-55966581D2A5}" = FormsForWeb® Filler 3.2.3
"{1911BF50-9660-4D1F-B6AF-FBE3F45399BF}" = NoDupe 32-bit (v1.17.0.3)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1C3147A7-4810-45FC-AD89-064D8023A514}" = SEPA Account Converter
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{223766BE-E834-47AF-B002-0BAC11A37812}" = Wertpapieranalyse 2012
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23374ABE-C542-44F1-84B6-2381D0E6E2CE}" = Camera Setup
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2C75A885-9B73-4BC4-BB4E-974CDBB37F3C}_is1" = GLS Vereinsmeister 6.1
"{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken 2012
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{341A5362-88DB-484B-97A6-A57F535074CA}_is1" = Spybot-S&D Distributed Testing Client
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3F873E63-1CA5-4bdb-A8C7-D97012496DE3}" = Canon MF6500-Serie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{450CFD4D-7E60-3839-D0FA-56DB08675447}" = dLAN Cockpit
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = Digital Trends Club
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66633466-960F-4D50-BAFB-E29071B7A4C7}" = DDBAC
"{666C9123-1AEC-446F-8AA8-28256B1953D4}" = Qualcomm Gobi 2000 Package for Lenovo
"{6738D11F-DF64-445B-80A4-B6B32F297059}" = SPG-Verein 3.0
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{6DDD47AF-FE8C-4C89-86DE-56DFDA4367E3}" = SPG-Fibu 1.6
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{783FBB59-D099-4F38-A1B2-B7375FE28FD5}" = Lenovo SimpleTap
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FC74607-ED6E-49C3-87FA-56B50A2EE158}" = Quicken Import Export Server 2012
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8890396E-9E1B-4F8E-B465-5918B41CEEE9}" = AVM FRITZ!Fernzugang
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{90F00673-A276-4A58-B675-B426D39D1E09}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{9202762E-4B4C-48C9-A6CC-C27F9F85190A}" = Mobile Broadband Connect
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{99444C2A-C635-49C0-8659-AA23C83CC1CB}" = Network Tool for Clients
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9F72572C-CC6E-49A4-95ED-34CA0EDAB560}" = Network Print Monitor
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AD32F5E9-6BDD-480A-8B7B-95571D04691C}" = Lenovo Patch Utility
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.00
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B77395EA-AECD-4AD7-B9AE-FCDE5A93DC07}_is1" = IP Camera Wizard 1.0.0.27
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3312B77-9A4E-4359-AB7C-062341ABE141}" = Fresco Logic USB3.0 Host Controller
"{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = MobiLink3
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.48
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C470A6E7-F425-43B6-BA31-4CCBB2F55F84}" = portier Vision 3.20.003
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C908A5AC-4F61-4B9A-8A51-48B5696C53B1}" = Lexware online banking
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D96E0205-77DF-414C-A3DC-D8B25090A2A0}" = TSObjektkey 2008
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DEDF9B07-5628-4CA0-96BD-8B3AAD553292}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E4F6C5BD-023B-4352-9C1C-7851F5A3AE82}" = Namo WebEditor 9
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi-Software
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFADD989-D9F2-49F6-A280-675951CC78D3}" = FRITZ!Box-Fernzugang einrichten
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F58DA859-016E-492D-A588-317D9BB28002}" = ThinkVantage Fingerprint Software
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBD3DDF9-38BD-4BBC-A135-A5F0DD7BA634}" = Deutsche Post Einlieferungslisten
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"098EBB26BF07167AB12D1575EC24F883F9435E59" = Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022)
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022)
"7-Zip" = 7-Zip 4.65
"8474-7877-9059-0204" = Samsung Link 1.5.0.1305092012
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows-Treiberpaket - Intel USB (08/20/2009 9.1.1.1020)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDeX Key-Organizer 2013-02-20 20.30.11" = AIDeX Key-Organizer (Installation 20.02.2013)
"Anti-Twin 2012-11-14 22.56.34" = Anti-Twin (Installation 14.11.2012)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Bagusoft Password Safe" = Bagusoft Password Safe
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Chipcardmaster_is1" = Chipcardmaster 7.05
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"D2A522092C620419920616ACED9411B982912F1B" = Windows-Treiberpaket - Intel (e1kexpress) Net (12/01/2009 11.5.7.0)
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7
"doPDF 7 printer_is1" = doPDF 7.2 printer
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002)
"EaseUS Todo Backup Free 5.6_is1" = EaseUS Todo Backup Free 5.6
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"ERUNT_is1" = ERUNT 1.1j
"FBDBServer_2_0_is1" = Firebird 2.0.0
"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"FreeFileSync" = FreeFileSync 5.10
"GIMP-2_is1" = GIMP 2.8.4
"GLS Vereinsmeister" = GLS Vereinsmeister
"GLS Vereinsmeister Toolbox" = GLS Vereinsmeister Toolbox
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"ImgBurn" = ImgBurn
"INnDTAPro4.5.1" = INnDTAPro
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 Lenovo Edition
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{99444C2A-C635-49C0-8659-AA23C83CC1CB}" = Network Tool for Clients
"InstallShield_{9F72572C-CC6E-49A4-95ED-34CA0EDAB560}" = Network Print Monitor
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"IrfanView" = IrfanView (remove only)
"ITN Converter_is1" = ITN Converter 1.82
"JPG/JPEG Photo Converter_is1" = JPG/JPEG Photo Converter version 1.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MediaCoder" = MediaCoder 0.7.1.4496
"MediaManager" = MediaManager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MobiLink3" = MobiLink3
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Netnotep_is1" = Network Notepad 4.6.9
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"o2DE" = Mobile Connection Manager
"OnScreenDisplay" = Anzeige am Bildschirm
"PcCloneEX" = PcCloneEX
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PDF To Excel Converter_is1" = PDF To Excel Converter V2.0
"Picasa 3" = Picasa 3
"POIbase_is1" = POIbase 1.051
"PoiEdit" = PoiEdit
"Power Management Driver" = Lenovo Power Management Driver
"PRINTSERVER-NetTool" = PRINTSERVER-NetTool 1.8.43
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"RarZilla Free Unrar" = RarZilla Free Unrar
"Ravensburger tiptoi" = Ravensburger tiptoi
"SDEPRO20_is1" = SDExplorer 3.1
"SIZCHIP-Plugin-Mozilla-20" = S-Chip-Add-On 2.0.2.1 NPAPI
"SonyEditor" = SonyEditor (remove only)
"SugarSync" = SugarSync
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"UTAX TA Product Library" = UTAX TA Product Library
"VLC media player" = VLC media player 2.0.6
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.47-11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Wireshark" = Wireshark 1.8.2 (32-bit)
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"MGF-TF Workshop Companion" = MGF-TF Workshop Companion
"MyFreeCodec" = MyFreeCodec
"pdfsam" = pdfsam
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Virtual Globe." = Virtual Globe.

