Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Searchnu.de auf dem Rechner :-( (https://www.trojaner-board.de/138423-searchnu-de-rechner.html)

Sammy-Sina 18.07.2013 20:50
Searchnu.de auf dem Rechner :-(
 
Hallo,

ich bin ein ziemlich PC Laie daher bitte nicht wundern, wenn ich mich etwas dumm anstelle.

Also: Ich habe mir auf chip.de einen Converter für FLV Dateien runtergeladen "Free FLV Converter.Ink" Seitdem habe ich, wenn ich Google Chrome starte nicht mehr startpage.com als Startseite sondern "searchnu.com/413". Wenn ich AVIRA laufen lasse, kommen keine Funde.

Die beiden Warnungen lauten wie folgt:

Beginne mit der Suche in 'C:\' <System>
C:\Users\Thaumiller\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCF42UET\update[2].txt
[0] Archivtyp: ZIP
--> updater
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Thaumiller\AppData\Local\Temp\nsb5024.tmp\nsw518C.tmp\torchforchromeplugin.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
Beginne mit der Suche in 'E:\' <Daten>


Könnt Ihr mir weiterhelfen?

Danke im Voraus!!

Sammy-Sina

cosinus 18.07.2013 21:12
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Sammy-Sina 18.07.2013 21:15
Hallo Cosinus,

nein, sonst habe ich nix.

cosinus 18.07.2013 21:23
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Sammy-Sina 18.07.2013 21:42
AVIRA hat Alarm geschlagen.

Neuer Fund oder unerwünschtes Programm.

ADWARE/InstallCore.Gen

die Datei heißt "uninstaller.exe

wurde in Quarantäne verschoben

Code:
Exportierte Ereignisse:

18.07.2013 22:45 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Thaumiller\AppData\Local\Temp\is357113909\uninstaller.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ignoriert.

18.07.2013 22:42 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Thaumiller\AppData\Local\Temp\is357113909\uninstaller.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ignoriert.

18.07.2013 22:40 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Thaumiller\AppData\Local\Temp\is357113909\uninstaller.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

18.07.2013 22:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Thaumiller\AppData\Local\Temp\is357113909\uninstaller.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

18.07.2013 22:36 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Thaumiller\AppData\Local\Temp\is357113909\uninstaller.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

cosinus 18.07.2013 22:31
Ist nur Adware (Werbung)
Was ist mit dem Farbar-Log?

Sammy-Sina 19.07.2013 14:39
Ich mach wohl irgendwas falsch. Ich folge Deinem Link zu FRT 64-BIT komme dann auf filepony.de wo mir der Download auch angezeigt werde. Wenn ich diesen starte, bekomme ich einen Zip Opener auf dem Desktop gelegt. Eine Datei mit dem Namen FRST64.exe finde ich nicht. Wo mach ich den Fehler? Ich bekomm mit der Datei "Zip Opener" folgende Dateien installiert: Mikrosoft Silverlight, Qtrax Player, Delta toolbar, Wajam, Plus-HD-2.3, Open it!, Delta Chrome Toolbar, Delta Ply (remove only), Delta Play, Update für Zip Opener und noch mal Qtrax Player

Tut mir leid wenn ich mich so blöd anstelle :-(

ach ja. Und jetzt habe ich folgende Startseite:

hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A00000A0C6000000&affID=119357&tsp=4948

cosinus 19.07.2013 15:07
Du sollst dir doch nicht den ZIPOpener runterladen! :( :wtf:

Klick rechts oben auf Download neuste Version, dann erscheint ein Ladebalken, ist es vollständig verscheindet dieser und dafür erscheint ein Downloadlink zu dem Tool!

Sammy-Sina 19.07.2013 15:17
Sorry. Der der ZIP Opener war genau unter dem Download. Daher habe ich den downgeloadet. Wenn man Laien ans Werk lässt :-/
hab´s jetzt downgeloadet und befolge Deine Schritte. Melde mich dann gleich wieder

Kann ich den Zip Opener Müll einfach wieder über die Systemsteuerung löschen?

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-07-2013
Ran by Thaumiller (administrator) on 19-07-2013 16:11:44
Running from C:\Users\Thaumiller\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [228744 2012-09-20] (Lenovo.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2907448 2012-07-05] (Synaptics Incorporated)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Runonce: [removeSearchqudatamngr] - cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar" [x]
HKLM-x32\...\Runonce: [Del916630] - cmd.exe /Q /D /c del "C:\Users\THAUMI~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del919423] - cmd.exe /Q /D /c del "C:\Users\THAUMI~1\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Runonce: [Del916630] - cmd.exe /Q /D /c del "C:\Users\THAUMI~1\AppData\Local\Temp\0.del" [x]
HKCU\...\Runonce: [Del919423] - cmd.exe /Q /D /c del "C:\Users\THAUMI~1\AppData\Local\Temp\0.del" [x]
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-12] (Adobe Systems Incorporated)
HKCU\...\Runonce: [Qtrax] - C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 3098712123.portal.qtrax.com [x]
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [5941344 2012-05-16] (Lenovo Group Limited)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FLxHCIm] - "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [37888 2010-11-19] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [52584 2013-05-17] (Lenovo)
AppInit_DLLs:      [0 ] ()
AppInit_DLLs-x32:  c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [2521040 2013-05-23] ()
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A00000A0C6000000&affID=119357&tsp=4948
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5334959419274312&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5334959419274312&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5334959419274312&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5334959419274312&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A00000A0C6000000&affID=119357&tsp=4948
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A00000A0C6000000&affID=119357&tsp=4948
SearchScopes: HKCU - {4F61310A-4C96-4955-BF8C-8EFF92EFE8F5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ec0c1d4a-6a7e-49ef-a641-26b7cadb04a2&apn_sauid=2074CDA6-CB84-492F-B296-19F528885C19
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5334959419274312&q={searchTerms}
BHO-x32: Plus-HD-2.3 - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (YouTube) - C:\Users\THAUMI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\THAUMI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Delta Toolbar) - C:\Users\THAUMI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (DealPly Shopping  ) - C:\Users\THAUMI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0
CHR Extension: (Wajam) - C:\Users\THAUMI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0
CHR Extension: (Plus-HD-2.3) - C:\Users\THAUMI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.17_0
CHR Extension: (Gmail) - C:\Users\THAUMI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2011-08-18] (Lenovo Group Limited)
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [513600 2009-11-05] (ITETech                  )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [49664 2010-11-19] (Fresco Logic)
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-07-05] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-19 16:11 - 2013-07-19 16:11 - 00000000 ____D C:\FRST
2013-07-19 16:08 - 2013-07-19 16:09 - 01778207 _____ (Farbar) C:\Users\Thaumiller\Desktop\FRST64.exe
2013-07-19 15:24 - 2013-07-19 15:24 - 00002373 _____ C:\Users\Thaumiller\Desktop\Qtrax Player.lnk
2013-07-19 15:24 - 2013-07-19 15:24 - 00000000 ____D C:\Users\Thaumiller\Qtrax
2013-07-19 15:24 - 2013-07-19 15:24 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX
2013-07-19 15:21 - 2013-07-19 15:21 - 00004234 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-updater
2013-07-19 15:21 - 2013-07-19 15:21 - 00004138 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-enabler
2013-07-19 15:21 - 2013-07-19 15:21 - 00001204 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-19 15:21 - 2013-07-19 15:21 - 00001108 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-19 15:20 - 2013-07-19 15:20 - 00004238 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader
2013-07-19 15:20 - 2013-07-19 15:20 - 00001208 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-19 15:19 - 2013-07-19 15:21 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-07-19 15:19 - 2013-07-19 15:20 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-19 15:19 - 2013-07-19 15:19 - 00001916 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-19 15:19 - 2013-07-19 15:19 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-07-19 15:19 - 2013-07-19 15:19 - 00000000 ____D C:\Users\THAUMI~1\AppData\Local\Wajam
2013-07-19 15:15 - 2013-07-19 15:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-19 15:15 - 2013-07-19 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-19 15:09 - 2013-07-19 15:18 - 00003414 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-19 15:09 - 2013-07-19 15:09 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\Delta
2013-07-19 15:09 - 2013-07-19 15:09 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\BabSolution
2013-07-19 15:09 - 2013-07-19 15:09 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-19 15:08 - 2013-07-19 15:17 - 00001120 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-07-19 15:08 - 2013-07-19 15:08 - 00003542 _____ C:\Windows\System32\Tasks\DealPly
2013-07-19 15:08 - 2013-07-19 15:08 - 00003376 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-19 15:08 - 2013-07-19 15:08 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-19 15:08 - 2013-07-19 15:08 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\DealPly
2013-07-19 15:08 - 2013-07-19 15:08 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-19 15:08 - 2013-07-19 15:08 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-19 15:07 - 2013-07-19 15:08 - 00793536 _____ C:\Users\Thaumiller\Desktop\ZipOpenerSetup.exe
2013-07-19 15:01 - 2013-07-19 15:01 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-18 23:08 - 2013-07-18 22:58 - 00003096 _____ C:\Users\Thaumiller\Desktop\Ereignisse.txt
2013-07-18 22:50 - 2013-07-19 15:24 - 00002403 _____ C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-18 22:50 - 2013-07-18 22:50 - 00003832 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-18 22:50 - 2013-07-18 22:50 - 00000000 ____D C:\Users\THAUMI~1\AppData\Local\Downloaded Installations
2013-07-18 22:39 - 2013-07-18 22:39 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-18 21:52 - 2013-07-18 21:52 - 00022499 _____ C:\Users\Thaumiller\Documents\AVIRA_Scan_18.07..odt
2013-07-18 12:55 - 2013-07-18 12:56 - 03865647 _____ C:\Users\Thaumiller\Downloads\03Sportkonzept (1).flv
2013-07-18 12:48 - 2013-07-18 12:48 - 00001185 _____ C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-07-18 12:48 - 2013-07-18 12:48 - 00000000 ____D C:\Users\THAUMI~1\AppData\Local\Torch
2013-07-18 12:36 - 2013-07-18 12:48 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\FreeFLVConverter
2013-07-18 12:36 - 2013-07-01 11:53 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-07-18 12:36 - 2011-09-28 10:18 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2013-07-18 12:36 - 2011-09-28 10:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-07-18 12:36 - 2011-09-28 10:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-07-18 12:36 - 2011-09-28 10:18 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2013-07-18 12:36 - 2011-09-28 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-07-18 12:36 - 2011-09-28 10:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-07-18 12:36 - 2011-09-28 10:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-07-18 12:36 - 2011-09-28 10:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-07-18 12:36 - 2011-09-28 10:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-07-18 12:36 - 2011-09-28 10:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-07-18 12:36 - 2011-09-28 10:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-07-18 12:34 - 2013-07-19 15:04 - 00000000 ____D C:\ProgramData\Wincert
2013-07-18 12:33 - 2013-07-19 15:04 - 00000000 ____D C:\Program Files (x86)\Searchqu Toolbar
2013-07-18 12:33 - 2013-07-18 12:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-07-18 12:32 - 2013-07-19 15:05 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-07-18 12:31 - 2013-07-18 12:31 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Thaumiller\Downloads\FreeFLVConverter75Setup.exe
2013-07-18 12:27 - 2013-07-18 12:28 - 03865647 _____ C:\Users\Thaumiller\Downloads\04Kochvideo.flv
2013-07-18 12:27 - 2013-07-18 12:28 - 01636800 _____ C:\Users\Thaumiller\Downloads\01Messvideo.flv
2013-07-18 12:27 - 2013-07-18 12:28 - 00810216 _____ C:\Users\Thaumiller\Downloads\03Sportkonzept.flv
2013-07-13 14:57 - 2013-07-13 14:57 - 00003584 _____ C:\Users\THAUMI~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-10 17:04 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 17:04 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 17:04 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 17:04 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 17:04 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 17:04 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 17:04 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 17:04 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 17:04 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 17:04 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 17:04 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 17:04 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 17:04 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 17:04 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 17:04 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 17:04 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 17:04 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 17:04 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 17:04 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 17:04 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 17:04 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 17:04 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 17:04 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 17:04 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 17:04 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 17:04 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 17:03 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 17:03 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 17:03 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 17:03 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 17:03 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 12:32 - 2013-07-10 12:33 - 00013921 _____ C:\Users\Thaumiller\Documents\Kuendigung_LV_Peter.odt
2013-07-10 11:54 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 11:54 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 11:54 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:54 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 11:54 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:54 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:54 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-06-21 12:49 - 2013-07-18 12:57 - 00000000 ____D C:\Users\Thaumiller\Desktop\CT_10w
2013-06-20 16:28 - 2013-06-20 16:28 - 00013198 _____ C:\Users\Thaumiller\Documents\KündigungBwSW.odt
2013-06-19 11:44 - 2013-07-18 12:44 - 00000005 _____ C:\Users\Thaumiller\AppData\Roaming\WBPU-TTL.DAT

