browser hijacked qvo6.com malware

**Benutzer** · 2013-07-02, 12:59

Thank you for the explanation.

I don't understand the whole /roaming/ Folder under AppData. But thats according to my restricted computer skills.
anyway, computer is running fine so far. All around a bit slow since I have this qvo6 malware. But could decreased in speed aso cause I registered several cloud storage services recently (Dropbox and other)

Did the OTL scan. But there is no EXTRAS.txt file. I'm so sorry, assume I did the wrong settings ?

At the end of May I had download OTL and ran it without userdefined fixes/scans. Maybe it now took the former adjustments ?
The EXTRAS file I found is from May 30th and not valid for this scan.

Just had a screen shot from the final window of OTL. Should I have marked the Extras at the yellow mark ?
extras.JPG
I hope I didn't damage anything. Sorry for the problem.

Here's only the OTL scan results:
-----------OTL.txt-------------------------
OTL logfile created on: 02.07.2013 12:19:02 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HEF01\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,74% Memory free
5,97 Gb Paging File | 3,83 Gb Available in Paging File | 64,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 687,71 Gb Total Space | 413,48 Gb Free Space | 60,12% Space Free | Partition Type: NTFS
Drive D: | 9,76 Gb Total Space | 2,99 Gb Free Space | 30,68% Space Free | Partition Type: NTFS

Computer Name: HEF01-THINK | User Name: HEF01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\HEF01\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe (Samsung)
PRC - C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe (Samsung)
PRC - C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe ()
PRC - C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe ()
PRC - C:\Program Files\HI-epanelLSPService\HI-epanelLspService.exe (HI-epanel)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Authentec Inc.)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
PRC - C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
PRC - C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
PRC - C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
PRC - C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
PRC - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Windows\System32\nvShell.dll ()

========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AllShare Framework DMS) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe (Samsung)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe ()
SRV - (HI-epanel-Reporting-Service) -- C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe ()
SRV - (HI-epanel-Update-Service) -- C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe ()
SRV - (HI-epanelLSPService) -- C:\Program Files\HI-epanelLSPService\HI-epanelLspService.exe (HI-epanel)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
SRV - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
SRV - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (TwonkyProxy) -- C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyServer) -- C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
SRV - (TwonkyWebDav) -- C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AxAutoMntSrv) -- C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (QDLService2kLenovo) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (UI Assistant Service) -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe ()
SRV - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (NvtlService) -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)

========== Driver Services (SafeList) ==========

DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found
DRV - (mbr) -- C:\Users\HEF01\AppData\Local\Temp\mbr.sys File not found
DRV - (catchme) -- C:\Users\HEF01\AppData\Local\Temp\catchme.sys File not found
DRV - (arkc77h7) -- File not found
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SSCBFS3) -- C:\Windows\System32\drivers\sscbfs3.sys (EldoS Corporation)
DRV - (EUFDDISK) -- C:\Windows\System32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBKMON) -- C:\Windows\System32\drivers\EUBKMON.sys ()
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\System32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (SmbDrvI) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\Netwsn00.sys (Intel Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (tapoas) -- C:\Windows\System32\drivers\tapoas.sys (The OpenVPN Project)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV - (NWIM) -- C:\Windows\System32\drivers\avmnwim.sys (AVM Berlin)
DRV - (PCDSRVC{3037D694-FD904ACA-06020200}_0) -- c:\Program Files\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (smihlp2) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (5U877) -- C:\Windows\System32\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV - (qcusbnetlno2k) -- C:\Windows\System32\drivers\qcusbnetlno2k.sys (QUALCOMM Incorporated)
DRV - (qcusbserlno2k) -- C:\Windows\System32\drivers\qcusbserlno2k.sys (QUALCOMM Incorporated)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (FLxHCIc) -- C:\Windows\System32\drivers\FLxHCIc.sys (Fresco Logic)
DRV - (FLxHCIh) -- C:\Windows\System32\drivers\FLxHCIh.sys (Fresco Logic)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (qcfilterlno2k) -- C:\Windows\System32\drivers\qcfilterlno2k.sys (QUALCOMM Incorporated)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (TurboB) -- C:\Windows\System32\drivers\TurboB.sys ()
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8CBA94D2-0004-4EDB-BD2D-DC3EC9287C9A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..\SearchScopes,DefaultScope = {8CBA94D2-0004-4EDB-BD2D-DC3EC9287C9A}
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: ""
FF - prefs.js..extension.gacela.network.proxy.type: 5
FF - prefs.js..extensions.enabledAddons: %7Baab35b56-0206-4472-9993-9cb5c09bb722%7D:1.5.5
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.7.0
FF - prefs.js..extensions.enabledAddons: gacela2%40nurago.com:13.1.50
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.autoconfig_url: "http://dtcproxy.gacela.eu/impact-de/autoproxyconfig.php?id=18735&type=FF&version=13.1.50"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@siz.de/SIZCHIP,version=2.0.2.1: C:\Program Files\SIZ\SIZCHIP-Plugin\Mozilla-20\npS-Chip-Add-On-Mozilla-2021.dll (SIZ GmbH, Deutscher Sparkassen Verlag GmbH)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\HEF01\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HEF01\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HEF01\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\Digital Trends Club\ [2013.07.02 12:19:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2013.01.30 15:21:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.28 15:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.30 00:26:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F74D5734-46F5-4B16-96F0-1E7FBF41B750}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2011.12.25 22:50:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.30 00:26:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011.04.09 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\Extensions
[2011.04.09 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.29 23:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\extensions
[2013.02.27 10:52:16 | 000,000,000 | ---D | M] (Snip It! Button for eBay) -- C:\Users\HEF01\AppData\Roaming\mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\extensions\{aab35b56-0206-4472-9993-9cb5c09bb722}
[2013.04.17 21:17:01 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\HEF01\AppData\Roaming\mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\extensions\fb_add_on@avm.de
[2013.05.09 20:15:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\firefox\profiles\xxhc2iuc.default-1361923398100\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.23 18:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.23 18:39:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.23 18:39:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.23 18:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.23 18:39:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.02 12:19:26 | 000,000,000 | ---D | M] (Digital Trends Club) -- C:\PROGRAM FILES\DIGITAL TRENDS CLUB

