| MasterT83 | 04.07.2013 15:34 |
Code:
Zoek.exe Version 4.0.0.3 Updated 27-June-2013
Tool run by Tobias Ebeling on 04.07.2013 at 16:20:16,10.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
04.07.2013 16:21:15 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
Added to C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default\prefs.js:
ProfilePath: C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default
user.js not found
---- Lines crossrider removed from prefs.js ----
---- Lines crossrider modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1623_.backup
==== Deleting Files \ Folders ======================
"C:\windows\SysNative\Tasks\EPUpdater" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted
"C:\Users\Tobias Ebeling\AppData\Local\DownloadGuide" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default
- Plus-HD-2.3 - %ProfilePath%\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Tobias Ebeling\AppData\Roaming\Mozilla\Firefox\Profiles\criq7e9y.default
3D928B3FE97C403A33F803B3D1A260C9 - C:\Users\Tobias Ebeling\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jnikkfemnfogahcandhlchoengjbeaij - C:\Program Files (x86)\LyricsWoofer\116.crx[]
Docs - Tobias Ebeling - Default\Extensions\aohghmighlieiainnegkcijnfilokake
LyricsWoofer - Tobias Ebeling - Default\Extensions\jnikkfemnfogahcandhlchoengjbeaij
Plus-HD-2.3 - Tobias Ebeling - Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
==== Chrome Fix ======================
C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnikkfemnfogahcandhlchoengjbeaij deleted successfully
C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{DAB515FE-C231-4B5E-9538-D6DBBFA5ECEE} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2003283359-3443890453-1627890408-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DAB515FE-C231-4B5E-9538-D6DBBFA5ECEE} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Default\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Default User\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Tobias Ebeling\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Tobias Ebeling\Desktop\IrfanView.lnk - C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Users\Tobias Ebeling\Desktop\Zattoo.lnk - C:\Program Files (x86)\Zattoo4\Zattoo.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Public\Desktop\Benutzerhandbuch.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe
C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Public\Desktop\Intel AppUp(SM) center.lnk - C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe --domain F0399437-FD0C-4A48-B101-F0314A6172E4
C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe
C:\Users\Public\Desktop\Lenovo YouCam.lnk - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD-RW-Laufwerk (E) OTTO_S_ELEVEN.lnk - E:\
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\edithewei2013.lnk - F:\Downloads\edithewei2013.zip
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth\GT-I9300.lnk - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTWUIExt.exe /deviceAddr=1c66aa126d3e
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\Application\chrome.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Readme anzeigen.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Studio Manager.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Bluetooth.lnk - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Tobias Ebeling\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\WINDOWS\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Tobias Ebeling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jnikkfemnfogahcandhlchoengjbeaij deleted successfully
==== Silent Runners ======================
"Silent Runners.vbs", revision 69.2, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\WINDOWS\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\WINDOWS\system32\igfxpers.exe [Intel Corporation]
SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t [Conexant Systems, Inc.]
cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [Conexant Systems, Inc.]
ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
Energy Management = C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [Lenovo (Beijing) Limited]
EnergyUtility = C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [Lenovo(beijing) Limited]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
Dolby Advanced Audio v2 = "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [null data]
331BigDog = C:\Program Files (x86)\USB Camera\VM331STI.EXE [Vimicro]
YouCam Mirage = "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [CyberLink]
YouCam Tray = "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [CyberLink Corp.]
UpdateP2GShortCut = "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [CyberLink Corp.]
RemoteControl10 = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [CyberLink Corp.]
Intel AppUp(SM) center = "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [Intel Corporation]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM...Wow...CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
SugarSyncBackedUp\(Default) = {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}
-> {HKLM...CLSID} = BackedUpOverlay Class
\InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]
SugarSyncPending\(Default) = {62CCD8E3-9C21-41E1-B55E-1E26DFC68511}
-> {HKLM...CLSID} = PendingOverlay Class
\InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]
SugarSyncRoot\(Default) = {A759AFF6-5851-457D-A540-F4ECED148351}
-> {HKLM...CLSID} = RootFolderOverlay Class
\InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]
SugarSyncShared\(Default) = {1574C9EF-7D58-488F-B358-8B78C1538F51}
-> {HKLM...CLSID} = SharedOverlay Class
\InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = Lenovo
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]
{2d3dd4c0-3bd7-11d2-821e-444553540000} = WdmidleDeviceShellExtension
-> {HKLM...CLSID} = WdmidleDeviceShellExtension
\InProcServer32\(Default) = c:\program files (x86)\lenovo\energy management\powcpl.dll [null data]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
-> {HKLM...CLSID} = Enterprise-Projekte
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM...CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]
{7842554E-6BED-11D2-8CDB-B05550C10000} = Monitor
-> {HKLM...CLSID} = Monitor Class
\InProcServer32\(Default) = C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll [Broadcom Corporation.]
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}\(Default) = BtwCredentialProvider
-> {HKLM...CLSID} = BtwCredentialProvider
\InProcServer32\(Default) = C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [Broadcom Corporation.]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
SugarSync\(Default) = {305BC11B-5175-492B-B569-866547FCDA40}
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
Monitor\(Default) = {7842554E-6BED-11D2-8CDB-B05550C10000}
-> {HKLM...CLSID} = Monitor Class
\InProcServer32\(Default) = C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll [Broadcom Corporation.]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [Intel Corporation]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
SugarSync\(Default) = {305BC11B-5175-492B-B569-866547FCDA40}
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [SugarSync, Inc.]
Default executables:
--------------------
.hta
HKLM\SOFTWARE\Classes\htafile\(Default) = HTML Application
HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = C:\WINDOWS\SysWOW64\mshta.exe "%1" %* [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
EnableCursorSuppression = (REG_DWORD) dword:0x00000001
{unrecognized setting}
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]
iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]
iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]
iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]
MagicUSBCable\
Provider = @%windir%\system32\migwiz\wet.dll,-588
CLSID = {0C776A5A-FC42-4870-8D65-D62ADD9184FF}
-> {HKLM...CLSID} = Magic USB Cable Class ID
\LocalServer32\(Default) = "C:\Windows\System32\MigAutoPlay.exe" [MS]
MSFhConfigBackup\
Provider = @C:\WINDOWS\system32\fhautoplay.dll,-100
InvokeProgID = FHConfig.AutoPlayHandler
InvokeVerb = config
HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPromptEachTime\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
MSPromptEachTimeNoContent\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
MSWPDNetworkConfigHandler\
Provider = @C:\WINDOWS\system32\wpdshext.dll,-503
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /NetworkConfig;%SystemRoot%\system32\xwizard.exe;RunWizard {34c219bd-85c1-4338-95e8-788a36901dc2} /z %s
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]
P2GCDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe" "%L" [Cyberlink]
P2GDVDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe" "%L" [Cyberlink]
PDVD10PlayCDAudioOnArrival\
Provider = PowerDVD 10
InvokeProgID = AudioCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
PDVD10PlayDVDMovieOnArrival\
Provider = PowerDVD 10
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
PDVD10PlaySVCDOnArrival\
Provider = PowerDVD 10
InvokeProgID = SVCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
PDVD10PlayVCDMovieOnArrival\
Provider = PowerDVD 10
InvokeProgID = VCD
InvokeVerb = PlayWithPowerDVD10
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD10\Command\(Default) = "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.]
Picasa2ImportPicturesOnArrival\
Provider = Picasa3
InvokeProgID = picasa2.autoplay
InvokeVerb = import
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.]
VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]
VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]
VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]
VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]
VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
WinampMTPHandler\
Provider = Winamp
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = C:\Program Files (x86)\Winamp\winamp.exe
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM...CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
WinampPlayMediaOnArrival\
Provider = Winamp
InvokeProgID = Winamp.File
InvokeVerb = Play
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Program Files (x86)\Winamp\winamp.exe" "%1" [Nullsoft, Inc.]
Startup items in "Tobias Ebeling" & "All Users" startup folders:
----------------------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp {++}
Bluetooth -> shortcut to: C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [Broadcom Corporation.]
Non-disabled Scheduled Tasks: {++}
-----------------------------
C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Desk 365 RunAsStdUser -> launches: C:\Program Files (x86)\Desk 365\desk365.exe /autorun [file not found]
GoogleUpdateTaskUserS-1-5-21-2003283359-3443890453-1627890408-1001Core -> launches: C:\Users\Tobias Ebeling\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-2003283359-3443890453-1627890408-1001UA -> launches: C:\Users\Tobias Ebeling\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [CyberLink]
Software Updater -> launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [file not found]
Software Updater Ui -> launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [file not found]
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = mscoree.dll [MS]
.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = mscoree.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\AppID
SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666}
-> {HKLM...CLSID} = Windows SmartScreen Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS]
-> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent /increment [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1}
-> {HKLM...CLSID} = Proactive Scan
\InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66}
-> {HKLM...CLSID} = BthSQM
\InProcServer32\(Default) = C:\WINDOWS\System32\BthSQM.dll [MS]
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
-> {HKLM...CLSID} = Data Integrity Scan
\InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
-> {HKLM...CLSID} = DsmRefreshTask Class
\InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
Microsoft-Windows-DiskDiagnosticDataCollector -> (HIDDEN!) launches: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
-> {HKLM...CLSID} = FhTaskHandler Class
\InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\WINDOWS\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
Lpksetup -> launches: C:\WINDOWS\System32\lpksetup.exe -v [MS]
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder -> launches: C:\WINDOWS\System32\mcbuilder.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg
BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3}
-> {HKLM...CLSID} = Binding Engine Task Handler
\InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS]
-> {HKLM...Wow...CLSID} = Binding Engine Task Handler
\InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\PI
Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209}
-> {HKLM...CLSID} = Device Installation Group Policy Task Handler
\InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b}
-> {HKLM...CLSID} = Device Installation Reboot Dialog Task
\InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
StartComponentCleanup -> launches: dism.exe /online /cleanup-image /startcomponentcleanup /asynchronous [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
-> {HKLM...CLSID} = Delayed Background Upload Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncInfo.dll [MS]
-> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncInfo.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43}
-> {HKLM...CLSID} = Shell Create Object Task Delegate
\InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
-> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
\InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS]
FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA}
-> {HKLM...CLSID} = FamilySafety.WebSync
\InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS]
IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
-> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
\InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
-> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
\InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\WINDOWS\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
-> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
\InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
-> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
\InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler
Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8}
-> {HKLM...CLSID} = Maintenance Configurator
\InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS]
Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
-> {HKLM...CLSID} = Maintenance Launcher Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS]
Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
-> {HKLM...CLSID} = Maintenance Launcher Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
-> {HKLM...CLSID} = Time Synchronization Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS]
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TPM
Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WS
Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC}
-> {HKLM...CLSID} = WinStore Tile Badge Updater
\InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS]
License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS]
Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E}
-> {HKLM...CLSID} = WinStore License Sync task
\InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS]
WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS]
WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\WSService.dll [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...Wow...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Avira Echtzeit-Scanner, AntiVirService, "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [Avira Operations GmbH & Co. KG]
Avira Planer, AntiVirSchedulerService, "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [Avira Operations GmbH & Co. KG]
Bluetooth Radio Control Service, BcmBtRSupport, C:\WINDOWS\system32\BtwRSupportService.exe [Broadcom Corporation.]
Bluetooth Service, btwdins, C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [Broadcom Corporation.]
Conexant Audio Message Service, CxAudMsg, C:\WINDOWS\system32\CxAudMsg64.exe [Conexant Systems Inc.]
Dienst "Bonjour", Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Elan Service, ETDService, C:\Program Files\Elantech\ETDService.exe [ELAN Microelectronics Corp.]
Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation]
Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> MCODS,
<<!>> PEVSystemStart, Service
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> MCODS,
<<!>> PEVSystemStart, Service
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tobias Ebeling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tobias Ebeling\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Tobias Ebeling\AppData\Local\Mozilla\Firefox\Profiles\criq7e9y.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Tobias Ebeling\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\TOBIAS~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 04.07.2013 at 16:29:43,54 ======================
Ich kann nun wieder zwischen verschiedenen Tabs schnell hin und her wechseln, allerdings ist die Ladezeit und das Ladesymbol für die einzelnen Seiten immer noch deutlich verlangsamt. |
Bitte lesen:
AdwCleaner auf deinen Desktop.
SecurityCheck und:
