R-volution | 27.09.2012 07:28 | OTL LogOTL Logfile: Code:
OTL logfile created on: 27.09.2012 07:42:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Morle und Maria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 73,29% Memory free
15,89 Gb Paging File | 13,56 Gb Available in Paging File | 85,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 601,94 Gb Free Space | 91,94% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,15 Gb Free Space | 90,17% Space Free | Partition Type: NTFS
Computer Name: LENOVO | User Name: Morle und Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.27 07:39:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Morle und Maria\Desktop\OTL.exe
PRC - [2012.08.20 14:17:32 | 000,474,208 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.08.20 14:12:34 | 000,724,576 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.10 03:58:54 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.10 03:58:52 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.04.30 16:18:00 | 005,235,608 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012.04.24 09:31:34 | 001,150,368 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012.04.11 12:09:14 | 001,177,496 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012.04.11 12:01:46 | 000,247,704 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012.02.28 15:09:18 | 003,128,856 | ---- | M] (devolo AG) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
PRC - [2011.11.29 07:52:47 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.15 13:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.13 15:31:40 | 000,115,137 | ---- | M] () -- C:\Users\Morle und Maria\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.06.25 16:57:24 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.06.20 05:42:48 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4621632eccd0b813535a27e737a8a03\IAStorUtil.ni.dll
MOD - [2012.06.14 04:01:35 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 04:01:10 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 04:01:03 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.14 03:40:17 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.14 03:40:02 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.14 03:39:58 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:39:50 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.14 03:39:48 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.05.10 03:45:47 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.10 03:44:27 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 03:44:21 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.10 03:41:28 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9c5c9e0b5972a39696939f7009df4a08\IAStorCommon.ni.dll
MOD - [2012.05.10 03:39:40 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 03:39:01 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 03:38:56 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 03:38:53 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 03:38:52 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 03:38:47 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.10 03:08:54 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 03:05:59 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.10 03:05:54 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.10 03:05:54 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.05.10 03:05:47 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.10 03:05:40 | 014,414,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2011.11.29 07:52:47 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011.11.28 22:55:59 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011.03.28 17:44:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.22 14:37:50 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.20 14:17:32 | 000,474,208 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.04.24 09:31:34 | 001,150,368 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012.04.11 12:09:14 | 001,177,496 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012.04.11 12:01:46 | 000,247,704 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.02.28 15:09:18 | 003,128,856 | ---- | M] (devolo AG) [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.05.21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.29 08:02:14 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011.11.29 08:02:12 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011.11.29 07:59:45 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011.11.29 07:59:45 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011.11.28 23:07:39 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.28 23:07:39 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.15 05:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.28 18:14:46 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.28 17:09:10 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.26 00:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.10 11:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.21 08:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.08.16 11:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2010.01.05 04:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.08.13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.13 22:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012.01.31 17:41:08 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.02 14:04:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.01.31 00:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Morle und Maria\AppData\Roaming\mozilla\Extensions
[2012.06.02 18:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Morle und Maria\AppData\Roaming\mozilla\Firefox\Profiles\9k148s5f.default\extensions