O1 HOSTS File: ([2013.07.02 02:30:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Digital Trends Club\Gacela2.dll (HI-epanel)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HI-epanel-WatchDog] C:\Program Files\HI-epanelLSPService\HI-epanel-WatchDog.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [Samsung Link] C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe (Samsung Electronics)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [Akamai NetSession Interface] C:\Users\HEF01\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [SkyDrive] C:\Users\HEF01\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSync.exe (SugarSync, Inc.)
O4 - Startup: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HEF01\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Key-Organizer Fristenprüfung.lnk = C:\Program Files\AIDeX\KeyOrganizer\KeyOrganizer.exe (Aidex GmbH)
O4 - Startup: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\HEF01\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Über Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Digital Trends Club\Gacela2.dll (HI-epanel)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O15 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/...utoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.178.36/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B124AEFE-892C-45A4-BB75-ED6063CFEE11}: DhcpNameServer = 212.166.210.80 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\System32\SSCbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.07.02 03:01:31 | 000,012,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2013.07.02 02:35:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.07.02 01:50:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.02 01:50:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.02 01:50:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.02 01:46:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.30 23:55:44 | 000,000,000 | ---D | C] -- C:\Users\HEF01\Documents\Mein SugarSync
[2013.06.30 23:50:37 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Local\SugarSync
[2013.06.30 23:50:29 | 000,225,024 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\SSCbFsNetRdr3.dll
[2013.06.30 23:50:29 | 000,159,488 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\SSCbFsMntNtf3.dll
[2013.06.30 23:47:02 | 000,295,936 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\sscbfs3.sys
[2013.06.30 23:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2013.06.30 00:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.06.22 17:22:38 | 000,000,000 | ---D | C] -- C:\Users\HEF01\Desktop\Virus_Trojan
[2013.06.22 17:19:49 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.22 17:19:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.22 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\HEF01\Desktop\Klinik
[2013.06.19 22:13:25 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
[2013.06.19 22:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\SEPA Account Converter
[2013.06.15 12:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.15 11:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ITN Converter
[2013.06.15 11:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\ITN Converter
[2013.06.15 00:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.06.14 23:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.06.14 23:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2013.06.14 23:38:39 | 000,000,000 | ---D | C] -- C:\Upload
[2013.06.14 23:38:08 | 000,000,000 | ---D | C] -- C:\Samsung Link
[2013.06.14 23:38:08 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.06.14 21:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2013.06.14 21:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\SDistTest
[2013.06.14 09:39:49 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.14 09:39:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.14 09:30:16 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.14 09:30:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.14 09:30:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.06.14 09:30:14 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.14 09:30:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.06.14 09:30:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.14 09:30:14 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.06.14 09:30:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.06.12 19:45:28 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.06.12 19:45:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.12 19:45:10 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 19:45:10 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 19:44:59 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.12 19:44:59 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.02 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\AVM
[2013.06.02 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
[2013.06.02 21:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!Fernzugang einrichten
[2013.06.02 21:23:53 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
[2013.06.02 21:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVM
[2013.06.02 21:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!Fernzugang
[2013.06.02 21:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.02 12:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.02 12:03:39 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.02 12:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.02 11:36:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005UA.job
[2013.07.02 09:57:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.02 03:02:48 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.02 03:02:48 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.02 03:02:48 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.02 03:02:48 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.02 03:01:32 | 000,012,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2013.07.02 02:41:54 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 02:41:54 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 02:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005Core.job
[2013.07.02 02:33:18 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.07.02 02:33:11 | 2406,219,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.02 02:30:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.30 23:55:45 | 000,000,786 | ---- | M] () -- C:\Users\HEF01\Desktop\Mein SugarSync.lnk
[2013.06.30 23:50:31 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013.06.30 22:45:48 | 000,000,000 | -H-- | M] () -- C:\Users\HEF01\Documents\Default.rdp
[2013.06.27 20:04:08 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.06.23 00:32:26 | 000,000,870 | ---- | M] () -- C:\Windows\wiso.ini
[2013.06.22 17:19:22 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.22 17:19:21 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.06.22 17:19:21 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.06.22 17:19:21 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.22 17:19:21 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.22 17:19:21 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.22 17:12:31 | 353,889,239 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.21 01:00:59 | 000,011,489 | ---- | M] () -- C:\Users\HEF01\gsview32.ini
[2013.06.19 22:13:26 | 000,002,102 | ---- | M] () -- C:\Users\HEF01\Desktop\SEPA Account Converter.lnk
[2013.06.15 11:08:10 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\ITN Converter.lnk
[2013.06.12 09:07:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 09:07:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.12 09:07:09 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.06.09 17:01:51 | 000,001,064 | ---- | M] () -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.09 17:01:41 | 000,001,032 | ---- | M] () -- C:\Users\HEF01\Desktop\Dropbox.lnk
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.02 21:45:10 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

**Benutzer** · 2013-07-02, 13:00

Part 2 of OTL.txt
---------------------

========== Files Created - No Company Name ==========

[2013.07.02 01:50:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.02 01:50:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.02 01:50:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.02 01:50:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.02 01:50:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.30 23:55:45 | 000,000,786 | ---- | C] () -- C:\Users\HEF01\Desktop\Mein SugarSync.lnk
[2013.06.30 23:50:31 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync.lnk
[2013.06.30 23:50:31 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013.06.30 22:45:48 | 000,000,000 | -H-- | C] () -- C:\Users\HEF01\Documents\Default.rdp
[2013.06.22 17:12:31 | 353,889,239 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.19 22:13:26 | 000,002,102 | ---- | C] () -- C:\Users\HEF01\Desktop\SEPA Account Converter.lnk
[2013.06.15 11:08:10 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\ITN Converter.lnk
[2013.05.23 21:28:01 | 000,000,861 | ---- | C] () -- C:\Users\HEF01\AppData\Local\recently-used.xbel
[2013.05.04 00:50:01 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013.04.15 18:53:12 | 000,046,592 | ---- | C] () -- C:\Windows\System32\boost_thread-vc90-mt-1_47.dll
[2013.04.15 18:53:00 | 000,038,912 | ---- | C] () -- C:\Windows\System32\boost_date_time-vc90-mt-1_47.dll
[2013.04.15 18:52:44 | 000,227,840 | ---- | C] () -- C:\Windows\System32\boost_serialization-vc90-mt-1_47.dll
[2013.04.15 18:52:42 | 000,704,000 | ---- | C] () -- C:\Windows\System32\boost_regex-vc90-mt-1_47.dll
[2013.04.15 18:52:40 | 000,012,800 | ---- | C] () -- C:\Windows\System32\boost_system-vc90-mt-1_47.dll
[2013.04.15 18:52:24 | 000,130,048 | ---- | C] () -- C:\Windows\System32\boost_filesystem-vc90-mt-1_47.dll
[2013.04.03 20:49:41 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2013.03.23 18:11:03 | 000,001,263 | ---- | C] () -- C:\Windows\isxdlge2.ini
[2013.03.20 17:38:47 | 000,041,544 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2013.02.12 11:36:05 | 000,003,072 | ---- | C] () -- C:\ProgramData\keytemplate.db3
[2013.02.12 11:36:01 | 000,018,432 | ---- | C] () -- C:\ProgramData\schluesselverwaltung.db3
[2013.02.08 12:29:58 | 000,000,036 | ---- | C] () -- C:\Windows\Uniformula.ini
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.01.24 12:24:13 | 000,000,102 | ---- | C] () -- C:\Windows\{E3B99F3D-9856-482A-9048-305E28E2510C}.ini
[2013.01.01 17:56:59 | 000,000,021 | ---- | C] () -- C:\Windows\TemplateWizard.INI
[2012.11.24 22:25:02 | 000,000,078 | ---- | C] () -- C:\Users\HEF01\govello20.properties
[2012.11.07 16:10:28 | 000,000,373 | ---- | C] () -- C:\Windows\System32\CNCMFP20.INI
[2012.08.19 12:14:36 | 000,000,079 | ---- | C] () -- C:\Users\HEF01\AppData\Local\CrystalDiskMark30.ini
[2012.08.16 18:42:36 | 000,003,168 | ---- | C] () -- C:\Windows\System32\HI-epanelLSPService.ini
[2012.08.16 18:42:36 | 000,001,864 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2012.08.11 23:05:29 | 000,000,017 | ---- | C] () -- C:\Users\HEF01\AppData\Local\resmon.resmoncfg
[2012.06.16 00:40:14 | 000,011,489 | ---- | C] () -- C:\Users\HEF01\gsview32.ini
[2012.06.10 23:18:29 | 000,000,223 | ---- | C] () -- C:\Windows\KcMV3DGD.ini
[2012.06.10 23:13:29 | 000,002,259 | ---- | C] () -- C:\Users\HEF01\PRINTSERVER-NetTool.ini
[2012.05.28 13:29:08 | 000,002,048 | ---- | C] () -- C:\Windows\null.exe
[2012.05.16 10:41:18 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2011.09.04 21:05:06 | 000,000,001 | ---- | C] () -- C:\Users\HEF01\.SIG_PINSTATUS_VOREINSTELLUNG
[2011.09.04 21:05:06 | 000,000,001 | ---- | C] () -- C:\Users\HEF01\.SIG_DIALOG_VOREINSTELLUNG
[2011.04.18 05:33:13 | 000,010,752 | ---- | C] () -- C:\Users\HEF01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.07 20:17:52 | 000,646,848 | ---- | C] () -- C:\Users\HEF01\AppData\Local\wanancsp.dat
[2011.04.07 19:18:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.16 15:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.07.02 13:48:12 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Avery
[2013.06.02 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\AVM
[2011.04.13 12:21:20 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Broad Intelligence
[2011.04.09 13:24:51 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Buhl Data Service
[2013.01.30 15:22:50 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Bytemobile
[2012.12.14 01:10:35 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\calibre
[2012.12.16 16:07:18 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Canneverbe Limited
[2012.11.28 17:20:47 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Canon
[2013.03.23 18:11:37 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Chipcardmaster
[2013.04.06 00:45:31 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\com.amazon.music.uploader
[2013.07.02 02:15:03 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\convert
[2011.04.12 21:49:32 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\DataDesign
[2012.01.01 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\DoublePics
[2013.07.02 01:00:03 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Dropbox
[2012.06.07 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\DVDVideoSoft
[2013.05.29 11:49:01 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\eIntaller
[2011.11.02 23:47:10 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\elsterformular
[2013.06.26 01:40:14 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FileZilla
[2012.10.04 23:15:50 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FreeFileSync
[2013.05.04 02:19:36 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FRITZ!
[2013.05.02 01:19:47 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2013.01.17 13:57:48 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\GetRightToGo
[2013.03.14 23:15:15 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\GLS Vereinsmeister
[2011.05.10 16:16:26 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\ImgBurn
[2012.09.07 20:02:00 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\InterVideo
[2013.05.20 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\IPCamWizard
[2011.05.15 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\IrfanView
[2012.02.02 23:57:09 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Lenovo
[2011.04.12 21:31:22 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Lexware
[2013.03.08 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Motorola
[2013.03.08 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Motorola Mobility
[2012.01.04 02:43:34 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\NetMeter
[2012.06.08 00:41:01 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Notepad++
[2011.04.26 19:20:39 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\OpenOffice.org
[2011.05.05 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\PCDr
[2011.04.20 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Philipp Winterberg
[2012.11.24 01:44:54 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\PrivateTunnel
[2011.04.21 22:16:23 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\PwrMgr
[2013.04.08 23:42:24 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\QcWizard
[2012.05.26 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\RavensburgerTipToi
[2013.04.17 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Samsung
[2011.04.16 11:57:13 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\SmartLine
[2011.04.15 21:44:22 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Softland
[2013.03.24 02:01:01 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Synaptics
[2013.06.12 18:37:33 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TeamViewer
[2012.09.08 00:09:56 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Telefónica
[2012.09.08 00:09:56 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TGCMLog
[2011.04.09 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Thunderbird
[2012.01.20 01:41:20 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Total Immersion
[2011.04.24 17:43:12 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TuneUp Software
[2012.05.16 10:56:03 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TwonkyMedia
[2012.08.01 23:43:59 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\TwonkyServer
[2011.12.27 23:31:45 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Ulead Systems
[2011.04.13 11:38:27 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Uniblue
[2011.05.05 14:44:14 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Update
[2013.01.01 01:49:29 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Vodafone
[2012.12.22 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Windows Live Writer
[2012.06.23 16:18:20 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\Wireshark
[2013.02.22 00:24:16 | 000,000,000 | ---D | M] -- C:\Users\HEF01\AppData\Roaming\YCanPDF

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2010.01.05 07:00:49 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\PolicyDefinitions\de-DE\Explorer.adml
[2010.01.05 07:00:49 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_79e5ffbcdccafc09\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009.06.10 23:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009.06.10 23:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx

< MD5 for: EXPLORER.DMP >
[2012.04.23 14:03:33 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Users\Public\Lenovo\Access Connections\Explorer.dmp

< MD5 for: EXPLORER.EXE >
[2010.01.05 07:02:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2013.05.16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010.01.05 07:02:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2010.01.05 07:00:32 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\de-DE\explorer.exe.mui
[2010.01.05 07:00:32 | 000,025,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5cd80747e61754a0\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013.07.02 03:08:07 | 000,222,750 | ---- | M] () MD5=3620BDFEF8CBB3B3472C961C7AD6E744 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.BAT >
[2013.04.21 09:58:12 | 000,029,803 | ---- | M] () MD5=E4B95882FB080670179EA3605395889B -- C:\JRT\iexplore.bat

< MD5 for: IEXPLORE.EXE >
[2012.05.18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_b12560b1c817cfde\iexplore.exe
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Program Files\Internet Explorer\iexplore.exe
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\ERDNT\cache\iexplore.exe
[2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_ba6545dc65e543de\iexplore.exe
[2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_b1148f09c82553c5\iexplore.exe
[2012.05.18 00:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_b19f2c1ee1420ce6\iexplore.exe
[2012.10.08 10:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_b119907bc820d278\iexplore.exe
[2013.03.21 13:11:10 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_ba715a6a65dbf461\iexplore.exe
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
[2013.04.05 07:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_a39ee59e7f860811\iexplore.exe
[2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_b12660fbc816e935\iexplore.exe
[2013.05.17 03:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_a38c5d6c7f953fa9\iexplore.exe
[2012.08.24 09:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_b1a52ddae13ca4f0\iexplore.exe
[2013.01.09 00:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_b10dc045c829d512\iexplore.exe
[2011.04.09 23:39:23 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe
[2010.12.18 07:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_b3e23cc79f2c4cea\iexplore.exe
[2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_b1276145c816028c\iexplore.exe
[2013.02.25 01:52:40 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=A11C5E3E288256C540B7ED8BE3A04B01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_a39aa01e7f89ef98\iexplore.exe
[2013.02.02 06:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_b17dbc10e15b4762\iexplore.exe
[2010.12.18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_b384dff685ed56b3\iexplore.exe
[2013.04.05 08:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[2012.11.16 18:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=B201AF83DF2E85323E29EB83E4046810 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_b11b910fc81f0526\iexplore.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012.06.02 10:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_b1a12cb2e1403f94\iexplore.exe
[2012.11.16 05:08:47 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=C0BA71C1B3FB6E3DD432FF3CCAEBDC62 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_b1985d5ae1468e33\iexplore.exe
[2010.11.20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
[2012.10.08 10:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_b1955c7ce149422e\iexplore.exe
[2013.02.02 06:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_b0feef31c8358ba7\iexplore.exe
[2013.02.21 13:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_ba7371c665da0d6e\iexplore.exe
[2012.06.29 01:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_b1a22cfce13f58eb\iexplore.exe
[2013.01.08 23:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_b18b8cdae1507776\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2011.04.09 23:39:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=0272AAC78F0D1CC205B893CCF5835DC5 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_01f1be9610db4e6b\iexplore.exe.mui
[2011.04.09 23:39:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_aae2948effb95a30\iexplore.exe.mui
[2013.03.21 13:12:45 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui
[2013.03.21 13:12:45 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_0b2d19e8aeab2983\iexplore.exe.mui
[2013.03.21 13:11:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013.03.21 13:11:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
[2010.01.05 07:00:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=D74E70EF11B77E438111FE0C79AAFD97 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_de-de_0402b932ceea8ae4\iexplore.exe.mui
[2010.01.05 07:00:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=D74E70EF11B77E438111FE0C79AAFD97 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_0633ccfacbd90e7e\iexplore.exe.mui

< MD5 for: IEXPLORE.PNG >
[2011.07.18 08:46:32 | 000,016,619 | ---- | M] () MD5=2DC4DF31FA082FD9310B20F3F950432C -- C:\Program Files\Lenovo\SimpleTap\Add-ons\Lenovo\InternetExplorer\iexplore.png

< MD5 for: SERVICES >
[2012.08.15 17:51:44 | 002,497,591 | ---- | M] () MD5=644A5F77D534ABBF4EBABFB4128F925C -- C:\Program Files\Wireshark\services
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.ASFX >
[2012.09.23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012.09.23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744BA0000000010\11.0.0\services.cfg
[2013.05.11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.CNF >
[2001.09.25 22:48:16 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\HEF01\Documents\Eigene Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2013.04.22 05:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat

< MD5 for: SERVICES.DLL >
[2009.05.22 20:31:22 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\Program Files\Common Files\Lenovo\InvAgent\local\collect\services.dll
[2012.11.13 18:38:36 | 000,008,704 | ---- | M] () MD5=E41D70348B1B51C0C76B617EA572B105 -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll

< MD5 for: SERVICES.DLL.CONFIG >
[2012.11.01 18:05:50 | 000,000,305 | ---- | M] () MD5=126EB374FFE77DAA27113E5AD6307C0B -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll.config

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010.01.05 07:00:30 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5BB3A4AC670D245257DBA6C397DF2EEB -- C:\Windows\System32\de-DE\services.exe.mui
[2010.01.05 07:00:30 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5BB3A4AC670D245257DBA6C397DF2EEB -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c0e2c741986ab76d\services.exe.mui

< MD5 for: SERVICES.HTM >
[2013.06.12 15:27:07 | 000,010,020 | ---- | M] () MD5=3BB8966C4302BAB7B015A42792BDD688 -- C:\Users\HEF01\Documents\Websites\bmi25\www\services.htm
[2012.12.25 22:33:40 | 000,010,717 | ---- | M] () MD5=79C8C4D401F745689667453C4FE25745 -- C:\Users\HEF01\AppData\Local\VirtualStore\Program Files\1blu\1blu HomepageBuilder 2\onlineshop\services.htm
[2012.12.25 23:12:42 | 000,010,616 | ---- | M] () MD5=BD5449F06D2270FC459035DC9F1F84B8 -- C:\Users\HEF01\AppData\Local\VirtualStore\Program Files\1blu\homepage\services.htm

< MD5 for: SERVICES.HTML >
[1999.11.20 01:10:40 | 000,003,881 | ---- | M] () MD5=70AF558BFB9814F4C27BDEA2BECE06D7 -- C:\Users\HEF01\Documents\Websites\E DPC1\MG Dateien\MGF Dateien alt\MGF Platte\MGF-Web\Projects\bender\www.mgbspares.com\Services.html
[1999.08.10 05:49:52 | 000,006,829 | ---- | M] () MD5=7860035843CD461C946A1FC169337B33 -- C:\Users\HEF01\Documents\Websites\E DPC1\MG Dateien\MGF Dateien alt\MGF Platte\MGF-Web\Projects\bastian\www.mgcars.org.uk\mgcc\services.html
[1999.11.02 00:03:44 | 000,006,829 | ---- | M] () MD5=7860035843CD461C946A1FC169337B33 -- C:\Users\HEF01\Documents\Websites\E DPC1\MG Dateien\MGF Dateien alt\MGF Platte\MGF-Web\Projects\MGCC UK\www.mgcars.org.uk\mgcc\services.html

< MD5 for: SERVICES.JSP >
[2009.04.17 17:10:45 | 000,003,347 | ---- | M] () MD5=F6BC4DD21FC354287A1B1485CA13BDB5 -- C:\Users\HEF01\Documents\Websites\E DPC1\2005_10_EPC\System\Tomcat\server\webapps\admin\service\services.jsp
[2003.04.28 20:29:41 | 000,003,347 | ---- | M] () MD5=F6BC4DD21FC354287A1B1485CA13BDB5 -- C:\Users\HEF01\Documents\Websites\E DPC1\2005_EPC\System\Tomcat\server\webapps\admin\service\services.jsp

< MD5 for: SERVICES.LNK >
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010.01.05 07:00:29 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\System32\de-DE\services.msc
[2010.01.05 07:00:29 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.RDB >
[2012.08.13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012.08.13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012.08.10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SERVICES.SBS >
[2011.03.01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011.03.01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs
[2008.06.02 14:25:44 | 000,063,501 | ---- | M] () MD5=A6D9C8B376ED8833763A935D56514AC0 -- C:\Program Files\SDistTest\includes\Services.sbs

< MD5 for: SERVICES.SBS-20110301.CAB >
[2013.05.30 01:56:26 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab

< MD5 for: WINLOGON.ADML >
[2010.01.05 07:00:47 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\PolicyDefinitions\de-DE\WinLogon.adml
[2010.01.05 07:00:47 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ebe991b24f578375\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009.06.10 23:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009.06.10 23:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010.01.05 07:00:29 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6D27EDFB15F475065FC18EB7CFCDB683 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_21de11b5768bfbe6\winlogon.exe.mui
[2010.11.20 14:01:15 | 000,026,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\de-DE\winlogon.exe.mui
[2010.11.20 14:01:15 | 000,026,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_de-de_240f257d737a7f80\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2010.01.05 07:00:30 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\System32\wbem\de-DE\winlogon.mfl
[2010.01.05 07:00:30 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7fa0638091c4557b\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009.07.13 22:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009.07.13 22:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013.05.30 12:35:55 | 000,013,864 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013.05.30 12:38:04 | 000,000,370 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010.11.20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009.07.21 08:20:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013.07.02 03:00:40 | 000,045,060 | ---- | M] () -- C:\ComboFix.txt
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013.05.06 18:13:26 | 000,000,136 | ---- | M] () -- C:\GPEapSim.log
[2013.07.02 02:33:11 | 2406,219,776 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2013.02.20 22:56:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002.01.05 04:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002.01.05 04:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2012.09.12 21:11:16 | 000,006,594 | ---- | M] () -- C:\MPMSetup.log
[2013.02.20 22:56:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002.01.05 03:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
[2002.01.05 03:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2009.10.22 18:35:30 | 000,000,618 | ---- | M] () -- C:\NetworkCfg.xml
[2013.07.02 02:33:10 | 3208,294,400 | -HS- | M] () -- C:\pagefile.sys
[2011.09.08 11:53:15 | 000,000,207 | ---- | M] () -- C:\setup.log
[2012.12.30 19:54:55 | 000,000,024 | ---- | M] () -- C:\SISHashTodo
[2012.12.30 19:54:55 | 000,002,440 | ---- | M] () -- C:\SISTodo
[2013.07.01 22:45:52 | 000,174,712 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_01.07.2013_21.50.38_log.txt
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011.04.13 16:04:52 | 000,004,201 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2009.07.14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012.09.12 16:57:44 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2012.11.07 13:37:25 | 000,001,686 | -HS- | M] () -- C:\Users\HEF01\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Datentr„ger in Laufwerk C: ist Windows7_OS
Volumeseriennummer: 16C0-7A55
Verzeichnis von C:\
14.07.2009 06:53 <VERBINDUNG> Documents and Settings [C:\Users]
28.10.2010 14:58 <VERBINDUNG> Dokumente und Einstellungen [C:\Users]
28.10.2010 14:58 <VERBINDUNG> Programme [C:\Program Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files
28.10.2010 14:58 <VERBINDUNG> Gemeinsame Dateien [C:\Program Files\Common Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files\Windows NT
28.10.2010 14:58 <VERBINDUNG> Zubeh”r [C:\Program Files\Windows NT\Accessories]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Desktop [C:\Users\Public\Desktop]
14.07.2009 06:53 <VERBINDUNG> Documents [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Dokumente [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Favorites [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
28.10.2010 14:58 <VERBINDUNG> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 06:53 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates]
28.10.2010 14:58 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
28.10.2010 14:58 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPG-Fibu
28.02.2013 13:11 <VERBINDUNG> SPG-Fibu Anleitungen [\??\c:\spg\spg-fibu\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPG-Verein
16.06.2012 11:37 <VERBINDUNG> SPG-Verein Anleitungen [\??\C:\Users\HEF01\Documents\BVSG\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users
14.07.2009 06:53 <SYMLINKD> All Users [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Default User [C:\Users\Default]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\ProgramData]
14.07.2009 06:53 <VERBINDUNG> Desktop [C:\Users\Public\Desktop]
14.07.2009 06:53 <VERBINDUNG> Documents [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Dokumente [C:\Users\Public\Documents]
28.10.2010 14:58 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Favorites [C:\Users\Public\Favorites]
14.07.2009 06:53 <VERBINDUNG> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
28.10.2010 14:58 <VERBINDUNG> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 06:53 <VERBINDUNG> Templates [C:\ProgramData\Microsoft\Windows\Templates]
28.10.2010 14:58 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu
28.10.2010 14:58 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SPG-Fibu
28.02.2013 13:11 <VERBINDUNG> SPG-Fibu Anleitungen [\??\c:\spg\spg-fibu\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SPG-Verein
16.06.2012 11:37 <VERBINDUNG> SPG-Verein Anleitungen [\??\C:\Users\HEF01\Documents\BVSG\doku]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Roaming]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Roaming]
28.10.2010 14:58 <VERBINDUNG> Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
28.10.2010 14:58 <VERBINDUNG> Eigene Dateien [C:\Users\Default\Documents]
14.07.2009 06:53 <VERBINDUNG> Local Settings [C:\Users\Default\AppData\Local]
28.10.2010 14:58 <VERBINDUNG> Lokale Einstellungen [C:\Users\Default\AppData\Local]
14.07.2009 06:53 <VERBINDUNG> My Documents [C:\Users\Default\Documents]
14.07.2009 06:53 <VERBINDUNG> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
28.10.2010 14:58 <VERBINDUNG> Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009 06:53 <VERBINDUNG> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009 06:53 <VERBINDUNG> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009 06:53 <VERBINDUNG> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009 06:53 <VERBINDUNG> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
28.10.2010 14:58 <VERBINDUNG> Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009 06:53 <VERBINDUNG> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
28.10.2010 14:58 <VERBINDUNG> Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Local
28.10.2010 14:58 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Local]
14.07.2009 06:53 <VERBINDUNG> Application Data [C:\Users\Default\AppData\Local]
14.07.2009 06:53 <VERBINDUNG> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009 06:53 <VERBINDUNG> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
28.10.2010 14:58 <VERBINDUNG> Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
28.10.2010 14:58 <VERBINDUNG> Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\Documents
28.10.2010 14:58 <VERBINDUNG> Eigene Bilder [C:\Users\Default\Pictures]
28.10.2010 14:58 <VERBINDUNG> Eigene Musik [C:\Users\Default\Music]
28.10.2010 14:58 <VERBINDUNG> Eigene Videos [C:\Users\Default\Videos]
14.07.2009 06:53 <VERBINDUNG> My Music [C:\Users\Default\Music]
14.07.2009 06:53 <VERBINDUNG> My Pictures [C:\Users\Default\Pictures]
14.07.2009 06:53 <VERBINDUNG> My Videos [C:\Users\Default\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01
07.04.2011 17:04 <VERBINDUNG> Anwendungsdaten [C:\Users\HEF01\AppData\Roaming]
07.04.2011 17:04 <VERBINDUNG> Cookies [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Cookies]
07.04.2011 17:04 <VERBINDUNG> Druckumgebung [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07.04.2011 17:04 <VERBINDUNG> Eigene Dateien [C:\Users\HEF01\Documents]
07.04.2011 17:04 <VERBINDUNG> Lokale Einstellungen [C:\Users\HEF01\AppData\Local]
07.04.2011 17:04 <VERBINDUNG> Netzwerkumgebung [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07.04.2011 17:04 <VERBINDUNG> Recent [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Recent]
07.04.2011 17:04 <VERBINDUNG> SendTo [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\SendTo]
07.04.2011 17:04 <VERBINDUNG> Startmen [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu]
07.04.2011 17:04 <VERBINDUNG> Vorlagen [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01\AppData\Local
07.04.2011 17:04 <VERBINDUNG> Anwendungsdaten [C:\Users\HEF01\AppData\Local]
07.04.2011 17:04 <VERBINDUNG> Temporary Internet Files [C:\Users\HEF01\AppData\Local\Microsoft\Windows\Temporary Internet Files]
07.04.2011 17:04 <VERBINDUNG> Verlauf [C:\Users\HEF01\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu
07.04.2011 17:04 <VERBINDUNG> Programme [C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\HEF01\Documents
07.04.2011 17:04 <VERBINDUNG> Eigene Bilder [C:\Users\HEF01\Pictures]
07.04.2011 17:04 <VERBINDUNG> Eigene Musik [C:\Users\HEF01\Music]
07.04.2011 17:04 <VERBINDUNG> Eigene Videos [C:\Users\HEF01\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Public\Documents
28.10.2010 14:58 <VERBINDUNG> Eigene Bilder [C:\Users\Public\Pictures]
28.10.2010 14:58 <VERBINDUNG> Eigene Musik [C:\Users\Public\Music]
28.10.2010 14:58 <VERBINDUNG> Eigene Videos [C:\Users\Public\Videos]
14.07.2009 06:53 <VERBINDUNG> My Music [C:\Users\Public\Music]
14.07.2009 06:53 <VERBINDUNG> My Pictures [C:\Users\Public\Pictures]
14.07.2009 06:53 <VERBINDUNG> My Videos [C:\Users\Public\Videos]
0 Datei(en), 0 Bytes
Anzahl der angezeigten Dateien:
0 Datei(en), 0 Bytes
86 Verzeichnis(se), 443.905.892.352 Bytes frei

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011.04.09 23:42:25 | 000,000,221 | -HS- | M] () -- C:\Users\HEF01\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013.05.30 13:51:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HEF01\Desktop\OTL.exe
[2013.02.12 18:14:45 | 001,239,976 | ---- | M] (Microsoft Corporation) -- C:\Users\HEF01\Desktop\wlsetup-web.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2011.12.19 03:04:46 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-07-02 09:06:52

< End of report >

**oldman960** · 2013-07-03, 11:36

Hi Benutzer,

Are you still getting the qvo6.com?

No you didn't do anything wrong. OTL only produces an Extra.txt the first time it's ran.

This should get us a new Extra.txt

Please open OTL.

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)
In the Extra Registry section check All
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, Extra.Txt. Please post this log.

**Benutzer** · 2013-07-03, 15:36

Hi Oldman960,

yes, it's stil there. On start of IE and also when starting Firefox a tab gets added with that.
Also, beside of the slowish system I realised a problem with the standard windos explorer. No idea whether it's related to that malware problem.
On mouse right button click to any folder in the explorer left window the Explorer frequently stalls and crashes instead of opening the context menu.
However after own research i read that such problem happend to other user recently when playing with cloud drives. So may have nothing to do with the qvo6.com malware.

Anyway, this is the EXTRA.txt
-----------------------------
OTL Extras logfile created on: 03.07.2013 15:09:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HEF01\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 29,98% Memory free
5,97 Gb Paging File | 3,02 Gb Available in Paging File | 50,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 687,71 Gb Total Space | 413,12 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 9,76 Gb Total Space | 2,99 Gb Free Space | 30,68% Space Free | Partition Type: NTFS

Computer Name: HEF01-THINK | User Name: HEF01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB7519-0DB5-4313-963D-73A6CB27DC79}" = lport=2066 | protocol=17 | dir=in | name=avm usb udp |
"{01FF9E49-C746-4526-8B37-CE7AAB6A17C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{03016725-262E-4537-8813-AD22DE669E38}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{0D199F27-A546-4B68-8AD0-4B77181F4EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FA58806-4AB5-4542-A8DC-488486BCA39E}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{2430364D-39B7-4E38-9001-6F4DFF2700F8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{246DF8D8-9F42-4118-98E2-7984F33FCD22}" = lport=139 | protocol=6 | dir=in | app=system |
"{27E1461C-BD8D-47B8-AC53-E15EE14025A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2978456B-0EE2-4536-994E-0034F26A1890}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33D6DA5E-CDA8-432D-853E-610402310A10}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{34C2BDEB-475D-4CCF-8357-F5A7C6B4C98A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{398C43FA-DAAA-453A-A78C-AC05ED307414}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{3BD599A2-917C-453A-ACBB-EA36ACE4C8D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40354F74-5CB1-49BF-8148-4BAE73BB9E0C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{51C8D5E0-06D5-45F5-84DA-7F6200DEF2CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54198E8D-B9A2-4A4A-930A-B6F72044581D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6251C81F-BF7D-450A-A73D-CC76C1B3BD1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{63C155B0-75E5-4782-B691-9E1CF0C11360}" = rport=139 | protocol=6 | dir=out | app=system |
"{6AC51AE8-E506-4F50-900B-0720EC3FD631}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B5C09AA-04F4-4F2F-981D-05E82D30200C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{761C2B65-6CB9-4346-B56D-0E49832C3B71}" = rport=138 | protocol=17 | dir=out | app=system |
"{78630546-6E12-4DD3-842A-BB3615C9D9B5}" = lport=2066 | protocol=17 | dir=out | name=avm usb udp |
"{8C34E5AB-2DAA-4232-8D4E-D40BC2519701}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{8CB9CFC0-C255-4736-850C-A4B0D3B61DF3}" = lport=138 | protocol=17 | dir=in | app=system |
"{9238BFF6-5F92-4409-B155-FE66A45434C7}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{9C69F87F-04CD-4AF2-9E9E-DEC126A8284F}" = lport=2066 | protocol=6 | dir=in | name=avm usb tcp |
"{AD5A41B3-2628-4B31-8238-9A515E1CDBA4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AE185C65-1922-4808-B90A-1BAF3759D7D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B206E53D-E54B-48FA-A885-805E43BC2832}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B326A6A0-C0BE-45A4-A348-4FBE4F1AC349}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C0530A6E-9EB4-4B64-BAA9-681A18A51B52}" = lport=445 | protocol=6 | dir=in | app=system |
"{C34805C5-3034-4AED-AF19-1ADC63E6DC7B}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{C3813A94-6C06-4696-A82A-59115490A9CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCA24F95-8139-4FB9-BB59-1C54BDAD8F6F}" = rport=445 | protocol=6 | dir=out | app=system |
"{CCC82C09-1FDD-404C-9673-8BD160FB8991}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CEE30EFA-A288-4072-BAFA-3D25B687CA4C}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0D13103-596C-4824-80C8-E82E07268EF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB056A9D-749E-4B90-9E1C-FA3201BD13B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDEC54E6-4F73-4A19-808D-DFA142FDF804}" = lport=2066 | protocol=6 | dir=out | name=avm usb tcp |
"{E3E2EF2B-CB7A-4A46-B1AB-9259045C87D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC792370-31FA-4A22-95D6-801F3CD1BD3C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F516F422-20EE-4E60-A791-1262DF121B41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F757A666-DED2-478E-B622-249A90D76437}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FFC1BE5E-2714-4903-B005-E6C9C91B4503}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003CFDA7-5A7B-412A-8A38-933E2A96A2C9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{09D6E061-E0D4-440B-9348-F53689B2D16D}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{0A1EF171-365D-4517-9811-EBBDD48B9A63}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{179C4065-CFDF-4DC2-9A56-E31F2E189767}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{19E5CABF-61B7-412B-A950-52D3E67B5A52}" = dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{1B630084-9A49-47E2-9A4A-DD0F39A0FA6C}" = protocol=17 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"{1E06A745-2C3C-413C-83C0-7DD9BB05674C}" = protocol=17 | dir=in | app=c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{1E229250-95F4-460E-BB08-3C6B1EE6A645}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{235261BA-C195-445A-8BCF-B3883A621F8D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{24A286BB-F466-4B32-A86E-6A9C1A003E6C}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{26B27D35-51CB-4350-961F-408A306B9926}" = protocol=6 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"{2933FCD4-7CDF-4098-B388-F16E9614D6E7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A89E51C-5BE7-4AEB-B47D-99D3605EAEAB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C287D44-63A5-4AA0-A412-4C6E8843FAAB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{307B62BA-67B5-46F5-A85C-BCBDFAC1F8CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31C98B4F-299F-4E33-AAB3-086A72CD032A}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"{31FF00D3-67FB-4308-915A-701609D57418}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{345598EF-7AC4-4BBF-974B-2F3687E9A0F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{357E0DC9-B0B2-4E71-A789-F58B4FCA1A6C}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{3F53D034-AD0B-439E-BFC4-35D2DFEA17C3}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{457E2D43-0342-4234-B821-694254F5E41F}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{4A4B0D16-67DC-47B3-9D0E-D6738524732E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E66E75F-BD7B-421E-A918-37E15947A47A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{5223F2DB-F862-4FF1-9F50-A03AF93DE75F}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe |
"{557D1116-57B8-4FEA-944D-440D1DD5F366}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{56436A71-2CFF-445D-B68B-B59D560BC4CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5727900D-0E1E-41C0-9158-BE4178DA528B}" = protocol=6 | dir=out | app=system |
"{59D0D5B2-9906-428C-8315-781DAE033F1C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5CD03436-6EF3-4317-8695-6AEF6D01B6D7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{5F745E20-D76B-4966-A751-B6A72D53F981}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"{6F405D51-AD9F-4001-96C9-06F4D091CD8E}" = protocol=6 | dir=in | app=c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{7E3CBC28-D85D-4FD8-98DC-5A7F5EDFBE87}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83A05E8C-F2EC-4162-B9F6-07979D6A782B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{857D4947-6BD4-49FB-9BF5-C2580DC6E577}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{88238FC5-482D-41B5-B298-B88D7D5B47BA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88A608BC-CFB6-4D4A-B30E-E5F085CD572E}" = dir=in | app=c:\users\hef01\appdata\local\microsoft\skydrive\skydrive.exe |
"{8BF1D549-D644-4300-97C0-D6CD9EAE09E2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C3AB7CC-B69F-4371-A15A-E169B6AC0CD9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{904C84F4-866F-442B-A048-212C2C71EEDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9488452D-783B-4291-AADE-829B3175DA67}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97DE165E-9543-407B-9015-CD4FC5D73713}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{9FEDF310-23E8-4128-9687-62AEEB134E17}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A039BD49-B1DA-40F4-A6BF-95C970F0EA43}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{A74D8F6F-E0FC-4FDF-AF67-5C2EEBB20F36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A83AC840-148A-4ECC-989D-1178549D8ACD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD6895C0-6232-4602-A4A8-2F6982C691A2}" = dir=in | app=%systemdrive%\programme\avira\antivir desktop\avnotify.exe |
"{AEF378C5-9889-4BBA-A699-8F83D01D9DE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF552B4A-D978-48B0-BB57-CD5F25977DF0}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.09\allshareframeworkdms.exe |
"{B22CAE23-1216-4408-81A4-C84DAFA712C1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B5016C59-488F-4731-BFDE-6FA4870998A9}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{C03D795E-7418-4ED9-876B-551714B59045}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C3941E18-646C-4C4A-9D19-F505419F01F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7AD9810-CC7B-49A6-92F7-8BD5072B4BD7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8811641-1430-4FE6-91C5-09CEC37A3B0F}" = protocol=17 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"{D0C231A4-0F58-477D-8C24-009900E6532F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7D23882-8046-4E98-B1AA-D7EB3A4F8540}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D802A799-7D10-4C68-BE03-2AABB27BE155}" = protocol=6 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"{D87E9DF9-671E-47FA-BEA9-956D3B31812C}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |
"{DB7CFFF9-B8D1-4422-9DE4-4FC0D2107CFE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF04E5AF-AE67-4750-9E7A-B58F93E64C4C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{E3636088-ADCE-45E2-BBD8-9E783A9C114B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E525007B-EDD1-46CE-B2C5-7EE95DF7416F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F14306AC-E0A2-4707-8A83-8B1897FEA279}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2B12DCC-981D-470D-A3D7-D75A309D6747}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{F372DF75-9748-4F05-B243-09CD6A48FC26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F56519F0-C7C3-407C-9633-3F6CD3C4E864}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6EB3C7F-99D8-43DF-BB3F-46839EBFC752}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |
"{FF5B94CD-A078-4807-84C4-2D41BA0B1D43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{16BC7813-DAD1-4358-A858-812772248D98}C:\program files\network tool for clients\kmcl.exe" = protocol=6 | dir=in | app=c:\program files\network tool for clients\kmcl.exe |
"TCP Query User{1BC521ED-983C-4DDF-B2D3-E93B22DAE05A}C:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe |
"TCP Query User{2B787D69-512D-4F27-8073-58282E57ED31}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=6 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"TCP Query User{389BD4DA-4D81-4B0D-AFE3-E64AC6B10ABC}C:\program files\philips\mediamanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files\philips\mediamanager\twonkymanager.exe |
"TCP Query User{3916AD10-6EB1-4780-8349-579CAE2A3B54}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"TCP Query User{4A20D853-4C26-482D-B183-9B02D356B4A9}C:\program files\network print monitor\kmnv.exe" = protocol=6 | dir=in | app=c:\program files\network print monitor\kmnv.exe |
"TCP Query User{5D9CB152-C468-4A5F-8E9A-EAEE1DF0A4D9}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{64036234-B5DA-4B26-9A1A-0F85DA010A75}C:\program files\philips\mediamanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files\philips\mediamanager\twonkyrenderer.exe |
"TCP Query User{6D3C4C52-9850-4C44-BBC9-E43B9E39F3A2}C:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe" = protocol=6 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"TCP Query User{6F11BF42-D797-4E10-A979-6FD8D108A006}C:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe" = protocol=6 | dir=in | app=c:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe |
"TCP Query User{7082CB21-F94F-4EA4-8EF9-91229F784D1F}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"TCP Query User{712ED90A-CA57-40F3-9B88-CFEE21CB1C1C}C:\namo\webeditor 9\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"TCP Query User{9468DD01-79F6-46D8-A2CB-D48590180339}C:\program files\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files\calibre2\calibre.exe |
"TCP Query User{99D218F3-31E1-47CE-8AAC-D1330135D143}C:\program files\ip camera wizard\ipcamwizard.exe" = protocol=6 | dir=in | app=c:\program files\ip camera wizard\ipcamwizard.exe |
"TCP Query User{A3F3CAC1-C15C-4939-978D-1D0988F84EE5}C:\program files\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\vlc\vlc.exe |
"TCP Query User{AE91AB72-A052-43A0-AD76-60CEA8AC25B5}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{B303AEAF-D7E1-40FD-9FE5-0E5E742CA9AE}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C2A75905-6670-4BEF-B8B6-B494787B2079}C:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe" = protocol=6 | dir=in | app=c:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe |
"TCP Query User{C97B3089-8241-482F-B554-F8FB48AAB07A}C:\program files\network camera\camera setup\camerasetup.exe" = protocol=6 | dir=in | app=c:\program files\network camera\camera setup\camerasetup.exe |
"TCP Query User{CB8A781E-CB0D-4039-91A9-3787E2FFABB9}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=6 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"TCP Query User{CB96C31C-3771-418C-AD8F-F97B9C6B0CB5}C:\users\hef01\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\client\googleearth.exe |
"TCP Query User{EFAC3726-2AB8-4EB1-B627-173D2E5D25E7}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{02BAAB1C-9392-4D88-8078-CCD20572DDC5}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=17 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"UDP Query User{06EA58E3-9ADF-4B1C-9235-01E1710EB27B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{0B2519DA-F3CD-4AF6-A2E3-EC0D08DCC691}C:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe" = protocol=17 | dir=in | app=c:\users\hef01\desktop\myphoneexplorer portable\myphoneexplorer portable.exe |
"UDP Query User{246CB6F6-D439-4419-AC69-9F5006937C92}C:\program files\wertpapieranalyse 2012\wm60.exe" = protocol=17 | dir=in | app=c:\program files\wertpapieranalyse 2012\wm60.exe |
"UDP Query User{24E27523-EEF7-4CE8-930D-F675223D8FE7}C:\namo\webeditor 9\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\namo\webeditor 9\bin\webeditor.exe |
"UDP Query User{576485F8-906D-4AEE-B583-D0CC04756758}C:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe" = protocol=17 | dir=in | app=c:\program files\simonsvoss\locksysmgr_basic_3_1_demo\locksysgui.exe |
"UDP Query User{5EAA05E0-E1BC-4A42-958B-7C51C2FFF3CC}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"UDP Query User{6297DEBE-0597-4696-A1F0-54468DE8E04F}C:\program files\network print monitor\kmnv.exe" = protocol=17 | dir=in | app=c:\program files\network print monitor\kmnv.exe |
"UDP Query User{683DC679-CDE3-498C-AB41-D68A720B1314}C:\program files\philips\mediamanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files\philips\mediamanager\twonkymanager.exe |
"UDP Query User{68948812-6B0D-4C7B-963D-48DB74DAB489}C:\users\hef01\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\client\googleearth.exe |
"UDP Query User{6AD1951A-4D9E-49A1-ACC4-C5B5E44CF775}C:\program files\network camera\camera setup\camerasetup.exe" = protocol=17 | dir=in | app=c:\program files\network camera\camera setup\camerasetup.exe |
"UDP Query User{75838355-5E93-409C-BB00-50B829BD2B2B}C:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\google\google earth\plugin\geplugin.exe |
"UDP Query User{8E5094FD-3D26-47B7-A7DC-7341C517CD1A}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{8FDE0FBC-EBE8-4352-AC73-33D434D5B638}C:\program files\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files\calibre2\calibre.exe |
"UDP Query User{9C2B3750-7E6B-49E6-87DB-5E564C3FA18B}C:\users\hef01\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\hef01\appdata\local\akamai\netsession_win.exe |
"UDP Query User{9FA01F33-9A20-4BA1-BEF1-18F626B13DA8}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{A065A9D7-2B77-4285-8BD8-9150028CE14D}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{BB1BD170-53D7-4B5C-BD13-2D44FFE371A5}C:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe" = protocol=17 | dir=in | app=c:\program files\smart network utilities\printserver-nettool\printserver-nettool.exe |
"UDP Query User{D9DE3A35-B271-4E91-A80A-F4C6DFA31B9C}C:\program files\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\vlc\vlc.exe |
"UDP Query User{DB59C9C7-100D-4C24-BE8A-D8C306855FE6}C:\program files\philips\mediamanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files\philips\mediamanager\twonkyrenderer.exe |
"UDP Query User{F6FD8474-716E-4AE3-99D7-89010FC330AD}C:\program files\network tool for clients\kmcl.exe" = protocol=17 | dir=in | app=c:\program files\network tool for clients\kmcl.exe |
"UDP Query User{FE7DD497-703B-49D5-8C6F-2041A39C2293}C:\program files\ip camera wizard\ipcamwizard.exe" = protocol=17 | dir=in | app=c:\program files\ip camera wizard\ipcamwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1" = Advanced Fix 2013 version 2.0.1.106
"{0194272E-B903-4098-9AF5-CF6D0ACF11E3}" = MGF-TF Workshop Companion
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{05DB19DE-A540-4CF8-B262-BFAADE53CE75}" = DTAUSmacher
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{10E931A1-471D-46C6-AEFE-98E2BD6FC00C}" = AllShare Framework DMS
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15C58B72-77EA-4ACE-B70C-A843A79FE8D9}" = SimonsVoss Locking System Management Basic 3.1 Demo
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{18815D2C-C62D-4066-94F3-55966581D2A5}" = FormsForWeb® Filler 3.2.3
"{1911BF50-9660-4D1F-B6AF-FBE3F45399BF}" = NoDupe 32-bit (v1.17.0.3)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1C3147A7-4810-45FC-AD89-064D8023A514}" = SEPA Account Converter
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{223766BE-E834-47AF-B002-0BAC11A37812}" = Wertpapieranalyse 2012
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23374ABE-C542-44F1-84B6-2381D0E6E2CE}" = Camera Setup
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2C75A885-9B73-4BC4-BB4E-974CDBB37F3C}_is1" = GLS Vereinsmeister 6.1
"{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken 2012
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{341A5362-88DB-484B-97A6-A57F535074CA}_is1" = Spybot-S&D Distributed Testing Client
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3F873E63-1CA5-4bdb-A8C7-D97012496DE3}" = Canon MF6500-Serie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{450CFD4D-7E60-3839-D0FA-56DB08675447}" = dLAN Cockpit
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = Digital Trends Club
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66633466-960F-4D50-BAFB-E29071B7A4C7}" = DDBAC
"{666C9123-1AEC-446F-8AA8-28256B1953D4}" = Qualcomm Gobi 2000 Package for Lenovo
"{6738D11F-DF64-445B-80A4-B6B32F297059}" = SPG-Verein 3.0
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{6DDD47AF-FE8C-4C89-86DE-56DFDA4367E3}" = SPG-Fibu 1.6
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{783FBB59-D099-4F38-A1B2-B7375FE28FD5}" = Lenovo SimpleTap
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FC74607-ED6E-49C3-87FA-56B50A2EE158}" = Quicken Import Export Server 2012
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8890396E-9E1B-4F8E-B465-5918B41CEEE9}" = AVM FRITZ!Fernzugang
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{90F00673-A276-4A58-B675-B426D39D1E09}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{9202762E-4B4C-48C9-A6CC-C27F9F85190A}" = Mobile Broadband Connect
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{99444C2A-C635-49C0-8659-AA23C83CC1CB}" = Network Tool for Clients
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9F72572C-CC6E-49A4-95ED-34CA0EDAB560}" = Network Print Monitor
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AD32F5E9-6BDD-480A-8B7B-95571D04691C}" = Lenovo Patch Utility
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.00
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B77395EA-AECD-4AD7-B9AE-FCDE5A93DC07}_is1" = IP Camera Wizard 1.0.0.27
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3312B77-9A4E-4359-AB7C-062341ABE141}" = Fresco Logic USB3.0 Host Controller
"{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = MobiLink3
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.48
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C470A6E7-F425-43B6-BA31-4CCBB2F55F84}" = portier Vision 3.20.003
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C908A5AC-4F61-4B9A-8A51-48B5696C53B1}" = Lexware online banking
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D96E0205-77DF-414C-A3DC-D8B25090A2A0}" = TSObjektkey 2008
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DEDF9B07-5628-4CA0-96BD-8B3AAD553292}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E4F6C5BD-023B-4352-9C1C-7851F5A3AE82}" = Namo WebEditor 9
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi-Software
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFADD989-D9F2-49F6-A280-675951CC78D3}" = FRITZ!Box-Fernzugang einrichten
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F58DA859-016E-492D-A588-317D9BB28002}" = ThinkVantage Fingerprint Software
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBD3DDF9-38BD-4BBC-A135-A5F0DD7BA634}" = Deutsche Post Einlieferungslisten
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"098EBB26BF07167AB12D1575EC24F883F9435E59" = Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022)
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows-Treiberpaket - Intel System (10/28/2009 9.1.1.1022)
"7-Zip" = 7-Zip 4.65
"8474-7877-9059-0204" = Samsung Link 1.5.0.1305092012
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows-Treiberpaket - Intel USB (08/20/2009 9.1.1.1020)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDeX Key-Organizer 2013-02-20 20.30.11" = AIDeX Key-Organizer (Installation 20.02.2013)
"Anti-Twin 2012-11-14 22.56.34" = Anti-Twin (Installation 14.11.2012)
"Avira AntiVir Desktop" = Avira Free Antivirus
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Bagusoft Password Safe" = Bagusoft Password Safe
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"Chipcardmaster_is1" = Chipcardmaster 7.05
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"D2A522092C620419920616ACED9411B982912F1B" = Windows-Treiberpaket - Intel (e1kexpress) Net (12/01/2009 11.5.7.0)
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7
"doPDF 7 printer_is1" = doPDF 7.2 printer
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002)
"EaseUS Todo Backup Free 5.6_is1" = EaseUS Todo Backup Free 5.6
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"ERUNT_is1" = ERUNT 1.1j
"FBDBServer_2_0_is1" = Firebird 2.0.0
"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"FreeFileSync" = FreeFileSync 5.10
"GIMP-2_is1" = GIMP 2.8.4
"GLS Vereinsmeister" = GLS Vereinsmeister
"GLS Vereinsmeister Toolbox" = GLS Vereinsmeister Toolbox
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"ImgBurn" = ImgBurn
"INnDTAPro4.5.1" = INnDTAPro
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 Lenovo Edition
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{99444C2A-C635-49C0-8659-AA23C83CC1CB}" = Network Tool for Clients
"InstallShield_{9F72572C-CC6E-49A4-95ED-34CA0EDAB560}" = Network Print Monitor
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"IrfanView" = IrfanView (remove only)
"ITN Converter_is1" = ITN Converter 1.82
"JPG/JPEG Photo Converter_is1" = JPG/JPEG Photo Converter version 1.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MediaCoder" = MediaCoder 0.7.1.4496
"MediaManager" = MediaManager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MobiLink3" = MobiLink3
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Netnotep_is1" = Network Notepad 4.6.9
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"o2DE" = Mobile Connection Manager
"OnScreenDisplay" = Anzeige am Bildschirm
"PcCloneEX" = PcCloneEX
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PDF To Excel Converter_is1" = PDF To Excel Converter V2.0
"Picasa 3" = Picasa 3
"POIbase_is1" = POIbase 1.051
"PoiEdit" = PoiEdit
"Power Management Driver" = Lenovo Power Management Driver
"PRINTSERVER-NetTool" = PRINTSERVER-NetTool 1.8.43
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"RarZilla Free Unrar" = RarZilla Free Unrar
"Ravensburger tiptoi" = Ravensburger tiptoi
"SDEPRO20_is1" = SDExplorer 3.1
"SIZCHIP-Plugin-Mozilla-20" = S-Chip-Add-On 2.0.2.1 NPAPI
"SonyEditor" = SonyEditor (remove only)
"SugarSync" = SugarSync
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"UTAX TA Product Library" = UTAX TA Product Library
"VLC media player" = VLC media player 2.0.6
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.47-11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Wireshark" = Wireshark 1.8.2 (32-bit)
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"MGF-TF Workshop Companion" = MGF-TF Workshop Companion
"MyFreeCodec" = MyFreeCodec
"pdfsam" = pdfsam
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Virtual Globe." = Virtual Globe.

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02.07.2013 09:30:47 | Computer Name = HEF01-THINK | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lucom\FormsForWeb\Filler3.2.3\xerces-c_2_8.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lucom\FormsForWeb\Filler3.2.3\xerces-c_2_8.dll.Manifest"
in Zeile 6. Ungültige XML-Syntax.

Error - 03.07.2013 05:21:11 | Computer Name = HEF01-THINK | Source = AllShare Framework DMS | ID = 131073
Description =

Error - 03.07.2013 05:21:11 | Computer Name = HEF01-THINK | Source = AllShare Framework DMS | ID = 131073
Description =

Error - 03.07.2013 05:22:59 | Computer Name = HEF01-THINK | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 03.07.2013 07:07:52 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18103,
Zeitstempel: 0x512d91aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x25ac Startzeit der fehlerhaften Anwendung: 0x01ce77cf540586e8 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
cd6dbd13-e3d0-11e2-b795-70f39544e4bf

Error - 03.07.2013 07:08:00 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc015000f Fehleroffset: 0x00083fbe ID des fehlerhaften
Prozesses: 0x25ac Startzeit der fehlerhaften Anwendung: 0x01ce77cf540586e8 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
d2164e7d-e3d0-11e2-b795-70f39544e4bf

Error - 03.07.2013 07:08:20 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18103,
Zeitstempel: 0x512d91aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x295c Startzeit der fehlerhaften Anwendung: 0x01ce77dd9ae7441c Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
de2180c3-e3d0-11e2-b795-70f39544e4bf

Error - 03.07.2013 07:17:02 | Computer Name = HEF01-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18103,
Zeitstempel: 0x512d91aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x2fa0 Startzeit der fehlerhaften Anwendung: 0x01ce77ddb69769d2 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
154f768d-e3d2-11e2-b795-70f39544e4bf

Error - 03.07.2013 09:07:00 | Computer Name = HEF01-THINK | Source = MatSvc | ID = 262147
Description = Webdienstfehler im MATS-Dienst. hr=0xC004F020

Error - 03.07.2013 09:07:00 | Computer Name = HEF01-THINK | Source = MatSvc | ID = 262149
Description = Ein Teil der hochgeladenen Daten wurde vom Server zurückgewiesen.
hr=0xC004F020

[ System Events ]
Error - 02.07.2013 15:06:51 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Lenovo.VIRTSCRLSVC erreicht.

Error - 03.07.2013 05:22:03 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Spybot-S&D 2 Scanner Service erreicht.

Error - 03.07.2013 05:22:03 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 03.07.2013 05:23:22 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Live ID Sign-in Assistant erreicht.

Error - 03.07.2013 05:23:22 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 03.07.2013 05:23:52 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) PROSet/Wireless Zero Configuration Service erreicht.

Error - 03.07.2013 05:23:52 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde
aufgrund folgenden Fehlers nicht gestartet: %%1053

Error - 03.07.2013 05:24:17 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM

Error - 03.07.2013 05:25:11 | Computer Name = HEF01-THINK | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 03.07.2013 05:26:33 | Computer Name = HEF01-THINK | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

< End of report >

**Benutzer** · 2013-07-03, 16:42

Apology, I forgot to say, if you need any translation of the German language text in the logs, please let me know.

Additional I like to let you know the link that the malware produces as start page for IE and/or Firefox. Copied from the browser.

Code:

http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

**Benutzer** · 2013-07-03, 17:47

Me again to a piece of the code of the link that the malware produces.
WD7500BPKT-80PK4T0 as part of the suspicious start link .... I see, that is the type of my computers Western Digital hard disk !

**Benutzer** · 2013-07-03, 20:54

Hi,
as requested I did not change anything since we are in touch together on getting rid of this malware. But I tried some steps while waiting from first post in May until you offered the assistance here. May be the malware exe has been removed already, but the traces in reg.ini are stil active ?

I just had the idea to simply use MS-regedit and have a search for the string qvo6.
I found four entries (key names) as listed below with screenshots.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
qvo6_ie.JPG

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command

Code:

C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665

qvo6_ff.JPG

HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software\qvo6hp
qvo6_x.JPG

HKEY_USERS\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Internet Explorer\SearchScopes
qvo6_x1.JPG

I believe thats it ?
Can I kill these entries and how should I do it.

Looking forward to your further instructions.

**oldman960** · 2013-07-04, 19:44

Hi Benutzer ,

Sorry about the delay, I've been working some odd ball shifts the last couple of days.

We'll run a search first then remove or repair the registry items as needed. This may take a few minutes.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield
Do not copy the word CODE , please note the script starts with the :
Code:
```
:regfind
qvo6
qvo6*
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

**Benutzer** · 2013-07-04, 20:09

No worries, I can wait. Lucky having found someone who can help

here we go with the result
SystemLook 30.07.11 by jpshortstuff
Log created at 20:03 on 04/07/2013 by HEF01
Administrator - Elevation successful

========== regfind ==========

Searching for "qvo6"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="v9.com qvo6.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=wld&from=wld&uid=WDCXWD7500BPKT-80PK4T0_WD-WX11AA2N2946N2946&ts=1369336665"
[HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software\qvo6hp]
[HKEY_USERS\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="v9.com qvo6.com"

Searching for "qvo6*"
No data found.

-= EOF =-

**oldman960** · 2013-07-05, 04:29

Hi Benutzer ,

We'll take care of an old vulnerable version of java at the same time.

click Start > Control Panel. Under Programs click Uninstall a program and uninstall

Java(TM) 6 Update 35

Do not uninstall Java 7 Update 25

Next, Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

Code:

:services

:OTL
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"=-
[HKEY_USERS\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"=-

:Files
ipconfig /flushdns /c

:commands
[CreateRestorePoint]
[emptytemp]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the OTL fix log.

Reboot the computer. Try the internet, is qvo6 gone now?

Thread: browser hijacked qvo6.com malware

Thread Tools

Display

Posting Permissions