==================== One Month Modified Files and Folders =======

2013-07-19 16:11 - 2013-07-19 16:11 - 00000000 ____D C:\FRST
2013-07-19 16:09 - 2013-07-19 16:08 - 01778207 _____ (Farbar) C:\Users\Thaumiller\Desktop\FRST64.exe
2013-07-19 16:02 - 2013-01-14 12:53 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-19 15:36 - 2012-11-28 20:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 15:24 - 2013-07-19 15:24 - 00002373 _____ C:\Users\Thaumiller\Desktop\Qtrax Player.lnk
2013-07-19 15:24 - 2013-07-19 15:24 - 00000000 ____D C:\Users\Thaumiller\Qtrax
2013-07-19 15:24 - 2013-07-19 15:24 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX
2013-07-19 15:24 - 2013-07-18 22:50 - 00002403 _____ C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-19 15:24 - 2012-11-27 23:32 - 00000000 ____D C:\Users\Thaumiller
2013-07-19 15:21 - 2013-07-19 15:21 - 00004234 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-updater
2013-07-19 15:21 - 2013-07-19 15:21 - 00004138 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-enabler
2013-07-19 15:21 - 2013-07-19 15:21 - 00001204 _____ C:\Windows\Tasks\Plus-HD-2.3-updater.job
2013-07-19 15:21 - 2013-07-19 15:21 - 00001108 _____ C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2013-07-19 15:21 - 2013-07-19 15:19 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.3
2013-07-19 15:20 - 2013-07-19 15:20 - 00004238 _____ C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader
2013-07-19 15:20 - 2013-07-19 15:20 - 00001208 _____ C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2013-07-19 15:20 - 2013-07-19 15:19 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-19 15:19 - 2013-07-19 15:19 - 00001916 _____ C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2013-07-19 15:19 - 2013-07-19 15:19 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-07-19 15:19 - 2013-07-19 15:19 - 00000000 ____D C:\Users\THAUMI~1\AppData\Local\Wajam
2013-07-19 15:19 - 2013-06-09 15:44 - 00003262 _____ C:\Windows\System32\Tasks\DSite
2013-07-19 15:19 - 2013-06-09 15:44 - 00000302 _____ C:\Windows\Tasks\DSite.job
2013-07-19 15:18 - 2013-07-19 15:09 - 00003414 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-19 15:17 - 2013-07-19 15:08 - 00001120 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-07-19 15:15 - 2013-07-19 15:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-19 15:15 - 2013-07-19 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-19 15:09 - 2013-07-19 15:09 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\Delta
2013-07-19 15:09 - 2013-07-19 15:09 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\BabSolution
2013-07-19 15:09 - 2013-07-19 15:09 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-19 15:08 - 2013-07-19 15:08 - 00003542 _____ C:\Windows\System32\Tasks\DealPly
2013-07-19 15:08 - 2013-07-19 15:08 - 00003376 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-19 15:08 - 2013-07-19 15:08 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-19 15:08 - 2013-07-19 15:08 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\DealPly
2013-07-19 15:08 - 2013-07-19 15:08 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-19 15:08 - 2013-07-19 15:08 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-19 15:08 - 2013-07-19 15:07 - 00793536 _____ C:\Users\Thaumiller\Desktop\ZipOpenerSetup.exe
2013-07-19 15:05 - 2013-07-18 12:32 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-07-19 15:04 - 2013-07-18 12:34 - 00000000 ____D C:\ProgramData\Wincert
2013-07-19 15:04 - 2013-07-18 12:33 - 00000000 ____D C:\Program Files (x86)\Searchqu Toolbar
2013-07-19 15:02 - 2013-01-14 12:53 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-19 15:01 - 2013-07-19 15:01 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-19 15:01 - 2013-01-14 12:53 - 00000000 ____D C:\Users\THAUMI~1\AppData\Local\Google
2013-07-19 15:01 - 2013-01-14 12:53 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-19 15:01 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 15:01 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 14:59 - 2012-11-27 23:32 - 01303992 _____ C:\Windows\WindowsUpdate.log
2013-07-19 14:58 - 2012-11-28 08:23 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-07-19 14:58 - 2012-11-28 08:23 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-07-19 14:58 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-19 14:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-19 14:53 - 2009-07-14 06:51 - 00045703 _____ C:\Windows\setupact.log
2013-07-18 22:58 - 2013-07-18 23:08 - 00003096 _____ C:\Users\Thaumiller\Desktop\Ereignisse.txt
2013-07-18 22:50 - 2013-07-18 22:50 - 00003832 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-18 22:50 - 2013-07-18 22:50 - 00000000 ____D C:\Users\THAUMI~1\AppData\Local\Downloaded Installations
2013-07-18 22:39 - 2013-07-18 22:39 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-18 21:52 - 2013-07-18 21:52 - 00022499 _____ C:\Users\Thaumiller\Documents\AVIRA_Scan_18.07..odt
2013-07-18 20:31 - 2013-04-29 11:07 - 00000000 ____D C:\Users\Thaumiller\Documents\Mein Steuer-Sparbuch Heute
2013-07-18 12:57 - 2013-06-21 12:49 - 00000000 ____D C:\Users\Thaumiller\Desktop\CT_10w
2013-07-18 12:56 - 2013-07-18 12:55 - 03865647 _____ C:\Users\Thaumiller\Downloads\03Sportkonzept (1).flv
2013-07-18 12:48 - 2013-07-18 12:48 - 00001185 _____ C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-07-18 12:48 - 2013-07-18 12:48 - 00000000 ____D C:\Users\THAUMI~1\AppData\Local\Torch
2013-07-18 12:48 - 2013-07-18 12:36 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\FreeFLVConverter
2013-07-18 12:44 - 2013-06-19 11:44 - 00000005 _____ C:\Users\Thaumiller\AppData\Roaming\WBPU-TTL.DAT
2013-07-18 12:33 - 2013-07-18 12:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-07-18 12:31 - 2013-07-18 12:31 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Thaumiller\Downloads\FreeFLVConverter75Setup.exe
2013-07-18 12:28 - 2013-07-18 12:27 - 03865647 _____ C:\Users\Thaumiller\Downloads\04Kochvideo.flv
2013-07-18 12:28 - 2013-07-18 12:27 - 01636800 _____ C:\Users\Thaumiller\Downloads\01Messvideo.flv
2013-07-18 12:28 - 2013-07-18 12:27 - 00810216 _____ C:\Users\Thaumiller\Downloads\03Sportkonzept.flv
2013-07-13 15:04 - 2013-02-03 17:55 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 14:57 - 2013-07-13 14:57 - 00003584 _____ C:\Users\THAUMI~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-13 14:57 - 2013-01-14 12:53 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 14:57 - 2013-01-14 12:53 - 00003862 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 11:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 11:10 - 2009-07-14 06:45 - 00294168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 11:09 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 17:05 - 2012-11-27 23:56 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 15:43 - 2013-02-08 11:09 - 00000000 ____D C:\Users\Thaumiller\AppData\Roaming\Skype
2013-07-10 12:33 - 2013-07-10 12:32 - 00013921 _____ C:\Users\Thaumiller\Documents\Kuendigung_LV_Peter.odt
2013-07-10 12:29 - 2013-01-24 15:47 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-03 17:38 - 2013-01-09 23:51 - 00021249 _____ C:\Users\Thaumiller\Documents\Ein-&Ausgaben-Jahresübersicht.ods
2013-07-01 11:53 - 2013-07-18 12:36 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-06-27 12:28 - 2013-05-06 12:40 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-20 16:28 - 2013-06-20 16:28 - 00013198 _____ C:\Users\Thaumiller\Documents\KündigungBwSW.odt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-10 15:30

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2013
Ran by Thaumiller at 2013-07-19 16:12:38
Running from C:\Users\Thaumiller\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Anzeige am Bildschirm (Version: 6.61.00)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.762.0)
ATI Uninstaller (Version: 8.70-100113a-098836C-Lenovo)
Avira Free Antivirus (x32 Version: 13.0.0.3882)
Canon Easy-PhotoPrint EX (x32)
Canon IJ Network Scanner Selector EX (x32)
Canon IJ Network Tool (x32)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MG4100 series Benutzerregistrierung (x32)
Canon MG4100 series MP Drivers
Canon MG4100 series On-screen Manual (x32)
Canon MP Navigator EX 5.0 (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Light (x32 Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0113.2208.39662)
Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2208.39662)
Catalyst Control Center Localization All (x32 Version: 2010.0113.2208.39662)
CCC Help Chinese Standard (x32 Version: 2010.0113.2207.39662)
CCC Help Chinese Traditional (x32 Version: 2010.0113.2207.39662)
CCC Help Czech (x32 Version: 2010.0113.2207.39662)
CCC Help Danish (x32 Version: 2010.0113.2207.39662)
CCC Help Dutch (x32 Version: 2010.0113.2207.39662)
CCC Help English (x32 Version: 2010.0113.2207.39662)
CCC Help Finnish (x32 Version: 2010.0113.2207.39662)
CCC Help French (x32 Version: 2010.0113.2207.39662)
CCC Help German (x32 Version: 2010.0113.2207.39662)
CCC Help Greek (x32 Version: 2010.0113.2207.39662)
CCC Help Hungarian (x32 Version: 2010.0113.2207.39662)
CCC Help Italian (x32 Version: 2010.0113.2207.39662)
CCC Help Japanese (x32 Version: 2010.0113.2207.39662)
CCC Help Korean (x32 Version: 2010.0113.2207.39662)
CCC Help Norwegian (x32 Version: 2010.0113.2207.39662)
CCC Help Polish (x32 Version: 2010.0113.2207.39662)
CCC Help Portuguese (x32 Version: 2010.0113.2207.39662)
CCC Help Russian (x32 Version: 2010.0113.2207.39662)
CCC Help Spanish (x32 Version: 2010.0113.2207.39662)
CCC Help Swedish (x32 Version: 2010.0113.2207.39662)
CCC Help Thai (x32 Version: 2010.0113.2207.39662)
CCC Help Turkish (x32 Version: 2010.0113.2207.39662)
ccc-core-static (x32 Version: 2010.0113.2208.39662)
ccc-utility64 (Version: 2010.0113.2208.39662)
Cinergy T-Stick MKII V9.06.3.01 (x32 Version: 9.06.3.01)
DealPly (HKCU)
DealPly (remove only) (x32 Version: 4.8.6.1)
Delta Chrome Toolbar (x32)
Delta toolbar  (x32 Version: 1.8.21.5)
dows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Energie-Manager (x32 Version: 6.32)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.0.1.6)
Fresco Logic USB3.0 Host Controller (Version: 3.0.110.12)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
Integrated Camera Driver Installer Package Ver.1.0.1.9 (x32 Version: 1.0.1.9)
Integrated Camera TWAIN (x32 Version: 1.0.8.601)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) PROSet/Wireless WiFi-Software (Version: 13.04.0000)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (x32 Version: 1.3.0.007)
Lenovo Patch Utility (x32 Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.0.007)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Power Management Driver (Version: 1.65.05.21)
Lenovo Solution Center (Version: 2.1.003.00)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (x32 Version: 5.02.0011)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XML Parser (x32 Version: 8.0.7820.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Open It! (x32 Version: 1.1.1)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Picasa 3 (x32 Version: 3.9)
Plus-HD-2.3 (x32 Version: 1.27.153.8)
Qtrax Player (HKCU)
Qtrax Player (x32 Version: 01.001.0001)
Qualcomm Gobi 2000 Package for Lenovo (x32 Version: 1.1.250)
QuickTime (x32 Version: 7.73.80.64)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0010)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6146)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30116)
Rescue and Recovery (x32 Version: 4.50.0025.00)
Rossmann Fotowelt Software 4.12.1 (x32 Version: 4.12.1)
Skype™ 6.3 (x32 Version: 6.3.105)
TerraTec Home Cinema (x32 Version: 6.17.2)
ThinkPad UltraNav Driver (Version: 16.2.5.0)
ThinkVantage Access Connections (x32 Version: 5.97)
ThinkVantage Communications Utility (Version: 2.09)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.77.0.9)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Zip Opener (HKCU)
Wajam (x32 Version: 1.80)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137)

==================== Restore Points  =========================

16-06-2013 11:16:25 Windows Update
18-06-2013 11:48:27 Installed Lenovo Solution Center.
19-06-2013 12:49:53 Windows Update
10-07-2013 13:37:23 Geplanter Prüfpunkt
10-07-2013 15:00:01 Windows Update
19-07-2013 13:00:03 Removed Microsoft Silverlight

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0CEFD70E-CCB0-4E3E-A920-B34F16AE1249} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-07-19] (Plus HD)
Task: {1B5B14FB-8766-49CD-B743-4D9F75240C4F} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe No File
Task: {3C0FCE8D-534B-4856-A3A3-FF2FEBB58802} - System32\Tasks\DSite => C:\Users\THAUMI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-07-19] ()
Task: {3F49CC14-5E65-47A6-AC0B-7A14B8BA3A2A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {44D65FB5-BFFB-4DEA-9487-974E8AC35479} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {454572D7-3F6E-4D1E-81FD-01F3D0F247A7} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {45ABF170-7DF5-4D37-978A-8E4FE4988D70} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe No File
Task: {4996A977-3DE8-4886-9767-B719249E9D57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
Task: {51FC79CC-A03E-4FC0-8F55-BDD25B096FA9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {652143FA-2393-41F9-B596-66CF641372D6} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {6A4FAD88-1749-422E-BA98-AE6B0A08A156} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe No File
Task: {6A8BCCED-D239-4A84-AD31-1D1C23C94985} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-07-19] (Plus HD)
Task: {7A9E5CD5-4084-4461-B075-34903F74EA18} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {878E03C4-C295-4713-BF20-A4A73928A376} - System32\Tasks\EPUpdater => C:\Users\THAUMI~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {8C779A23-DB1E-499A-B40B-3CD1797A8612} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation)
Task: {9995E351-0505-49D7-B6EB-D09A55162903} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A24E9A3F-A523-4D9B-9F27-BEC7352A89AC} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {A355A9AF-4D9C-41F2-903B-BD7482D79523} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-07-19] (Plus HD)
Task: {C42FA570-F82B-48A3-BB60-63837A1EBFD5} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-07-19] (Plus HD)
Task: {C58E09F8-9DC9-44E6-B2B3-0BAB9DF0D71F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {CD79C377-65E4-4B6C-BA61-E206BE2D62FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
Task: {D87CF36C-B6D0-4BE9-BD26-6F9D7740DD6F} - System32\Tasks\DealPly => C:\Users\THAUMI~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE [2013-02-27] ()
Task: {D8DB7C1A-9B26-4595-A8D6-930ED3EF3E96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated)
Task: {E74DD834-64DE-4ADC-B8CF-A41A98D0E65B} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2013 03:04:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LSCServiceDiag.exe, Version: 2.1.3.0, Zeitstempel: 0x519656e7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009970a
ID des fehlerhaften Prozesses: 0x1628
Startzeit der fehlerhaften Anwendung: 0xLSCServiceDiag.exe0
Pfad der fehlerhaften Anwendung: LSCServiceDiag.exe1
Pfad des fehlerhaften Moduls: LSCServiceDiag.exe2
Berichtskennung: LSCServiceDiag.exe3

Error: (07/19/2013 02:54:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2013 02:54:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2013 02:54:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2013 02:54:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2013 02:54:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2013 11:08:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009970a
ID des fehlerhaften Prozesses: 0x14f4
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (07/18/2013 08:31:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2013 08:31:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2013 08:31:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/18/2013 08:30:39 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Lenovo PM Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/16/2013 00:32:16 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎15.‎07.‎2013 um 17:01:22 unerwartet heruntergefahren.

Error: (07/15/2013 04:27:43 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcSvc erreicht.

Error: (07/15/2013 04:27:13 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcSvc erreicht.

Error: (07/15/2013 04:19:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcSvc erreicht.

Error: (07/09/2013 05:30:27 PM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (07/08/2013 06:54:46 PM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (06/30/2013 00:02:24 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/27/2013 02:23:09 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎27.‎06.‎2013 um 12:47:42 unerwartet heruntergefahren.

Error: (06/26/2013 07:59:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎06.‎2013 um 19:46:25 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (07/19/2013 03:04:27 PM) (Source: Application Error)(User: )
Description: LSCServiceDiag.exe2.1.3.0519656e7ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000009970a162801ce84807f21ce00C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCServiceDiag.exeC:\Windows\SYSTEM32\ntdll.dllbd9cdf1f-f073-11e2-94c2-c417fef18964

Error: (07/19/2013 02:54:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (07/19/2013 02:54:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (07/19/2013 02:54:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (07/19/2013 02:54:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (07/19/2013 02:54:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2013 11:08:58 PM) (Source: Application Error)(User: )
Description: DllHost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000009970a14f401ce83fb04f4ccf8C:\Windows\system32\DllHost.exeC:\Windows\SYSTEM32\ntdll.dll42d19ff6-efee-11e2-904f-c417fef18964

Error: (07/18/2013 08:31:16 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (07/18/2013 08:31:16 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (07/18/2013 08:31:01 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3956.55 MB
Available physical RAM: 1749.38 MB
Total Pagefile: 7911.29 MB
Available Pagefile: 5200.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:361.54 GB) (Free:316.64 GB) NTFS (Disk=0 Partition=2)
Drive d: () (CDROM) (Total:4.38 GB) (Free:2.81 GB) UDF
Drive e: (Daten) (Fixed) (Total:337 GB) (Free:307.22 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: A33E49ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=362 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=337 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 19.07.2013 15:20
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Sammy-Sina 19.07.2013 17:12
GMER Logfile:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-19 16:56:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: 3uxbcxn1.exe; Driver: C:\Users\THAUMI~1\AppData\Local\Temp\pgtiyuow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                            fffff800031f9000 72 bytes [C1, 73, 45, 48, 8B, 55, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 633                                                                            fffff800031f9049 41 bytes {MOV EAX, [RBP+0x0]; CMP RAX, [RBX+0x20]; JZ 0x12; MOV [R8+R12*8], RAX; JMP 0xfffffffffffd98fd}

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1076] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1240] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                          0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1364] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                              0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                          0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2240] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2268] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2292] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                              0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2384] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[2428] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                      0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2776] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                              0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2788] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2688] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[3392] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                      0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[2992] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                          0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[3864] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                              0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[3512] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                            0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4104] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                              0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4176] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                              0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Windows\SysWOW64\rundll32.exe[4584] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                          0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Windows\SysWOW64\rundll32.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                00000000756b1465 2 bytes [6B, 75]
.text    C:\Windows\SysWOW64\rundll32.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4652] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4680] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                  0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[5208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[5208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        00000000756b1465 2 bytes [6B, 75]
.text    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe[5208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE[5232] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe[1140] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                        0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3956] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5648] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                    0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[5648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[6048] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                    0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000756b1465 2 bytes [6B, 75]
.text    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2
.text    C:\Users\Thaumiller\Desktop\3uxbcxn1.exe[5596] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                  0000000075e3cfca 5 bytes JMP 0000000174694970
.text    C:\Users\Thaumiller\Desktop\3uxbcxn1.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        00000000756b1465 2 bytes [6B, 75]
.text    C:\Users\Thaumiller\Desktop\3uxbcxn1.exe[5596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000756b14bb 2 bytes [6B, 75]
.text    ...                                                                                                                                            * 2

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c417fef18964                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c417fef18964 (not active ControlSet)                                               

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---

1. Scan mit 4 Funden:

Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Thaumiller :: THAUMILLER-PC [administrator]

19.07.2013 17:33:08
mbar-log-2013-07-19 (17-33-08).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 227820
Time elapsed: 12 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs (Adware.BProtector) -> Bad: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) Good: () -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (Adware.BProtector) -> Delete on reboot.
c:\Users\Thaumiller\AppData\Local\Temp\is357113909\plus-hd-2-3_DE.exe (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\Thaumiller\AppData\Local\Temp\nsrF47E.tmp\protector.dll (Adware.BProtector) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
2. Scan ohne einen Fund:

Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Thaumiller :: THAUMILLER-PC [administrator]

19.07.2013 17:49:22
mbar-log-2013-07-19 (17-49-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 227267
Time elapsed: 14 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 20.07.2013 00:48
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Sammy-Sina 20.07.2013 20:27
JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.7 (07.20.2013:1)
OS: Windows 7 Professional x64
Ran by Thaumiller on 20.07.2013 at 21:02:55,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1623096226-1224041477-2156797297-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{c1af5fa5-852c-4c90-812e-a7f75e011d87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4F61310A-4C96-4955-BF8C-8EFF92EFE8F5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}



~~~ Files

Successfully deleted: [File] "C:\Windows\tasks\dsite.job"
Successfully deleted: [File] "C:\Users\THAUMI~1\AppData\Local\Temp\searchqu.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\browserdefender"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\Thaumiller\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Thaumiller\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\Thaumiller\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Thaumiller\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Thaumiller\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Thaumiller\appdata\locallow\delta"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.07.2013 at 21:08:01,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 20.07.2013 21:18:17 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Thaumiller\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 61,82% Memory free
7,73 Gb Paging File | 5,90 Gb Available in Paging File | 76,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 361,54 Gb Total Space | 314,68 Gb Free Space | 87,04% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 2,81 Gb Free Space | 64,23% Space Free | Partition Type: UDF
Drive E: | 337,00 Gb Total Space | 307,22 Gb Free Space | 91,16% Space Free | Partition Type: NTFS
 
Computer Name: THAUMILLER-PC | User Name: Thaumiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thaumiller\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (QDLService2kLenovo) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (qcusbnetlno2k) -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcusbserlno2k) -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcfilterlno2k) -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:64bit: - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=5334959419274312&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A00000A0C6000000&affID=119357&tt=180713_9129&tsp=4947
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\SearchScopes\{78630BED-EFE8-48C4-B899-13D16C17FC29}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013.06.09 15:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A00000A0C6000000&affID=119357&tsp=4948
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.web.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Thaumiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Thaumiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Thaumiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78FC23C-4263-446D-A719-FE844D0D024A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.20 21:15:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thaumiller\Desktop\OTL.exe
[2013.07.20 21:02:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.20 21:00:38 | 000,559,511 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Thaumiller\Desktop\JRT.exe
[2013.07.20 20:57:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.07.19 17:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.19 17:27:46 | 000,000,000 | ---D | C] -- C:\Users\Thaumiller\Desktop\mbar-1.06.0.1004
[2013.07.19 16:11:28 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.19 16:08:51 | 001,778,207 | ---- | C] (Farbar) -- C:\Users\Thaumiller\Desktop\FRST64.exe
[2013.07.19 15:01:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.07.18 22:50:07 | 000,000,000 | ---D | C] -- C:\Users\Thaumiller\AppData\Local\Downloaded Installations
[2013.07.18 12:36:36 | 000,397,312 | ---- | C] (Koyote-Lab Inc) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.07.18 12:36:35 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2013.07.18 12:36:35 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2013.07.18 12:36:35 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2013.07.18 12:36:35 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2013.07.18 12:36:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2013.07.18 12:36:35 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PICCLP32.OCX
[2013.07.18 12:36:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2013.07.18 12:36:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCCLPFR.DLL
[2013.07.18 12:36:35 | 000,000,000 | ---D | C] -- C:\Users\Thaumiller\AppData\Roaming\FreeFLVConverter
[2013.07.18 12:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.07.10 17:04:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.07.10 17:04:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.07.10 17:04:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.10 17:04:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.07.10 17:04:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.10 17:04:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.07.10 17:04:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.07.10 17:04:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.07.10 17:04:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.07.10 17:04:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.10 17:04:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.07.10 17:04:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.10 17:04:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.07.10 17:04:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.10 17:04:02 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.10 11:54:58 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013.07.10 11:54:58 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013.07.10 11:54:57 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.10 11:54:57 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.07.10 11:54:16 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.06.21 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\Thaumiller\Desktop\CT_10w
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.20 21:16:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thaumiller\Desktop\OTL.exe
[2013.07.20 21:02:04 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.20 21:01:20 | 000,025,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.20 21:01:20 | 000,025,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.20 21:00:44 | 000,559,511 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Thaumiller\Desktop\JRT.exe
[2013.07.20 20:58:09 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.20 20:58:09 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.20 20:58:09 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.20 20:58:09 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.20 20:58:09 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.20 20:52:46 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.20 20:52:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.20 20:52:22 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.19 21:53:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.19 17:17:19 | 013,399,154 | ---- | M] () -- C:\Users\Thaumiller\Desktop\mbar-1.06.0.1004.zip
[2013.07.19 16:34:18 | 000,377,856 | ---- | M] () -- C:\Users\Thaumiller\Desktop\3uxbcxn1.exe
[2013.07.19 16:09:21 | 001,778,207 | ---- | M] (Farbar) -- C:\Users\Thaumiller\Desktop\FRST64.exe
[2013.07.18 21:52:11 | 000,022,499 | ---- | M] () -- C:\Users\Thaumiller\Documents\AVIRA_Scan_18.07..odt
[2013.07.18 12:44:10 | 000,000,005 | ---- | M] () -- C:\Users\Thaumiller\AppData\Roaming\WBPU-TTL.DAT
[2013.07.13 15:04:17 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.13 14:57:26 | 000,003,584 | ---- | M] () -- C:\Users\Thaumiller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.11 11:10:43 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.10 12:33:02 | 000,013,921 | ---- | M] () -- C:\Users\Thaumiller\Documents\Kuendigung_LV_Peter.odt
[2013.07.03 17:38:22 | 000,021,249 | ---- | M] () -- C:\Users\Thaumiller\Documents\Ein-&Ausgaben-Jahresübersicht.ods
[2013.07.01 11:53:14 | 000,397,312 | ---- | M] (Koyote-Lab Inc) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.06.27 12:28:40 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.07.19 17:12:31 | 013,399,154 | ---- | C] () -- C:\Users\Thaumiller\Desktop\mbar-1.06.0.1004.zip
[2013.07.19 16:34:11 | 000,377,856 | ---- | C] () -- C:\Users\Thaumiller\Desktop\3uxbcxn1.exe
[2013.07.18 21:52:08 | 000,022,499 | ---- | C] () -- C:\Users\Thaumiller\Documents\AVIRA_Scan_18.07..odt
[2013.07.18 12:48:13 | 000,001,185 | ---- | C] () -- C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
[2013.07.18 12:36:35 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2013.07.18 12:36:35 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2013.07.18 12:36:35 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2013.07.13 14:57:25 | 000,003,584 | ---- | C] () -- C:\Users\Thaumiller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.10 12:32:59 | 000,013,921 | ---- | C] () -- C:\Users\Thaumiller\Documents\Kuendigung_LV_Peter.odt
[2013.06.19 11:44:08 | 000,000,005 | ---- | C] () -- C:\Users\Thaumiller\AppData\Roaming\WBPU-TTL.DAT
[2013.04.29 11:05:45 | 000,000,103 | ---- | C] () -- C:\Windows\wiso.ini
[2013.02.03 14:36:52 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2013.02.03 14:36:32 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.11.28 21:06:46 | 000,000,546 | ---- | C] () -- C:\Users\Thaumiller\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.11.28 20:20:54 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.11.27 23:28:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 20.07.2013 21:18:17 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Thaumiller\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 61,82% Memory free
7,73 Gb Paging File | 5,90 Gb Available in Paging File | 76,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 361,54 Gb Total Space | 314,68 Gb Free Space | 87,04% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 2,81 Gb Free Space | 64,23% Space Free | Partition Type: UDF
Drive E: | 337,00 Gb Total Space | 307,22 Gb Free Space | 91,16% Space Free | Partition Type: NTFS
 
Computer Name: THAUMILLER-PC | User Name: Thaumiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17A71FDF-48E0-4AF7-B6CB-86D7A438509F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CB1F9AE-A1C4-488A-B000-D2A96E97D1B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{3A270578-BB8F-48D3-BD3E-212587289D46}" = lport=445 | protocol=6 | dir=in | app=system |
"{494E9585-DDEC-4598-9BB6-C5AF6E3FA60D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C61F55E-A2B5-46FD-83B3-B409BBCE61CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{535D3C57-E5BD-47B0-9422-E84E2DF789F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6523CC03-7543-456E-BF56-CF269FF4D273}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{652BF993-5FDE-4992-84C6-EE32CE4B4B77}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B1386E8-CFD4-4F13-A34D-75C1BF5040B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{725EC6BC-15B2-43D3-A9B7-43D83C3E66E1}" = rport=139 | protocol=6 | dir=out | app=system |
"{7C4FBD50-4854-4AFC-8931-1429EEE21897}" = lport=138 | protocol=17 | dir=in | app=system |
"{8D160C1D-0E2A-4103-91D4-6D8215BFC52B}" = lport=137 | protocol=17 | dir=in | app=system |
"{8FD9A508-445F-4704-B93A-C4EF354AF78B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{93FBE6AA-78B2-43B3-9B5B-93B8C528066B}" = lport=139 | protocol=6 | dir=in | app=system |
"{98E0077A-1C2B-4349-A5ED-3C810F0BAF16}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBEE9AAC-936A-44FA-83D3-745E43F2ECC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE39761C-9271-4E97-934B-FD08EF4FD416}" = rport=138 | protocol=17 | dir=out | app=system |
"{D6E03470-837B-46CD-B953-EBF1EEB9A430}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE6D89A4-D1B6-4D94-918B-869EDE67AB39}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F054D57B-2865-4C55-8574-4DB722EC0A82}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6D6DB78-AFB1-49A6-AE08-9394E9D7ABF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D5A84A-0145-46DB-8F08-48273B9AC2D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{078AD9DE-DB17-4CD1-BA47-9BABAB024598}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0BBC88E8-0BDA-4CBF-8B81-E7BD158C274B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0DA92775-9A71-47C2-8F1F-814656ECC2C5}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{1853D198-E1D0-46EB-8B5E-2DEA78707DFB}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{1CC0C438-383A-4E85-9B95-432FB0AE6FEA}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{2A4DCF8B-9D59-4A72-BBB8-F5A6801AFC87}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{2A678818-5546-4250-850C-E368C58A4B80}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{37AD0A37-78C3-42F5-B9B9-97FA938560B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{555C240F-643F-4979-AEC4-5280A92CEA41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B224A0A-712E-451F-BC21-ED36249A1598}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{5E54D576-A6E6-47E0-8D46-E1510D6CDE3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FA4954A-2049-4306-83ED-F5DDE8A58F71}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{64F81C97-A06A-4AA7-81D8-5DFABC485C69}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{74C4782E-FFC9-4837-8B6C-7C62147D1F57}" = protocol=6 | dir=out | app=system |
"{7D740873-F076-4BD3-A525-C359EED38726}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8469F0E7-2343-405B-92A7-9DD5591A93A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D75DB79-BCA4-45AC-8143-9E5FB22D0072}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91ABBEAA-355C-4690-9C96-576B2D0DDF15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{948AE727-590B-4F93-80B5-468DA3F32C20}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA9596BC-8D5C-4C0F-86E7-499A4D0E1CFA}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{B5682546-F2E2-4511-9EB1-BDE7F182B42A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9594905-E326-4A14-9806-3000CE60045E}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{CB0F3D81-6B3E-4FA8-A7B2-70849B3300AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE8D9E85-22B3-4483-8530-F98D039D07CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF4BD8DD-8365-42E4-A54D-ACA8DB37F002}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0E808F9-E24A-4A68-8DAF-2A3DEC7C5D35}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D332EC20-E486-4F16-A6CD-C8BCB69DEF51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E010248C-FA4C-45DF-8A2F-5E73BC911601}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F46E725A-4058-4EEF-A677-89CEF313BF7D}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{FE8095EE-BC60-49B1-ABF7-1DD834FFA47C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{28BC6CE8-D732-4608-905F-14087D094FE2}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{EFC53AFC-C5AF-41D2-9D62-6AA1127BA64F}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series" = Canon MG4100 series MP Drivers
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2AB30FC1-9094-88DE-F76F-7BA690329B1D}" = ccc-utility64
"{3534A6A6-D6CF-415E-B2C5-E97BEE8A6639}" = Fresco Logic USB3.0 Host Controller
"{3ADFDEB3-E659-E340-F3C5-33F237A807C5}" = ATI Catalyst Install Manager
"{4041B18B-DE30-4D78-9D60-6ADC586C5E00}" = Lenovo Solution Center
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"ATI Uninstaller" = ATI Uninstaller
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C18D9B-3B61-6EAA-1F47-095B265A340D}" = CCC Help Russian
"{04EEBFD2-D1B7-B71B-34D3-48AC17FE58C6}" = CCC Help Hungarian
"{142E95CC-EE6F-427F-DBD3-2A74347BC490}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{2BC3066C-6522-8BFF-0010-205EF1B1F4CF}" = CCC Help Swedish
"{2D45FA3F-EDFA-7F3F-C3E3-4C2F99CF4878}" = CCC Help Chinese Standard
"{33F43046-217B-8FE2-B6A8-00E80F0DE721}" = CCC Help French
"{3B3B6E6A-31AA-2FFE-A986-22FD68D2B388}" = Catalyst Control Center Localization All
"{3D6C32FD-673E-3F32-BA03-C710C695D23C}" = CCC Help Chinese Traditional
"{422110B2-BE71-88F3-ECBB-7AEB5DC4AD9A}" = Catalyst Control Center Graphics Light
"{44C38280-CD0D-00E7-2ABA-DD88EB67BF4E}" = CCC Help Polish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54E8A213-8C8D-5C6A-9A17-E2AA8A4B4AE1}" = CCC Help Korean
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{644B0FE3-1E49-F195-E94C-FFA6C856CF6D}" = CCC Help Spanish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666C9123-1AEC-446F-8AA8-28256B1953D4}" = Qualcomm Gobi 2000 Package for Lenovo
"{6E32A17B-4BF9-AE7B-6213-02A5290D0148}" = Catalyst Control Center Graphics Previews Vista
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{744702BE-912F-AA8D-F2DA-289315CD674B}" = Catalyst Control Center Core Implementation
"{76CF34E5-2041-1F8E-A4F0-479D0A23ADF9}" = CCC Help Greek
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79EE96DB-D2DE-C601-2E42-06DE30338545}" = CCC Help Italian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8E0560F6-425A-A1CE-6226-6F843CCA2E51}" = CCC Help English
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96DF4640-C0B2-2994-FC5A-4C8CCD36461D}" = Catalyst Control Center Graphics Full Existing
"{99D421D6-3D74-9428-DCE8-9C049B7D5F9F}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFBC82E7-8FE1-1503-CD03-29162C955907}" = CCC Help Turkish
"{BCF03B5E-E469-A3B8-91BD-20D4E6D14B6B}" = CCC Help Japanese
"{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}" = Rescue and Recovery
"{C28E9816-276D-FE9E-F717-747B52A5D42B}" = CCC Help Thai
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.0.1.9
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CD310B9F-8345-D567-C53B-38EEFD119CA3}" = ccc-core-static
"{D61CF128-FA46-4830-9F93-92D742F8BE02}" = CCC Help German
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D7359EC2-B1C9-D079-3DB4-C30E21B51465}" = CCC Help Norwegian
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{E4D15292-7CB1-B02B-7FC3-A0047C2E567D}" = CCC Help Dutch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A347D9-BC91-116A-70A8-DC0D55E0E63F}" = Catalyst Control Center Graphics Full New
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F647E40C-DA6F-C9AD-A4BF-C8852026E365}" = CCC Help Portuguese