[2012.04.02 14:04:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Morle und Maria\AppData\Roaming\mozilla\Firefox\Profiles\9k148s5f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.27 01:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 01:07:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.02 14:04:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.24 19:32:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.24 19:32:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.24 19:32:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.24 19:32:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.24 19:32:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.24 19:32:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://google.de/ig
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://google.de/ig
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube Downloader = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\baghcaokjpiflfgfddiobkomaaklphhg\12.0_0\
CHR - Extension: YouTube = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: YouTube Downloader: Download videos MP3 / MP4 = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbligcmficmlefjffdbejhgiojeocgob\1000_0\
CHR - Extension: Vimeo Video Downloader = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjieadomkepcfnndlnkmmcehlghbafmk\3_0\
CHR - Extension: Morpheon Dark = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad\2.0_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Google Mail = C:\Users\Morle und Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F818A52-894E-4B02-A072-5D82F9BA96C6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D6B318-307F-4E25-B55B-B37389F34852}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAA0665B-479D-44C9-A2CE-E19651F4C735}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{75def496-68d2-11e1-8f50-00025b7f3f48}\Shell - "" = AutoRun
O33 - MountPoints2\{75def496-68d2-11e1-8f50-00025b7f3f48}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.27 07:39:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Morle und Maria\Desktop\OTL.exe
[2012.09.14 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Morle und Maria\Documents\Postbank
[2012.09.14 16:38:57 | 000,000,000 | ---D | C] -- C:\Users\Morle und Maria\Documents\Sony HDR-CX730 Tests
[2012.09.14 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Morle und Maria\Documents\Honda Serviceschreiben
[2012.08.29 04:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
[2012.08.29 03:43:17 | 000,000,000 | ---D | C] -- C:\Users\Morle und Maria\Documents\Sony PMB
[2012.08.29 03:42:55 | 000,000,000 | ---D | C] -- C:\Users\Morle und Maria\AppData\Roaming\Sony Corporation
[2012.08.29 03:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012.08.29 03:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
========== Files - Modified Within 30 Days ==========
[2012.09.27 07:42:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.09.27 07:39:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Morle und Maria\Desktop\OTL.exe
[2012.09.27 07:36:01 | 000,000,000 | ---- | M] () -- C:\Users\Morle und Maria\defogger_reenable
[2012.09.27 07:33:28 | 000,050,477 | ---- | M] () -- C:\Users\Morle und Maria\Desktop\Defogger.exe
[2012.09.27 07:18:01 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.27 03:18:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.27 02:27:57 | 001,506,902 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.09.27 02:27:57 | 000,656,972 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.09.27 02:27:57 | 000,618,814 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.09.27 02:27:57 | 000,131,454 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.09.27 02:27:57 | 000,107,836 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.09.27 02:24:48 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012.09.26 18:40:44 | 000,000,091 | ---- | M] () -- C:\Users\Morle und Maria\Desktop\radio1348677747.asx
[2012.09.23 04:04:54 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 04:04:54 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 03:58:43 | 000,328,057 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.09.23 03:57:08 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.16 20:56:12 | 000,034,355 | ---- | M] () -- C:\Users\Morle und Maria\Desktop\20120437 Mohr .pdf
========== Files Created - No Company Name ==========
[2012.09.27 07:36:01 | 000,000,000 | ---- | C] () -- C:\Users\Morle und Maria\defogger_reenable
[2012.09.27 07:33:27 | 000,050,477 | ---- | C] () -- C:\Users\Morle und Maria\Desktop\Defogger.exe
[2012.09.26 18:40:52 | 000,000,091 | ---- | C] () -- C:\Users\Morle und Maria\Desktop\radio1348677747.asx
[2012.09.16 20:56:16 | 000,034,355 | ---- | C] () -- C:\Users\Morle und Maria\Desktop\20120437 Mohr .pdf
[2012.08.29 04:17:29 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
[2012.02.06 08:48:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.15 06:06:40 | 001,529,424 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.12.14 06:05:26 | 000,000,000 | ---- | C] () -- C:\Users\Morle und Maria\AppData\Local\{CA0B8284-63A9-47BA-9D6D-17A8AE4D8CD0}
[2011.12.14 06:01:21 | 000,000,000 | ---- | C] () -- C:\Users\Morle und Maria\AppData\Local\{A38745A0-BC11-482D-B4E3-EAFD71C4B55E}
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011.11.29 08:08:42 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011.11.29 08:08:42 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011.11.29 07:52:50 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011.11.29 07:52:50 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.11.29 07:52:50 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.11.29 07:52:50 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011.11.29 07:52:45 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.11.29 07:43:28 | 000,001,803 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2011.11.29 07:43:28 | 000,001,803 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2011.11.29 07:40:35 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.11.29 07:31:49 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.11.29 07:28:15 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011.11.29 07:26:58 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.11.29 07:23:36 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.11.29 07:23:35 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.11.29 07:23:34 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.03.28 14:10:12 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.01.27 05:24:28 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\AnvSoft
[2012.01.25 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\DVDVideoSoft
[2012.01.17 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\FreeFLVConverter
[2012.01.31 07:37:05 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\Gmail Notifier Plus
[2012.01.15 23:11:54 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\Orbit
[2012.01.25 22:32:43 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\Panasonic
[2012.01.15 23:07:14 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\ProgSense
[2011.12.16 09:52:33 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\Samsung
[2011.12.27 20:02:57 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\SoftGrid Client
[2012.06.15 04:52:05 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\Temp
[2011.12.20 05:06:48 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\TP
[2012.02.21 19:17:39 | 000,000,000 | ---D | M] -- C:\Users\Morle und Maria\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report > --- --- ---
ExtrasOTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 27.09.2012 07:42:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Morle und Maria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 73,29% Memory free
15,89 Gb Paging File | 13,56 Gb Available in Paging File | 85,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 601,94 Gb Free Space | 91,94% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,15 Gb Free Space | 90,17% Space Free | Partition Type: NTFS
Computer Name: LENOVO | User Name: Morle und Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DB3EFA-DC78-45AE-A6D0-EBF697852AF6}" = rport=137 | protocol=17 | dir=out | app=system |
"{11F2B418-44EA-465F-9E87-C3A59675BC9B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2670F474-5788-4699-9B87-21F154BA6FA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{2F3A3A99-24B4-416A-AC84-619DC129F26B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2F6905B4-3E58-4CCA-9722-FBC255203460}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31AEEA60-DEF2-4C5C-B429-DB2C3D564578}" = lport=139 | protocol=6 | dir=in | app=system |
"{3281233A-D299-4E12-A991-DE47672C7189}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DCFE40B-2E5C-4218-9225-7C885769D374}" = rport=139 | protocol=6 | dir=out | app=system |
"{431177F0-2AA3-4DA8-B6D5-EE23667B3EC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49966252-15F6-4831-8E68-9573D3FBC148}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A77A3F3-0308-45D7-8B03-7ADD077D60A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{5621C779-7152-4D7D-88C5-91B7FD8016BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{573B6577-8992-4C40-841A-05E5057CE0E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{616941AB-D19D-4A3E-B568-C0B6B7BA3AA3}" = lport=3390 | protocol=6 | dir=in | app=system |
"{62631FBC-BA5A-420E-8CB7-D89FDAED8D66}" = lport=19376 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe |
"{6736971F-ED2A-4A7C-8866-35A02F6F66AD}" = rport=138 | protocol=17 | dir=out | app=system |
"{69B586FE-2B1F-42C9-A28F-B8AB3863EEFC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6A8FC11F-596D-4D08-A91A-D3FB257A4CAB}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe |
"{6C4205EF-29E6-4B00-A289-6718C62813C8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F08A9CB-E068-4403-B5B9-384766F23F37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7770620B-877A-4C17-BC14-247BB483A737}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78E2B669-5E39-44B1-A1CA-38A34D9FF430}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79280D92-3B55-4C1D-ADB3-64DA64AE0729}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A3BC576-3A2F-4B39-8028-F6346AD0CB93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E32276C-9FD2-47AF-BA3F-FF485443BA26}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90979B00-F499-4487-B11B-FABE5A073804}" = lport=445 | protocol=6 | dir=in | app=system |
"{92531DA6-347F-4B40-8623-AC773106372C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{94411AAF-6499-4415-BB53-CEB8D500B1EA}" = lport=10244 | protocol=6 | dir=in | app=system |
"{98A60914-CADF-4C03-832B-5D79105ABD8B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9900DAB4-63E5-4944-A384-D9D8B3FDEAA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A241BC1A-1695-4B23-A3D0-75B723D9F238}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A452AC59-9DB7-4A70-B260-C31080C39300}" = rport=445 | protocol=6 | dir=out | app=system |
"{A87080CA-7CDA-46BF-AE70-33918AF25FD7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B2BBCA0B-54AA-4DB9-AEAE-DF3B7BAEE095}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B53F7814-03E6-4752-8F09-9AAFBDBA4F18}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB2613EB-AB59-4055-AD00-B7DC0C070DC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4F0718A-593E-4343-91AF-83B181C47574}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9A6466B-47C6-49A6-A229-E554EBC26D1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB7D97A4-A9AB-473A-87C7-E300847D1DDE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CDC4265F-2D57-4207-8D31-A87791397A7F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{CEF7B854-1E1F-49B7-8D43-9917307A1DDB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CF65EECF-2D98-45EA-A7E9-CF933F4D7404}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D19B172A-623F-4AC7-9A85-D023BB85B3C3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D438A125-E99F-4143-BAD6-EC0E0BE54754}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D924C3D6-8060-4F01-81E4-462679B26402}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9AA09C3-9DC4-42AD-B98F-DE6F86F0B61E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E46593AC-028A-41C1-8857-38935820BFDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E4F60A2B-F36E-43A4-BC6C-538AA975ADE7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E7F1BC55-E9CF-454C-A9C0-0969CE4AD31B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA0C0041-B2D0-42A5-A852-D3ACCF6ED0AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F3C21BDA-3953-4BA3-8DF0-FF2FF99585D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04762FB2-5632-4284-8180-584B7362A2C1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{05C9DD74-E04C-4C07-912F-C90991CD51C5}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{08C48500-A479-4006-ABCB-A5850FA163B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BC146D8-D318-4CBE-8A00-B5F992C1C681}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0D033A8E-AF9C-4A86-984A-EE0D2FA3D7C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B8E5B2E-C009-4367-81DF-639BD4D4ED13}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{2294E49F-F058-4866-B3AC-EBFA7917D694}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{23493F9C-A920-48BF-AD08-D9D6C0CE8E06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{24BC59C9-D173-4FDF-A7B4-62AB6C2456AC}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2706670E-5BBA-4134-AEB2-38C88194E251}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2A6701E2-94A3-4EAD-B04F-CBC888622486}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2EF7543A-E831-49CD-BA8E-09E2F967F347}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{3146571D-989A-4724-A7B5-02998362AB86}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{323C75DD-4CC6-4952-B745-61EFF2771963}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42AACEA4-0DA9-409F-8F33-E79840CD1434}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{43196C96-7F02-45FE-B06F-8BB759096339}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{44409114-5FB1-4DDF-AEB0-602F2DDC9020}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{523126CC-51F9-410D-ABAE-D7CB3A89318C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5CDADCBF-10F2-4E8F-A116-330BECB31197}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5DAF9483-5A9A-4822-9FBA-9301806CE21A}" = protocol=6 | dir=out | app=system |
"{65312684-6719-41B7-B1A2-BC44A141214A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6CF474CC-E39E-4178-990C-6B9D76309376}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{718B6D21-4A5C-49CB-B376-D66A924FB49C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{88640E88-865A-43C8-98BB-41E1245872FB}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8972D69A-289E-45B4-86CC-CF07E7CBCB9D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9EC298BC-4FB4-4CF4-99F8-A48B9AC08001}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A588FCB4-5A45-40C8-B08C-CE03718CAEBA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B147E335-3301-4645-813E-3642A8A41CF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4DC96FC-D124-4DB7-B825-32B153BB5EB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C18A9A10-862A-4780-AC39-291BC97A7E12}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D2937FF0-5458-4AC5-B690-00D74C8A29EA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DADF18E2-B533-4231-B40D-F5771E7B6B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E02D2ADF-0A5E-4B12-9E37-26D248F7B199}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E35337E6-3F8C-47C5-9FF9-83087782F65A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E67F88E8-A3DA-424D-8F9A-07CF6C1E3527}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E75E6FC6-9054-4DBF-A09F-0D1D3CEFAD5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EDD382AD-FE07-40AA-9461-4D1D6E4A62CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFB6C0B5-5545-4123-889D-7BFFE0A72A59}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{F36B0D4D-AC1D-4403-A644-D79E20958375}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F6DFEAFF-807F-444B-AD90-DB799F5C87CA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{F9BD625C-1A8A-4183-B131-0D4A0870EFC3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FCC31579-4B92-4109-AF4C-0DB9E832328B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{334C7463-334B-4618-BA87-671C15284497}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{91EEF059-5856-4BB9-AEC6-B00A6D08A974}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{AE0AED48-C7A0-462E-9E18-18FB6C2AE4FB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{403B2F08-A624-4608-98AC-057AED8473AD}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{83D357C0-55AF-4961-9AA7-D4B14BEA3A4A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{FADC54DC-0041-4DB1-94ED-4DAE452A655C}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D860FF8-2DA9-816C-514D-8D8EA693B0BB}" = ATI Catalyst Install Manager
"{3FB4DC1E-36CD-5CA3-5DDD-7B4604C63E1B}" = ccc-utility64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49B1B217-27B1-42D8-A0A5-7ED0CD0D9508}" = WD SmartWare
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{BA8EAB0F-8027-D883-713F-1366FD152AE6}" = WMV9/VC-1 Video Playback
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{080F3C1C-721F-4D0F-F9BE-5697D09A55DA}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FCB9A72-EAE6-A30E-5632-136329744FE8}" = CCC Help Russian
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18D25288-EE3F-3283-781E-0192E80D21BA}" = CCC Help Swedish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FFBF788-F466-F92F-F15B-5C77ACCAC5B5}" = CCC Help Italian
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2468BAE3-7A0B-2022-4EF2-26FD34760D2E}" = Catalyst Control Center Profiles Mobile
"{2534799C-EB5F-2FBB-99B0-715E6B6C565B}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26C18C99-1C29-D52D-4A6B-3B0F4023CC92}" = CCC Help Turkish
"{2C4DC9C3-1128-9478-F370-D1ADA078916C}" = Catalyst Control Center
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{450CFD4D-7E60-3839-D0FA-56DB08675447}" = dLAN Cockpit
"{49117BC7-700B-0BA6-32E0-6A2140180E7A}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5D2769-8885-5ACE-3BD7-4F4FC2BE3C4E}" = Catalyst Control Center Localization All
"{4E9C3C65-B902-FF37-372D-30AAB132AEED}" = CCC Help Chinese Standard
"{512F5625-F021-4F66-E593-5E8E437EF02C}" = CCC Help Thai
"{5925E9CC-644B-2E09-3BB6-D211CF8AB817}" = CCC Help Spanish
"{5D8CA544-4DF8-0F46-5A55-C2221965ECE9}" = CCC Help Finnish
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AA30E7C-096D-A63E-F154-8CFA9A609F87}" = CCC Help Hungarian
"{6D080AA9-BECE-5A4D-D594-05AFB953E2D6}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C486BD9-46FD-B7DB-AF0F-9D96391199EB}" = CCC Help French
"{80AACE4D-334F-E171-7A12-5EF7E790ACD9}" = CCC Help Greek
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB84CEC-6819-4E51-9E32-C756835637B0}" = PlayMemories Home
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0527F84-33D7-14CC-5883-E3293026193D}" = CCC Help Japanese
"{A33656AA-5805-F233-2FF2-25173500B7A2}" = PX Profile Update
"{A3825D53-9AB1-057B-50C9-418E03F62F1A}" = CCC Help Norwegian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABA45151-F635-9FCB-3007-99F627BEA19F}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B70244FC-CE59-F872-CD9E-7DC3E246F14C}" = Catalyst Control Center Graphics Previews Common
"{BD415011-921F-296D-A3F5-E18DD58F2C56}" = CCC Help German
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D4301133-15DE-2726-4A4B-0C4A0F5CB192}" = Catalyst Control Center InstallProxy
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF3FD0-1B2D-2DA4-4B1B-932BC92BEA90}" = CCC Help Dutch
"{DDDCC5DC-D9F2-9140-3376-855B68EBA6C5}" = CCC Help Polish
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F37CD487-CE8F-29B0-9690-3F0758C10BFB}" = CCC Help Korean
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.3
"dlancockpit" = devolo dLAN Cockpit
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MPE" = MyPhoneExplorer
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PS3 Media Server" = PS3 Media Server
"Searchqu 413 MediaBar" = Windows Searchqu Toolbar
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.07.2012 07:52:57 | Computer Name = Lenovo | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2012 22:33:02 | Computer Name = Lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 31.07.2012 07:09:10 | Computer Name = Lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 05.08.2012 12:26:36 | Computer Name = Lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 08.08.2012 18:00:48 | Computer Name = Lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 10.08.2012 08:47:26 | Computer Name = Lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 12.08.2012 10:47:54 | Computer Name = Lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 14.08.2012 09:09:07 | Computer Name = Lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 15.08.2012 22:12:57 | Computer Name = Lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 16.08.2012 18:59:05 | Computer Name = Lenovo | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 10.03.2012 12:38:43 | Computer Name = Lenovo | Source = MCUpdate | ID = 0
Description = 17:38:43 - Fehler beim Herstellen der Internetverbindung. 17:38:43
- Serververbindung konnte nicht hergestellt werden..
Error - 10.03.2012 12:38:57 | Computer Name = Lenovo | Source = MCUpdate | ID = 0
Description = 17:38:48 - Fehler beim Herstellen der Internetverbindung. 17:38:48
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 28.08.2012 22:07:10 | Computer Name = Lenovo | Source = DCOM | ID = 10010
Description =
Error - 31.08.2012 22:36:58 | Computer Name = Lenovo | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?09.?2012 um 04:33:29 unerwartet heruntergefahren.
Error - 31.08.2012 22:41:09 | Computer Name = Lenovo | Source = DCOM | ID = 10010
Description =
Error - 08.09.2012 23:41:11 | Computer Name = Lenovo | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2012 um 23:22:14 unerwartet heruntergefahren.
Error - 08.09.2012 23:42:51 | Computer Name = Lenovo | Source = DCOM | ID = 10010
Description =
Error - 09.09.2012 21:24:40 | Computer Name = Lenovo | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 09.09.2012 21:24:41 | Computer Name = Lenovo | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 10.09.2012 09:42:45 | Computer Name = Lenovo | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 10.09.2012 09:42:46 | Computer Name = Lenovo | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 11.09.2012 07:40:02 | Computer Name = Lenovo | Source = DCOM | ID = 10010
Description =
< End of report > --- --- ---
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-27 08:25:10
Windows 6.1.7601 Service Pack 1
Running: 16wql3s6.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b7f3f48
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b7f3f48@945103bbe769 0x0A 0xB5 0xC1 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b7f3f48@c0e422cb0819 0xEA 0xE1 0xF6 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b7f3f48 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b7f3f48@945103bbe769 0x0A 0xB5 0xC1 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b7f3f48@c0e422cb0819 0xEA 0xE1 0xF6 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)
---- EOF - GMER 1.0.15 ---- --- --- --- |