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02.07.2013 09:30:47 | Computer Name = HEF01-THINK | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lucom\FormsForWeb\Filler3.2.3\xerces-c_2_8.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lucom\FormsForWeb\Filler3.2.3\xerces-c_2_8.dll.Manifest"
in Zeile 6. Ungültige XML-Syntax.

Error - 03.07.2013 05:21:11 | Computer Name = HEF01-THINK | Source = AllShare Framework DMS | ID = 131073
Description =

Error - 03.07.2013 05:21:11 | Computer Name = HEF01-THINK | Source = AllShare Framework DMS | ID = 131073
Description =

Error - 03.07.2013 05:22:59 | Computer Name = HEF01-THINK | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 03.07.2013 07:07:52 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18103,
Zeitstempel: 0x512d91aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x25ac Startzeit der fehlerhaften Anwendung: 0x01ce77cf540586e8 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
cd6dbd13-e3d0-11e2-b795-70f39544e4bf

Error - 03.07.2013 07:08:00 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc015000f Fehleroffset: 0x00083fbe ID des fehlerhaften
Prozesses: 0x25ac Startzeit der fehlerhaften Anwendung: 0x01ce77cf540586e8 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
d2164e7d-e3d0-11e2-b795-70f39544e4bf

Error - 03.07.2013 07:08:20 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18103,
Zeitstempel: 0x512d91aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x295c Startzeit der fehlerhaften Anwendung: 0x01ce77dd9ae7441c Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
de2180c3-e3d0-11e2-b795-70f39544e4bf

Error - 03.07.2013 07:17:02 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18103,
Zeitstempel: 0x512d91aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x2fa0 Startzeit der fehlerhaften Anwendung: 0x01ce77ddb69769d2 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
154f768d-e3d2-11e2-b795-70f39544e4bf

Error - 03.07.2013 09:07:00 | Computer Name = HEF01-THINK | Source = MatSvc | ID = 262147
Description = Webdienstfehler im MATS-Dienst. hr=0xC004F020

Error - 03.07.2013 09:07:00 | Computer Name = HEF01-THINK | Source = MatSvc | ID = 262149
Description = Ein Teil der hochgeladenen Daten wurde vom Server zurückgewiesen.
hr=0xC004F020

[ System Events ]
Error - 02.07.2013 15:06:51 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Lenovo.VIRTSCRLSVC erreicht.

Error - 03.07.2013 05:22:03 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Spybot-S&D 2 Scanner Service erreicht.

Error - 03.07.2013 05:22:03 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 03.07.2013 05:23:22 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Live ID Sign-in Assistant erreicht.

Error - 03.07.2013 05:23:22 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 03.07.2013 05:23:52 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) PROSet/Wireless Zero Configuration Service erreicht.

Error - 03.07.2013 05:23:52 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde
aufgrund folgenden Fehlers nicht gestartet: %%1053

Error - 03.07.2013 05:24:17 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM

Error - 03.07.2013 05:25:11 | Computer Name = HEF01-THINK | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 03.07.2013 05:26:33 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.


< End of report >

[Benutzer]

Apology, I forgot to say, if you need any translation of the German language text in the logs, please let me know.

Additional I like to let you know the link that the malware produces as start page for IE and/or Firefox. Copied from the browser.

Code:

http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

[Benutzer]

Me again to a piece of the code of the link that the malware produces.
WD7500BPKT-80PK4T0 as part of the suspicious start link .... I see, that is the type of my computers Western Digital hard disk !

[Benutzer]

Hi,
as requested I did not change anything since we are in touch together on getting rid of this malware. But I tried some steps while waiting from first post in May until you offered the assistance here. May be the malware exe has been removed already, but the traces in reg.ini are stil active ?

I just had the idea to simply use MS-regedit and have a search for the string qvo6.
I found four entries (key names) as listed below with screenshots.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
qvo6_ie.JPG

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command

Code:

C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

qvo6_ff.JPG

HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software\qvo6hp
qvo6_x.JPG

HKEY_USERS\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Internet Explorer\SearchScopes
qvo6_x1.JPG

I believe thats it ?
Can I kill these entries and how should I do it.

Looking forward to your further instructions.

[oldman960]

Hi Benutzer ,

Sorry about the delay, I've been working some odd ball shifts the last couple of days.

We'll run a search first then remove or repair the registry items as needed. This may take a few minutes.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield
• Do not copy the word CODE , please note the script starts with the :
  
  Code:

  :regfind
  qvo6
  qvo6*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt