Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.02.2013, 09:47   #1
Phoenix_91
 
Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand - Standard

Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand



Wertes Helferteam,

Mein PC (Lenovo W520, Win7) startet sich seit gestern im Ruhezustand über Nacht von selbst und installiert irgendwelche "wichtigen Updates" von selbst, ohne dass ich irgendwas dazu beitrage. Angefangen hat das Ganze, als gestern nach dem unerwarteten Neustart plötzlich zwei Akkuanzeigen da waren. Daraufhin funktionierte die Taskleiste nicht mehr (rundes Zeichen wenn man mit der Maus drauffährt, Win7-Sanduhr). Wenn ich in der Systemsteuerung den lenovo-Akkumanager uninstallen beginne, kann ich wieder normal arbeiten, jedoch bleibt eine Akkuanzeige, welche unbrauchbar ist und auch nicht den aktuellen Ladestatus anzeigt, anwesend und die Deinstallation stoppt bei 94%.
Möglicherweise ist auch dies ein komisches Indiz: Mein Firefox hat schon seit längerem Probleme mit Flash-Videos und seit einigen Tagen stürzt er immer nach kurzen Arbeitszeiten ab bzw. der Grafiktreiber wird nach schwerwiegenden Problemen wiederhergestellt...

Ich benötige den Rechner aus lerntechnischen Gründen jedoch derzeit eher dringend, da ich gerade Prüfungsphase habe, weshalb ein Neuaufsetzten in den kommenden 4 Wochen nicht möglich ist.

Um Hilfe wäre echt höflich gebeten!!!

Grüße,
Georg

Alt 15.02.2013, 11:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand - Standard

Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 15.02.2013, 14:28   #3
Phoenix_91
 
Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand - Standard

Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand



Danke für die Antwort,

Im Anhang die Outputs, ich hoffe, das passt so!

Ok, vorher ist s nicht gegangen, vl klappts ja jetzt!



Code:
ATTFilter
OTL Extras logfile created on: 15.02.2013 13:58:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Soellinger Georg\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,07 Gb Available Physical Memory | 64,25% Memory free
15,78 Gb Paging File | 12,51 Gb Available in Paging File | 79,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443,10 Gb Total Space | 126,16 Gb Free Space | 28,47% Space Free | Partition Type: NTFS
Drive E: | 7,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 21,48 Gb Total Space | 14,09 Gb Free Space | 65,57% Space Free | Partition Type: NTFS
 
Computer Name: SOELLINGER | User Name: Soellinger Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0837B81F-42FC-4172-A2F3-F07D585EE4F2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0A623FD8-EC7E-42E6-90E2-F1C8A788A271}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0F697AAB-66C2-454D-BD19-6DAF2A14E73F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10577350-C99A-4AFD-8FEE-D3D36BE6C450}" = rport=445 | protocol=6 | dir=out | app=system | 
"{10CC98AF-84F2-40B5-A4E4-187375C95D32}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10EB6015-E9DB-432E-ADCF-684D900C1290}" = lport=139 | protocol=6 | dir=in | app=system | 
"{152FBBB6-3B70-4EB5-B845-63FEBD648ADA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{18DB2DD5-2169-459B-833C-2365DFEE57FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{28A02A4F-3532-4C7B-93A8-F4B2960A71B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2992B781-587F-41A4-BBE3-45CDDA51CC8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E03BFF7-1CD5-4414-8F42-F1973FE2C7C7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2F2B97F9-0DA6-4D71-BCC0-706CCD50210E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{337B624B-59B6-4081-ABE4-42FF1D16D803}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3ABA0C11-FFEB-426E-BAA9-418D999D6CEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D2A4C4B-A6CC-4C76-A4E1-38D7EFB05BDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{40B56691-21E9-4732-A862-BE5A0E7BE3DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4C3252B0-D641-4A13-9E50-94403DCD77D0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5DC17ABE-B31F-4670-8762-C9A5C7CB9C94}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{75A92D7C-2293-46A4-8A3E-EB182974253C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8146AEB6-4141-48F6-95AC-29D0D9F7FAE9}" = lport=5454 | protocol=6 | dir=in | name=x-rite device manager | 
"{817EB4AB-C35E-4FDF-99B0-CFCA9BC6F642}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{849CCB09-3CAD-433C-91A9-79C2B655EBB0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F5F85DF-6CB0-4155-B1EA-6996174C33EF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{917A3C79-D107-44FB-88D6-EC877752A68F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{97300C50-0896-4BA2-885F-7518C7C96F1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A940293-1BF7-4B0A-8A56-551C60876CEF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B2C8A5CF-6BFE-48B8-8A99-0C9B83B6FB05}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{D507BC81-88C0-4036-8771-268C4EEDD409}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4D3E6C5-A121-4E4A-8E95-317A1633FEC4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E5B51AC0-FC01-4A69-8CE3-F7671D0436DE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E8069FD6-ED1F-4121-824A-FD80D19543B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF5E7442-3D14-4F70-9AD8-B6BF20EC31DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1CD0A74-6620-4FF2-88B2-8E74F25C04E6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F5C8CA8E-D25F-4303-B9EF-0EF54C7DDEAB}" = lport=5454 | protocol=6 | dir=in | name=x-rite device manager | 
"{F733800A-91C8-4C2F-BDF0-3E429F5E8185}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F73CAE24-3F0F-46FC-A40E-F83545C999B3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F77C0AFF-574B-4C74-86D4-51F18E71E228}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052BFF69-6684-4DEC-A40E-1EFFCF8A6498}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{0B72EC43-A36E-465E-AF22-10A3C671C427}" = protocol=17 | dir=in | app=c:\users\soellinger georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0D20FC82-739E-4C54-B910-8BAAB0ECF66C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0D550C15-B0C1-4962-BA6F-2B46A85A78C6}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{0DA04203-9017-492A-BEA6-94FDF90F0CE7}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{0F1C81D2-ADEF-4DC7-A12D-F9A920C13AD3}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{138DE8C8-A669-4803-AE38-AB2A8A71B928}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1562D7CC-7FF2-495D-BAD1-6FE2552DE58C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{16ED5792-F6AD-4270-9FED-A9833C2FE401}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{18D7E817-B31F-4E42-92C5-A88DAE4686F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1B88993F-FC38-4F6F-AB4D-B14923480E3C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{1D7AA783-2EF0-4769-9850-4B06DE5CCCF1}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{21F0ABC4-6F22-40FC-8FC9-A23AF702EB53}" = protocol=17 | dir=in | app=h:\installed\installed_games\anno 1404\tools\diverses\firefoxportable\opera\operausb1200de\pluginwrapper\opera_plugin_wrapper.exe | 
"{23F9349E-35AA-4B43-AC72-E9FEBD673B34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{24278CD4-7F1C-4188-86C3-8BD65EA4AD5D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{2C956681-0523-49E0-9B2C-EAEBB4D832D2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{2DD682CE-0470-4DE2-A5D2-E9653B69F157}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E7F0A2A-9033-46E5-B995-93DCF7F298C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{56071298-945C-4020-9E6C-89E321E7CF2D}" = protocol=6 | dir=in | app=c:\users\soellinger georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{57E09BB4-66B3-42D5-8118-9989EF8ECD11}" = dir=in | app=c:\users\soellinger georg\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{62D7A21E-5C4D-44DA-9BFC-1F29B86441A0}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{6B953496-BAEC-4ABE-B4CB-C71FBBC8DD25}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{6FC45162-C06B-4F01-8C92-D5852478A989}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{71991ADE-21DE-476F-BCA0-5CB4BB887456}" = protocol=17 | dir=in | app=h:\installed\installed_games\anno 1404\tools\diverses\firefoxportable\opera\operausb1200de\opera.exe | 
"{7EB64753-60D2-471E-B7D6-F75E3979D474}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7F17577A-9654-4C5C-9894-0C75E2C16CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{7FA20936-E925-4639-AAFE-61334F3A90AE}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{838F8D0C-D6D2-4F68-BD09-76464E4B65F9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{8641FF67-1288-466D-B42D-4BB76A478CF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{8E6DAD35-B0BD-46BA-93C5-1CBF67E8C546}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{991FE6B5-54DB-4689-B895-E21AA559C8FD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9B6DF273-16D8-424F-B3E3-866912B4DFCF}" = protocol=6 | dir=out | app=system | 
"{9C32AA7B-C80A-4F6C-8FF7-F24C6BF43EFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A3072092-4F55-461F-877E-CB6F8AD84156}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A364B704-4460-4731-8888-65F76EE1E825}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A7FDF603-9AAE-45D5-BEC5-6495D5849299}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B1A57049-4127-418A-A8F4-6917B33CBD30}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{B429404E-0828-4D34-BF73-E1C0A7C8D461}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{B8F28025-3A6E-4104-96FD-D5010208462A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BC998098-4864-4539-8D28-91794CE95F3B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BCBEAEC3-5114-4557-B175-58B3AB02A2B2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{BDC74F70-A78F-4695-B799-D91F9D92F96F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{BE6A804E-6FBF-47C7-B87C-8562838197D3}" = protocol=17 | dir=in | app=c:\users\soellinger georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BE73389A-AE0C-4C71-A3C4-0C8D344736AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C57DAD3F-BA5C-4860-ABE2-1289D78CF486}" = protocol=6 | dir=in | app=h:\installed\installed_games\anno 1404\tools\diverses\firefoxportable\opera\operausb1200de\pluginwrapper\opera_plugin_wrapper.exe | 
"{C69D83BB-09A8-4EE0-A3E5-8667404C8955}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{C950BF8F-E50A-426E-9DB3-F65AC23E5094}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB5FFE7A-61FA-486B-88BC-639CB7C88E34}" = protocol=6 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe | 
"{CCD90BB0-13B8-42F3-9F34-F8BB4B65487C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0113CFB-2A53-4738-9159-E06CFB88C43E}" = protocol=6 | dir=in | app=h:\installed\installed_games\anno 1404\tools\diverses\firefoxportable\opera\operausb1200de\opera.exe | 
"{D04CF337-3DB0-40EC-8D45-4E36E81ECA12}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{D5BA1C58-75C9-4515-B82E-715046718A3C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D938A001-AD0F-452A-BCCC-7F093F27A5B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DA3B1904-19D6-436E-9C94-BCEA7BC944FA}" = protocol=17 | dir=out | app=%programfiles% (x86)\skype\phone\skype.exe | 
"{DAB32B2D-54C5-487F-BB30-70E236C5D4F0}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{DBA7A747-32FE-48B3-BB61-26DE0150F45A}" = protocol=6 | dir=in | app=c:\users\soellinger georg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DE6A7998-7766-44C7-8BB6-AD5C0B49A915}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{E82E76D9-CD9C-43F7-9B7F-6295235C7DAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA63264D-4E0E-41D0-854C-4DCF94B53BE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EA6C1796-B7B4-4561-8780-8CE23CC0E4A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED657CD8-3EAA-4D8A-97D4-3D5227F091DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE692F9E-FB86-4E6C-A881-CD6101622878}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5BD6DD7-0526-4898-9D7D-D6689A9EF220}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{F971F240-30B0-469F-8047-E226103E231D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"TCP Query User{05EDA7B9-F96D-4271-BB49-90F8DA276097}C:\users\soellinger georg\desktop\couner strike source final\hl2.exe" = protocol=6 | dir=in | app=c:\users\soellinger georg\desktop\couner strike source final\hl2.exe | 
"TCP Query User{0B8A5113-76AB-4A8C-8ADE-342936547B98}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe | 
"TCP Query User{24FA89A7-6ECC-4C38-9B53-C2C363FDD0C8}H:\installed\installed_games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=h:\installed\installed_games\anno 1404\tools\anno4web.exe | 
"TCP Query User{2AA349EE-C5AF-4AAD-A499-F06D79A5C7C8}H:\installed\installed_games\couner strike source final\hl2.exe" = protocol=6 | dir=in | app=h:\installed\installed_games\couner strike source final\hl2.exe | 
"TCP Query User{32A7DFC2-CD4D-4CA9-A7A3-64764935F1E7}G:\installed\installed_games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=g:\installed\installed_games\battlefield 1942\bf1942.exe | 
"TCP Query User{38CEBB83-6C35-49D1-AE04-DA22A3D5B39C}H:\installed\installed_games\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=h:\installed\installed_games\call of duty- modern warfare 3\iw5mp_server.exe | 
"TCP Query User{3F90FA0D-7E17-490B-8061-E8CB6F9579A4}C:\users\soellinger georg\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\users\soellinger georg\desktop\my mobile\mymobiler\mymobiler.exe | 
"TCP Query User{4C7C51FE-71C9-4473-A3C9-47BFCF21E1F4}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{6EE8A760-97D5-4795-A5F1-2DBD9EF51F60}D:\installed\installed_games\couner strike source final\hl2.exe" = protocol=6 | dir=in | app=d:\installed\installed_games\couner strike source final\hl2.exe | 
"TCP Query User{722FEC20-8145-438F-82C3-2350D1E2A490}C:\users\soellinger georg\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\soellinger georg\appdata\local\temp\rarsfx0\bie_kms.exe | 
"TCP Query User{757CD7E1-42FC-44AE-9F36-DD1210B694F3}H:\installed\installed_games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=h:\installed\installed_games\battlefield 1942\bf1942.exe | 
"TCP Query User{857B0D99-C88B-4182-97CA-2102526381F8}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{A600D2A2-4DB3-4B60-9C79-3EF5F27956A4}C:\Program Files (x86)\dassault systemes\B18\intel_a\code\bin\CNEXT.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe | 
"TCP Query User{ABC0404B-06B8-48E2-B631-55614202958F}H:\installed\installed_games\couner strike source final\hl2.exe" = protocol=6 | dir=in | app=h:\installed\installed_games\couner strike source final\hl2.exe | 
"TCP Query User{B385A1B0-2071-4ED1-8497-22746549305F}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe | 
"TCP Query User{BB7D90FA-55E2-4B45-A061-039158541433}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{D155D4D7-352D-4A36-842D-E00DD52C08D0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{F920CAEC-45AC-4DBC-BFD0-5D755E48294C}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"TCP Query User{FB73D2C9-553B-4567-A233-FFB9FA386C11}H:\media\media_games\counter strike series\counter strike source\hl2.exe" = protocol=6 | dir=in | app=h:\media\media_games\counter strike series\counter strike source\hl2.exe | 
"TCP Query User{FC14E7BE-E09F-45C3-9C07-AA4A5E831E63}C:\program files (x86)\ea games\command & conquer die ersten 10 jahre\command & conquer red alert(tm) ii\ar2\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command & conquer die ersten 10 jahre\command & conquer red alert(tm) ii\ar2\game.exe | 
"UDP Query User{05198571-06C2-422C-AB6B-37452044AB1B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{1B514A91-33ED-4B55-8611-CAB5BF13FA39}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{2AF0922E-9882-4FFF-96D2-F97295B25464}D:\installed\installed_games\couner strike source final\hl2.exe" = protocol=17 | dir=in | app=d:\installed\installed_games\couner strike source final\hl2.exe | 
"UDP Query User{2CB6540D-42C2-4415-8D0D-418238E9831A}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"UDP Query User{30E235E7-E02E-4F4A-A600-96319BAD4EFB}H:\installed\installed_games\couner strike source final\hl2.exe" = protocol=17 | dir=in | app=h:\installed\installed_games\couner strike source final\hl2.exe | 
"UDP Query User{3C62F068-F992-41B3-BC8D-AC3B6EC0A150}H:\installed\installed_games\couner strike source final\hl2.exe" = protocol=17 | dir=in | app=h:\installed\installed_games\couner strike source final\hl2.exe | 
"UDP Query User{4BD8635C-BFF7-4C44-91AE-8C9140078995}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{6513120B-6A1F-42DE-AF91-20E7B6FDEC23}H:\installed\installed_games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=h:\installed\installed_games\anno 1404\tools\anno4web.exe | 
"UDP Query User{65B66297-87E5-41C4-BD06-51EB5CAB1FC2}H:\media\media_games\counter strike series\counter strike source\hl2.exe" = protocol=17 | dir=in | app=h:\media\media_games\counter strike series\counter strike source\hl2.exe | 
"UDP Query User{788DC6F7-E0C4-492C-B211-081DB5C173AE}C:\users\soellinger georg\desktop\couner strike source final\hl2.exe" = protocol=17 | dir=in | app=c:\users\soellinger georg\desktop\couner strike source final\hl2.exe | 
"UDP Query User{7B87B574-8947-457E-8288-D167DBF880BB}C:\Program Files (x86)\dassault systemes\B18\intel_a\code\bin\CNEXT.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe | 
"UDP Query User{8CEF488B-FB9F-41FE-9FE1-CC4AC71E836C}C:\users\soellinger georg\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\soellinger georg\appdata\local\temp\rarsfx0\bie_kms.exe | 
"UDP Query User{A2981A4C-4729-4910-B62F-6202FCD56605}C:\program files (x86)\ea games\command & conquer die ersten 10 jahre\command & conquer red alert(tm) ii\ar2\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command & conquer die ersten 10 jahre\command & conquer red alert(tm) ii\ar2\game.exe | 
"UDP Query User{A6466B75-2F8A-4076-B328-373B3780418E}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe | 
"UDP Query User{AB9CFC7C-3693-4218-8F9E-5D93B8EE9B1C}C:\users\soellinger georg\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\users\soellinger georg\desktop\my mobile\mymobiler\mymobiler.exe | 
"UDP Query User{B60B28F2-7E07-4A32-BC52-BCE469F25540}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe | 
"UDP Query User{C38B1937-3D74-4FAB-A901-3E6182DA8F07}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{CA6B7442-CF71-4F6C-985E-9D25CA2023B3}H:\installed\installed_games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=h:\installed\installed_games\battlefield 1942\bf1942.exe | 
"UDP Query User{D0405328-5CEC-4AE1-99CE-D0F8F58329F2}G:\installed\installed_games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=g:\installed\installed_games\battlefield 1942\bf1942.exe | 
"UDP Query User{E5DF7E29-D74B-44F1-85FC-D1C7E764BD7B}H:\installed\installed_games\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=h:\installed\installed_games\call of duty- modern warfare 3\iw5mp_server.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{38294D95-DB90-4D8C-824C-26856E5001A6}" = ThinkVantage Fingerprint Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{79AB31DF-83A6-4D49-A70E-C4CA114B0605}" = Lenovo Solution Center
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82B2394D-F5CC-42F0-8DC1-48B3CAA382CC}" = Dassault Systemes Software Prerequisites x86-x64
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F4884F1-488D-4738-8F71-65A378BB484C}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.93
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.3.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"56985FF2BB205B671BCE0645CA198C9EC5176EBA" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (01/19/2011 15.2.9.1)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows-Treiberpaket - Intel (MEIx64) System  (10/19/2010 7.0.0.1144)
"9B84710FFAE6C50914FCE568B59E426F1386E7F6" = Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader  (05/11/2009 4.1.0.1)
"A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows-Treiberpaket - Intel USB  (09/16/2010 9.2.0.1013)
"Dassault Systemes B18_0" = Dassault Systemes Software B18
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"DWG TrueView 2013" = DWG TrueView 2013
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows-Treiberpaket - Intel System  (10/04/2010 9.2.0.1015)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"sp6" = Logitech SetPoint 6.30
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F586E56-913B-4C6D-889B-F591485E069D}" = Microsoft Research Mesh Virtual WIFI
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{91A29166-4E1B-4664-B70B-4C4A3B6B3372}" = Lenovo Screen Reading Optimizer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1" = X-Rite Device Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2A53206-6A9E-4241-B21C-D94140EEF1CE}_is1" = X-Rite Device i1Display Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any DWG DXF Converter_is1" = Any DWG DXF Converter 2010
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"avast" = avast! Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DAEMON Tools Lite" = DAEMON Tools Lite
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Studio_is1" = Free Studio version 5.3.2
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Opera 12.10.1652_1" = Opera 12.10
"Opera 12.14.1738" = Opera 12.14
"PANTONE Color Calibrator_is1" = PANTONE Color Calibrator 1.0
"PRJPRO" = Microsoft Office Project Professional 2007
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.02.2013 16:51:53 | Computer Name = Soellinger | Source = Google Update | ID = 20
Description = 
 
Error - 14.02.2013 16:52:16 | Computer Name = Soellinger | Source = PC-Doctor | ID = 1
Description = (8704) Asapi: (21:52:16:6600)(8704) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
Error - 14.02.2013 16:54:16 | Computer Name = Soellinger | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_5_502_149.exe,
 Version: 11.5.502.149, Zeitstempel: 0x510c77e4  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x699792cd  ID des fehlerhaften Prozesses: 0x2084  Startzeit der fehlerhaften Anwendung:
 0x01ce0af573612a50  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: b12f0874-76e8-11e2-81b0-f0def15ee5f6
 
Error - 14.02.2013 16:54:21 | Computer Name = Soellinger | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_5_502_149.exe,
 Version: 11.5.502.149, Zeitstempel: 0x510c77e4  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x699792cd  ID des fehlerhaften Prozesses: 0x23f4  Startzeit der fehlerhaften Anwendung:
 0x01ce0af576c6fe78  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: b47d0ed9-76e8-11e2-81b0-f0def15ee5f6
 
Error - 14.02.2013 16:54:25 | Computer Name = Soellinger | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_5_502_149.exe,
 Version: 11.5.502.149, Zeitstempel: 0x510c77e4  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x699792cd  ID des fehlerhaften Prozesses: 0x2088  Startzeit der fehlerhaften Anwendung:
 0x01ce0af578c9eb03  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: b67d9a05-76e8-11e2-81b0-f0def15ee5f6
 
Error - 14.02.2013 16:54:28 | Computer Name = Soellinger | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_5_502_149.exe,
 Version: 11.5.502.149, Zeitstempel: 0x510c77e4  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x699792cd  ID des fehlerhaften Prozesses: 0x212c  Startzeit der fehlerhaften Anwendung:
 0x01ce0af57aa13b7a  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: b854ea7b-76e8-11e2-81b0-f0def15ee5f6
 
Error - 14.02.2013 22:00:21 | Computer Name = Soellinger | Source = Google Update | ID = 20
Description = 
 
Error - 15.02.2013 04:04:20 | Computer Name = Soellinger | Source = PerfNet | ID = 2004
Description = 
 
Error - 15.02.2013 04:17:18 | Computer Name = Soellinger | Source = PC-Doctor | ID = 1
Description = (9008) Asapi: (09:17:18:6410)(9008) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
Error - 15.02.2013 08:49:13 | Computer Name = Soellinger | Source = Google Update | ID = 20
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.02.2013 04:02:18 | Computer Name = Soellinger | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
 .\IPC\WinsecAPI.cpp Line: 73 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
 Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 15.02.2013 04:02:18 | Computer Name = Soellinger | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
 112 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
 Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 15.02.2013 04:02:18 | Computer Name = Soellinger | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 15.02.2013 04:02:18 | Computer Name = Soellinger | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 15.02.2013 04:02:18 | Computer Name = Soellinger | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 1612 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
 -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 15.02.2013 04:03:38 | Computer Name = Soellinger | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 15.02.2013 04:05:47 | Computer Name = Soellinger | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 520 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 15.02.2013 04:05:47 | Computer Name = Soellinger | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 15.02.2013 04:05:48 | Computer Name = Soellinger | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1336 NULL object. Cannot establish a connection at this time.
 
Error - 15.02.2013 04:05:52 | Computer Name = Soellinger | Source = acvpnui | ID = 67108866
Description = Function: CAutoProxy::GetAutoProxyStrings File: .\Proxy\AutoProxy.cpp
Line:
 137 Invoked Function: WinHttpGetProxyForUrl Return Code: 12180 (0x00002F94) Description:
 WINDOWS_ERROR_CODE 
 
[ Lenovo-Lenovo Patch Utility/Admin Events ]
Error - 02.07.2012 12:28:51 | Computer Name = Soellinger | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
 konnten nicht übersetzt werden.
 
Error - 02.07.2012 12:29:09 | Computer Name = Soellinger | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
 Error message: Der Remotename konnte nicht aufgelöst werden: 'download.lenovo.com'
 
Error - 02.07.2012 12:29:09 | Computer Name = Soellinger | Source = Lenovo Patch Utility | ID = 1
Description = Connection failure while downloading manifest file hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml.
 
Error - 02.07.2012 12:29:09 | Computer Name = Soellinger | Source = Lenovo Patch Utility | ID = 2
Description = Failed to connect to the server. Error message: Eine Ausnahme vom 
Typ "Lenovo.LenovoPatchUtility.Exceptions.ConnectionFailureException" wurde ausgelöst.
 
Error - 16.07.2012 16:56:17 | Computer Name = Soellinger | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
 konnten nicht übersetzt werden.
 
Error - 26.11.2012 07:14:35 | Computer Name = Soellinger | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
 konnten nicht übersetzt werden.
 
Error - 29.11.2012 14:33:39 | Computer Name = Soellinger | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
 konnten nicht übersetzt werden.
 
Error - 29.11.2012 14:33:44 | Computer Name = Soellinger | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
 Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 17.10.2011 08:18:42 | Computer Name = Soellinger | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der binäre Stream "0" enthält keinen gültigen BinaryHeader. Möglicherweise
 ist der Stream ungültig oder die Objektversion wurde zwischen der Serialisierung
 und der Deserialisierung geändert. -> Exception message: Der binäre Stream "0" 
enthält keinen gültigen BinaryHeader. Möglicherweise ist der Stream ungültig oder
 die Objektversion wurde zwischen der Serialisierung und der Deserialisierung geändert.
 
Error - 10.05.2012 09:45:12 | Computer Name = Soellinger | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Unable to retrieve machine model -> Exception message: 
 
Error - 10.05.2012 09:45:12 | Computer Name = Soellinger | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Retrieved null machine type model
 
Error - 10.05.2012 09:52:18 | Computer Name = Soellinger | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Unable to retrieve machine model -> Exception message: 
 
Error - 10.05.2012 09:52:18 | Computer Name = Soellinger | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Retrieved null machine type model
 
Error - 29.06.2012 06:04:56 | Computer Name = Soellinger | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
 Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 27.11.2012 08:14:13 | Computer Name = Soellinger | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
 Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 07.01.2013 19:58:04 | Computer Name = Soellinger | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
 file size of the file on the server
 
Error - 07.01.2013 19:58:05 | Computer Name = Soellinger | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\whyme.cgi
 does not have a Lenovo Digital Signature. The file will be deleted
 
[ System Events ]
Error - 14.02.2013 16:51:58 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7034
Description = Dienst "AcSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 15.02.2013 04:01:45 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SMI Helper Driver (smihlp2)" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 15.02.2013 04:02:17 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst NVSvc erreicht.
 
Error - 15.02.2013 04:02:29 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
 
Error - 15.02.2013 04:02:29 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 15.02.2013 04:03:20 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Ulead Burning Helper erreicht.
 
Error - 15.02.2013 04:03:20 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ulead Burning Helper" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.02.2013 04:30:01 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 15.02.2013 04:30:01 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.02.2013 08:49:05 | Computer Name = Soellinger | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Biometriedienst" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1083
 
 
< End of report >
         
Danke schonmal für Deine Hilfe,
Grüße!
__________________

Geändert von Phoenix_91 (15.02.2013 um 14:48 Uhr)

Alt 15.02.2013, 14:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand - Standard

Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand



Nicht gelesen? Die Logs sollten in CODE-Tags gepostet werden

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.02.2013, 14:49   #5
Phoenix_91
 
Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand - Standard

Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand



Hier noch der zweite:

Code:
ATTFilter
OTL logfile created on: 15.02.2013 13:58:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Soellinger Georg\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,07 Gb Available Physical Memory | 64,25% Memory free
15,78 Gb Paging File | 12,51 Gb Available in Paging File | 79,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443,10 Gb Total Space | 126,16 Gb Free Space | 28,47% Space Free | Partition Type: NTFS
Drive E: | 7,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 21,48 Gb Total Space | 14,09 Gb Free Space | 65,57% Space Free | Partition Type: NTFS
 
Computer Name: SOELLINGER | User Name: Soellinger Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Soellinger Georg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Soellinger Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe ()
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe (X-Rite Inc.)
PRC - C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe (X-Rite Inc.)
PRC - C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe (X-Rite Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\Lenovo\AutoLock\cv210.dll ()
MOD - C:\Programme\Lenovo\AutoLock\cxcore210.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\QtGui4.dll ()
MOD - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\QtCore4.dll ()
MOD - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\zlib1.dll ()
MOD - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe ()
MOD - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\CxF2_VC90MD_2.1.dll ()
MOD - C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\libxml2.dll ()
MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (mitsijm2013) -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe ( )
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (SROSVC) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (i1 Display Service) -- C:\Program Files (x86)\X-Rite\Devices\Services\i1Display\i1DisplayDeviceService.exe (X-Rite Inc.)
SRV - (xritedeviced) -- C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe (X-Rite Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (BBDemon) -- C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (smihlp2) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys File not found
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\amppal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\amppal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A418828D-DBBD-4FFA-A65B-C5A67E7F9693}
IE:64bit: - HKLM\..\SearchScopes\{A418828D-DBBD-4FFA-A65B-C5A67E7F9693}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{689F8C20-08D3-4EBF-9982-8C64286056C7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.searchEnginesURL: ""
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Soellinger Georg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Soellinger Georg\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.02.15 17:59:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 10:31:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 10:31:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 10:31:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 10:31:18 | 000,000,000 | ---D | M]
 
[2012.12.17 09:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soellinger Georg\AppData\Roaming\mozilla\Extensions
[2013.01.31 18:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soellinger Georg\AppData\Roaming\mozilla\Firefox\Profiles\80gtrdhf.default\extensions
[2011.09.23 21:13:44 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Soellinger Georg\AppData\Roaming\mozilla\Firefox\Profiles\80gtrdhf.default\extensions\DeviceDetection@logitech.com
[2013.01.31 18:10:36 | 000,130,828 | ---- | M] () (No name found) -- C:\Users\Soellinger Georg\AppData\Roaming\mozilla\firefox\profiles\80gtrdhf.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.12.23 11:23:45 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\Soellinger Georg\AppData\Roaming\mozilla\firefox\profiles\80gtrdhf.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.11.14 10:58:58 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\Soellinger Georg\AppData\Roaming\mozilla\firefox\profiles\80gtrdhf.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.12.11 17:03:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Soellinger Georg\AppData\Roaming\mozilla\firefox\profiles\80gtrdhf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.31 17:07:33 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Soellinger Georg\AppData\Roaming\mozilla\firefox\profiles\80gtrdhf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.23 12:16:24 | 000,002,057 | ---- | M] () -- C:\Users\Soellinger Georg\AppData\Roaming\mozilla\firefox\profiles\80gtrdhf.default\searchplugins\youtube-videosuche.xml
[2013.02.06 10:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 10:31:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.06 10:31:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.06 10:31:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.06 10:31:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.06 10:31:21 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.31 06:52:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 06:52:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.31 06:52:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.31 06:52:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.31 06:52:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.31 06:52:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [X-Rite Legacy Device] C:\Program Files (x86)\X-Rite\Devices\Lib\xritelegacyd.exe (X-Rite Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3409518300-1189540095-3539162366-1000..\Run: [Facebook Update] C:\Users\Soellinger Georg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3409518300-1189540095-3539162366-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3409518300-1189540095-3539162366-1003..\RunOnce: []  File not found
O4 - HKU\S-1-5-21-3409518300-1189540095-3539162366-1003..\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q File not found
O4 - HKU\S-1-5-21-3409518300-1189540095-3539162366-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43E39BBB-BC4B-483E-BFE3-141AE0DEAEC8}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E564073-93E4-4AB0-A020-F16E85DB54B3}: NameServer = 10.156.33.53,129.187.5.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.04.18 18:06:08 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005.12.17 23:43:04 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ]
O32 - AutoRun File - [2005.12.15 02:25:08 | 000,778,240 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.18 22:44:26 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{215d2df2-169c-11e2-b33d-f0def15ee5f6}\Shell - "" = AutoRun
O33 - MountPoints2\{215d2df2-169c-11e2-b33d-f0def15ee5f6}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{d09eed77-d300-11e0-b3a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d09eed77-d300-11e0-b3a5-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{d09eed7a-d300-11e0-b3a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d09eed7a-d300-11e0-b3a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2005.12.15 02:25:08 | 000,778,240 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{e6075011-e691-11e0-b8f6-f0def15ee5f6}\Shell - "" = AutoRun
O33 - MountPoints2\{e6075011-e691-11e0-b8f6-f0def15ee5f6}\Shell\AutoRun\command - "" = F:\Setup.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.15 13:54:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Soellinger Georg\Desktop\OTL.exe
[2013.02.14 09:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec
[2013.02.14 09:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPBA
[2013.02.14 03:01:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 03:01:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 03:01:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 03:01:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 03:01:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 03:01:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 03:01:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 03:01:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 03:01:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 03:01:42 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 03:01:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 03:01:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 03:01:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 03:01:35 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 03:01:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 12:56:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 12:56:10 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 12:56:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 12:56:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 12:56:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 12:56:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 12:56:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 12:56:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 12:56:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 12:55:57 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.06 10:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.05 18:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.05 18:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.29 13:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013.01.22 23:56:24 | 000,000,000 | ---D | C] -- C:\Users\Soellinger Georg\.android
[2011.02.07 15:15:50 | 000,020,944 | ---- | C] (Intel Corporation) -- C:\Users\Soellinger Georg\AppData\Roaming\JomCap.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.15 14:00:03 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.02.15 13:54:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Soellinger Georg\Desktop\OTL.exe
[2013.02.15 13:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.15 13:49:13 | 000,001,182 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3409518300-1189540095-3539162366-1000UA.job
[2013.02.15 13:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 09:12:10 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 09:12:10 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 09:01:23 | 2058,801,151 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 03:41:45 | 000,562,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 03:10:40 | 001,818,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 03:10:40 | 000,762,258 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 03:10:40 | 000,717,536 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 03:10:40 | 000,172,612 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 03:10:40 | 000,145,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.13 09:50:46 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3409518300-1189540095-3539162366-1000Core.job
[2013.02.09 15:51:52 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.09 15:51:52 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.05 20:26:42 | 029,189,632 | ---- | M] () -- C:\Users\Soellinger Georg\Desktop\WK I.zip
[2013.02.01 14:44:29 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.01.26 17:51:00 | 001,183,401 | ---- | M] () -- C:\Users\Soellinger Georg\Desktop\Harry ottert.png
[2013.01.24 14:37:48 | 001,461,599 | ---- | M] () -- C:\Users\Soellinger Georg\Desktop\Gimli pickelt.png
[2013.01.24 14:32:28 | 001,494,011 | ---- | M] () -- C:\Users\Soellinger Georg\Desktop\Dein Vadda.png
[2013.01.24 14:28:36 | 001,989,303 | ---- | M] () -- C:\Users\Soellinger Georg\Desktop\Arni beim Sein.png
[2013.01.24 14:04:50 | 004,679,879 | ---- | M] () -- C:\Users\Soellinger Georg\Desktop\Balotelli schaufelt.png
[2013.01.22 18:43:26 | 000,315,926 | ---- | M] () -- C:\Users\Soellinger Georg\Documents\Scan0032.pdf
[2013.01.22 18:41:35 | 000,312,678 | ---- | M] () -- C:\Users\Soellinger Georg\Documents\Scan0031.pdf
[2013.01.21 20:33:35 | 001,530,710 | ---- | M] () -- C:\Users\Soellinger Georg\Documents\Scan0030.pdf
[3 C:\Windows\SysNative\drivers\UMDF\*.tmp files -> C:\Windows\SysNative\drivers\UMDF\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.05 20:26:29 | 029,189,632 | ---- | C] () -- C:\Users\Soellinger Georg\Desktop\WK I.zip
[2013.02.01 21:04:15 | 004,679,879 | ---- | C] () -- C:\Users\Soellinger Georg\Desktop\Balotelli schaufelt.png
[2013.02.01 21:04:15 | 001,989,303 | ---- | C] () -- C:\Users\Soellinger Georg\Desktop\Arni beim Sein.png
[2013.02.01 21:04:15 | 001,494,011 | ---- | C] () -- C:\Users\Soellinger Georg\Desktop\Dein Vadda.png
[2013.02.01 21:04:15 | 001,461,599 | ---- | C] () -- C:\Users\Soellinger Georg\Desktop\Gimli pickelt.png
[2013.02.01 21:04:15 | 001,183,401 | ---- | C] () -- C:\Users\Soellinger Georg\Desktop\Harry ottert.png
[2013.01.22 18:43:25 | 000,315,926 | ---- | C] () -- C:\Users\Soellinger Georg\Documents\Scan0032.pdf
[2013.01.22 18:41:34 | 000,312,678 | ---- | C] () -- C:\Users\Soellinger Georg\Documents\Scan0031.pdf
[2013.01.21 20:33:33 | 001,530,710 | ---- | C] () -- C:\Users\Soellinger Georg\Documents\Scan0030.pdf
[2012.10.03 21:04:51 | 000,007,605 | ---- | C] () -- C:\Users\Soellinger Georg\AppData\Local\resmon.resmoncfg
[2012.09.08 10:20:56 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.08 10:20:50 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.12 00:00:04 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.01.12 00:00:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.01.11 23:59:52 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.14 20:26:09 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.10.18 20:55:42 | 001,774,092 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.23 15:06:25 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.09.23 15:06:17 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.12 05:20:56 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Alle zwei in einem Forumsbeitrag sind scheinbar zu viele Zeichen!


Alt 15.02.2013, 15:35   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand - Standard

Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand



Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?


Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand

Alt 15.02.2013, 19:34   #7
Phoenix_91
 
Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand - Standard

Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand



So hallo nochmal, schreib gerade von meinem handy, da mein pc diese reinigungsaktion nicht vertrug. es kommt die systemstartreparatur und da steht, windows kann den pc nicht automatisch reparieren. was soll ich jetzt tun?? aangst
danke schonmal

Alt 16.02.2013, 17:13   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand - Standard

Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand



Von Windows DVD booten und reparieren lassen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand
aktuelle, anwesend, arbeiten, deinstallation, doppelte akkuanzeige, dringend, eigenmächtige softwareupdates im ruhezustand, firefox, grafiktreiberabsturz, installiert, kurze, lenovo, maus, neustart, nicht mehr, nicht möglich, plötzlich, probleme, rechner, startet, systemsteuerung, taskleiste, taskleiste inaktiv, updates, wichtige, win, win7, woche, wochen, zeichen



Ähnliche Themen: Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand


  1. Windows 7: Starke Verlangsamung des Systemstarts
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (1)
  2. Doppelte Accounts löschen?
    Lob, Kritik und Wünsche - 14.11.2013 (4)
  3. Doppelte Akzente/Trojan.ZbotR.Gen?
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (11)
  4. Doppelte Accents
    Log-Analyse und Auswertung - 16.04.2012 (11)
  5. Trojaner Doppelte Akzentzeichen
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (2)
  6. Fragen zum Ruhezustand
    Netzwerk und Hardware - 22.10.2011 (8)
  7. Nach Ruhezustand CPU bei 100%
    Log-Analyse und Auswertung - 27.03.2011 (0)
  8. Doppelte Accents und ein googlesicherer Prozess
    Log-Analyse und Auswertung - 29.07.2010 (9)
  9. doppelte Dateien
    Diskussionsforum - 13.04.2010 (2)
  10. doppelte iexplorer.exe
    Log-Analyse und Auswertung - 02.06.2009 (8)
  11. Doppelte avp.exe
    Log-Analyse und Auswertung - 20.08.2008 (4)
  12. Ruhezustand.vbs
    Alles rund um Windows - 27.04.2008 (6)
  13. Doppelte Prozesse im Taskamanger
    Log-Analyse und Auswertung - 10.02.2008 (11)
  14. doppelte iexplore.exe
    Plagegeister aller Art und deren Bekämpfung - 28.01.2008 (1)
  15. Doppelte Tastenbelegung, durch Virus?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2005 (3)
  16. .jpg doppelte Größe
    Alles rund um Windows - 27.08.2004 (4)

Zum Thema Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand - Wertes Helferteam, Mein PC (Lenovo W520, Win7) startet sich seit gestern im Ruhezustand über Nacht von selbst und installiert irgendwelche "wichtigen Updates" von selbst, ohne dass ich irgendwas dazu beitrage. - Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand...
Archiv
Du betrachtest: Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.