"{F6BCAAA0-3BDA-13BE-002C-2D7D04E63733}" = CCC Help Danish
"{FB90BC38-52E4-C701-578C-2B542FBEFEB1}" = CCC Help Czech
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MG4100 series Benutzerregistrierung" = Canon MG4100 series Benutzerregistrierung
"Canon MG4100 series On-screen Manual" = Canon MG4100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Cinergy T-Stick MKII" = Cinergy T-Stick MKII V9.06.3.01
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Chrome" = Google Chrome
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Picasa 3" = Picasa 3
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
 
< End of report >
--- --- ---

cosinus 21.07.2013 13:49
Du hast adwCleaner vergessen

Sammy-Sina 22.07.2013 15:45
AdwCleaner Logfile:
Code:
# AdwCleaner v2.306 - Datei am 22/07/2013 um 16:20:06 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thaumiller - THAUMILLER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thaumiller\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Users\THAUMI~1\AppData\Local\Temp\Zynga
Ordner Gelöscht : C:\Users\THAUMI~1\AppData\Local\Temp\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}
Ordner Gelöscht : C:\Users\THAUMI~1\AppData\Local\Temp\AskSearch

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\a6ded9bd6eba47
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\Software\SearchquSRTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a6ded9bd6eba47
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Thaumiller\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.39] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Gelöscht [l.42] : keyword = "delta-search.com",
Gelöscht [l.46] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A00000A0C6000[...]
Gelöscht [l.2315] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A00000A0C60[...]

*************************

AdwCleaner[S1].txt - [3360 octets] - [22/07/2013 16:20:06]

########## EOF - C:\AdwCleaner[S1].txt - [3420 octets] ##########
--- --- ---


Neuer OTL Logfile von heute:

OTL Logfile:
Code:
OTL logfile created on: 22.07.2013 16:29:31 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Thaumiller\Desktop\Bereinigung
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,89% Memory free
7,73 Gb Paging File | 5,70 Gb Available in Paging File | 73,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 361,54 Gb Total Space | 314,14 Gb Free Space | 86,89% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 2,81 Gb Free Space | 64,23% Space Free | Partition Type: UDF
Drive E: | 337,00 Gb Total Space | 307,22 Gb Free Space | 91,16% Space Free | Partition Type: NTFS
 
Computer Name: THAUMILLER-PC | User Name: Thaumiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thaumiller\Desktop\Bereinigung\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (QDLService2kLenovo) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (qcusbnetlno2k) -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcusbserlno2k) -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcfilterlno2k) -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:64bit: - (FLxHCIh) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\..\SearchScopes\{78630BED-EFE8-48C4-B899-13D16C17FC29}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1623096226-1224041477-2156797297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013.06.09 15:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A00000A0C6000000&affID=119357&tsp=4948
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78FC23C-4263-446D-A719-FE844D0D024A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.20 21:30:29 | 000,000,000 | ---D | C] -- C:\Users\Thaumiller\Desktop\Bereinigung
[2013.07.20 21:02:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.20 20:57:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.07.19 17:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.19 16:11:28 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.19 15:01:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.07.18 22:50:07 | 000,000,000 | ---D | C] -- C:\Users\Thaumiller\AppData\Local\Downloaded Installations
[2013.07.18 12:36:36 | 000,397,312 | ---- | C] (Koyote-Lab Inc) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.07.18 12:36:35 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2013.07.18 12:36:35 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2013.07.18 12:36:35 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2013.07.18 12:36:35 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2013.07.18 12:36:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2013.07.18 12:36:35 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PICCLP32.OCX
[2013.07.18 12:36:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2013.07.18 12:36:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCCLPFR.DLL
[2013.07.18 12:36:35 | 000,000,000 | ---D | C] -- C:\Users\Thaumiller\AppData\Roaming\FreeFLVConverter
[2013.07.18 12:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.07.10 17:04:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.07.10 17:04:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.07.10 17:04:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.07.10 17:04:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.07.10 17:04:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.07.10 17:04:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.07.10 17:04:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.07.10 17:04:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.07.10 17:04:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.07.10 17:04:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.07.10 17:04:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.07.10 17:04:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.07.10 17:04:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.07.10 17:04:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.07.10 17:04:02 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.07.10 11:54:58 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013.07.10 11:54:58 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013.07.10 11:54:57 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.07.10 11:54:57 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.07.10 11:54:16 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.22 16:29:02 | 000,025,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.22 16:29:02 | 000,025,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.22 16:25:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.22 16:25:54 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.22 16:25:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.22 16:25:54 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.22 16:25:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.22 16:21:50 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.22 16:21:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.22 16:21:30 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.22 16:20:29 | 000,000,108 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.22 16:05:15 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.22 16:04:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.18 21:52:11 | 000,022,499 | ---- | M] () -- C:\Users\Thaumiller\Documents\AVIRA_Scan_18.07..odt
[2013.07.18 12:44:10 | 000,000,005 | ---- | M] () -- C:\Users\Thaumiller\AppData\Roaming\WBPU-TTL.DAT
[2013.07.13 15:04:17 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.13 14:57:26 | 000,003,584 | ---- | M] () -- C:\Users\Thaumiller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.11 11:10:43 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.10 12:33:02 | 000,013,921 | ---- | M] () -- C:\Users\Thaumiller\Documents\Kuendigung_LV_Peter.odt
[2013.07.03 17:38:22 | 000,021,249 | ---- | M] () -- C:\Users\Thaumiller\Documents\Ein-&Ausgaben-Jahresübersicht.ods
[2013.07.01 11:53:14 | 000,397,312 | ---- | M] (Koyote-Lab Inc) -- C:\Windows\SysWow64\TubeFinder.exe
[2013.06.27 12:28:40 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.07.22 16:20:11 | 000,000,108 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.18 21:52:08 | 000,022,499 | ---- | C] () -- C:\Users\Thaumiller\Documents\AVIRA_Scan_18.07..odt
[2013.07.18 12:48:13 | 000,001,185 | ---- | C] () -- C:\Users\Thaumiller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
[2013.07.18 12:36:35 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2013.07.18 12:36:35 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2013.07.18 12:36:35 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2013.07.13 14:57:25 | 000,003,584 | ---- | C] () -- C:\Users\Thaumiller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.10 12:32:59 | 000,013,921 | ---- | C] () -- C:\Users\Thaumiller\Documents\Kuendigung_LV_Peter.odt
[2013.06.19 11:44:08 | 000,000,005 | ---- | C] () -- C:\Users\Thaumiller\AppData\Roaming\WBPU-TTL.DAT
[2013.04.29 11:05:45 | 000,000,103 | ---- | C] () -- C:\Windows\wiso.ini
[2013.02.03 14:36:52 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2013.02.03 14:36:32 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.11.28 21:06:46 | 000,000,546 | ---- | C] () -- C:\Users\Thaumiller\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.11.28 20:20:54 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.11.27 23:28:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 22.07.2013 16:29:31 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Thaumiller\Desktop\Bereinigung
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,89% Memory free
7,73 Gb Paging File | 5,70 Gb Available in Paging File | 73,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 361,54 Gb Total Space | 314,14 Gb Free Space | 86,89% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 2,81 Gb Free Space | 64,23% Space Free | Partition Type: UDF
Drive E: | 337,00 Gb Total Space | 307,22 Gb Free Space | 91,16% Space Free | Partition Type: NTFS
 
Computer Name: THAUMILLER-PC | User Name: Thaumiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1623096226-1224041477-2156797297-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17A71FDF-48E0-4AF7-B6CB-86D7A438509F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CB1F9AE-A1C4-488A-B000-D2A96E97D1B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{3A270578-BB8F-48D3-BD3E-212587289D46}" = lport=445 | protocol=6 | dir=in | app=system |
"{494E9585-DDEC-4598-9BB6-C5AF6E3FA60D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C61F55E-A2B5-46FD-83B3-B409BBCE61CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{535D3C57-E5BD-47B0-9422-E84E2DF789F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6523CC03-7543-456E-BF56-CF269FF4D273}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{652BF993-5FDE-4992-84C6-EE32CE4B4B77}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B1386E8-CFD4-4F13-A34D-75C1BF5040B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{725EC6BC-15B2-43D3-A9B7-43D83C3E66E1}" = rport=139 | protocol=6 | dir=out | app=system |
"{7C4FBD50-4854-4AFC-8931-1429EEE21897}" = lport=138 | protocol=17 | dir=in | app=system |
"{8D160C1D-0E2A-4103-91D4-6D8215BFC52B}" = lport=137 | protocol=17 | dir=in | app=system |
"{8FD9A508-445F-4704-B93A-C4EF354AF78B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{93FBE6AA-78B2-43B3-9B5B-93B8C528066B}" = lport=139 | protocol=6 | dir=in | app=system |
"{98E0077A-1C2B-4349-A5ED-3C810F0BAF16}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBEE9AAC-936A-44FA-83D3-745E43F2ECC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE39761C-9271-4E97-934B-FD08EF4FD416}" = rport=138 | protocol=17 | dir=out | app=system |
"{D6E03470-837B-46CD-B953-EBF1EEB9A430}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EE6D89A4-D1B6-4D94-918B-869EDE67AB39}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F054D57B-2865-4C55-8574-4DB722EC0A82}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6D6DB78-AFB1-49A6-AE08-9394E9D7ABF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D5A84A-0145-46DB-8F08-48273B9AC2D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{078AD9DE-DB17-4CD1-BA47-9BABAB024598}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0BBC88E8-0BDA-4CBF-8B81-E7BD158C274B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0DA92775-9A71-47C2-8F1F-814656ECC2C5}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{1853D198-E1D0-46EB-8B5E-2DEA78707DFB}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{1CC0C438-383A-4E85-9B95-432FB0AE6FEA}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{2A4DCF8B-9D59-4A72-BBB8-F5A6801AFC87}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{2A678818-5546-4250-850C-E368C58A4B80}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{37AD0A37-78C3-42F5-B9B9-97FA938560B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{555C240F-643F-4979-AEC4-5280A92CEA41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B224A0A-712E-451F-BC21-ED36249A1598}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{5E54D576-A6E6-47E0-8D46-E1510D6CDE3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FA4954A-2049-4306-83ED-F5DDE8A58F71}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{64F81C97-A06A-4AA7-81D8-5DFABC485C69}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{74C4782E-FFC9-4837-8B6C-7C62147D1F57}" = protocol=6 | dir=out | app=system |
"{7D740873-F076-4BD3-A525-C359EED38726}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8469F0E7-2343-405B-92A7-9DD5591A93A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D75DB79-BCA4-45AC-8143-9E5FB22D0072}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91ABBEAA-355C-4690-9C96-576B2D0DDF15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{948AE727-590B-4F93-80B5-468DA3F32C20}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA9596BC-8D5C-4C0F-86E7-499A4D0E1CFA}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{B5682546-F2E2-4511-9EB1-BDE7F182B42A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9594905-E326-4A14-9806-3000CE60045E}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{CB0F3D81-6B3E-4FA8-A7B2-70849B3300AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE8D9E85-22B3-4483-8530-F98D039D07CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF4BD8DD-8365-42E4-A54D-ACA8DB37F002}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0E808F9-E24A-4A68-8DAF-2A3DEC7C5D35}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D332EC20-E486-4F16-A6CD-C8BCB69DEF51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E010248C-FA4C-45DF-8A2F-5E73BC911601}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F46E725A-4058-4EEF-A677-89CEF313BF7D}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{FE8095EE-BC60-49B1-ABF7-1DD834FFA47C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{28BC6CE8-D732-4608-905F-14087D094FE2}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{EFC53AFC-C5AF-41D2-9D62-6AA1127BA64F}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series" = Canon MG4100 series MP Drivers
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2AB30FC1-9094-88DE-F76F-7BA690329B1D}" = ccc-utility64
"{3534A6A6-D6CF-415E-B2C5-E97BEE8A6639}" = Fresco Logic USB3.0 Host Controller
"{3ADFDEB3-E659-E340-F3C5-33F237A807C5}" = ATI Catalyst Install Manager
"{4041B18B-DE30-4D78-9D60-6ADC586C5E00}" = Lenovo Solution Center
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"ATI Uninstaller" = ATI Uninstaller
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C18D9B-3B61-6EAA-1F47-095B265A340D}" = CCC Help Russian
"{04EEBFD2-D1B7-B71B-34D3-48AC17FE58C6}" = CCC Help Hungarian
"{142E95CC-EE6F-427F-DBD3-2A74347BC490}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{2BC3066C-6522-8BFF-0010-205EF1B1F4CF}" = CCC Help Swedish
"{2D45FA3F-EDFA-7F3F-C3E3-4C2F99CF4878}" = CCC Help Chinese Standard
"{33F43046-217B-8FE2-B6A8-00E80F0DE721}" = CCC Help French
"{3B3B6E6A-31AA-2FFE-A986-22FD68D2B388}" = Catalyst Control Center Localization All
"{3D6C32FD-673E-3F32-BA03-C710C695D23C}" = CCC Help Chinese Traditional
"{422110B2-BE71-88F3-ECBB-7AEB5DC4AD9A}" = Catalyst Control Center Graphics Light
"{44C38280-CD0D-00E7-2ABA-DD88EB67BF4E}" = CCC Help Polish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54E8A213-8C8D-5C6A-9A17-E2AA8A4B4AE1}" = CCC Help Korean
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{644B0FE3-1E49-F195-E94C-FFA6C856CF6D}" = CCC Help Spanish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666C9123-1AEC-446F-8AA8-28256B1953D4}" = Qualcomm Gobi 2000 Package for Lenovo
"{6E32A17B-4BF9-AE7B-6213-02A5290D0148}" = Catalyst Control Center Graphics Previews Vista
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{744702BE-912F-AA8D-F2DA-289315CD674B}" = Catalyst Control Center Core Implementation
"{76CF34E5-2041-1F8E-A4F0-479D0A23ADF9}" = CCC Help Greek
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79EE96DB-D2DE-C601-2E42-06DE30338545}" = CCC Help Italian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8E0560F6-425A-A1CE-6226-6F843CCA2E51}" = CCC Help English
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96DF4640-C0B2-2994-FC5A-4C8CCD36461D}" = Catalyst Control Center Graphics Full Existing
"{99D421D6-3D74-9428-DCE8-9C049B7D5F9F}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFBC82E7-8FE1-1503-CD03-29162C955907}" = CCC Help Turkish
"{BCF03B5E-E469-A3B8-91BD-20D4E6D14B6B}" = CCC Help Japanese
"{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}" = Rescue and Recovery
"{C28E9816-276D-FE9E-F717-747B52A5D42B}" = CCC Help Thai
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.0.1.9
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CD310B9F-8345-D567-C53B-38EEFD119CA3}" = ccc-core-static
"{D61CF128-FA46-4830-9F93-92D742F8BE02}" = CCC Help German
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D7359EC2-B1C9-D079-3DB4-C30E21B51465}" = CCC Help Norwegian
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{E4D15292-7CB1-B02B-7FC3-A0047C2E567D}" = CCC Help Dutch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A347D9-BC91-116A-70A8-DC0D55E0E63F}" = Catalyst Control Center Graphics Full New
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F647E40C-DA6F-C9AD-A4BF-C8852026E365}" = CCC Help Portuguese
"{F6BCAAA0-3BDA-13BE-002C-2D7D04E63733}" = CCC Help Danish
"{FB90BC38-52E4-C701-578C-2B542FBEFEB1}" = CCC Help Czech
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MG4100 series Benutzerregistrierung" = Canon MG4100 series Benutzerregistrierung
"Canon MG4100 series On-screen Manual" = Canon MG4100 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Cinergy T-Stick MKII" = Cinergy T-Stick MKII V9.06.3.01
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Chrome" = Google Chrome
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Picasa 3" = Picasa 3
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2013 06:44:27 | Computer Name = Thaumiller-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Canon\Solution Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2013 06:44:28 | Computer Name = Thaumiller-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Canon\Solution Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2013 06:45:06 | Computer Name = Thaumiller-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Canon\Solution Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2013 06:45:06 | Computer Name = Thaumiller-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Canon\Solution Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2013 06:50:07 | Computer Name = Thaumiller-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcSvc.exe, Version: 5.9.7.95, Zeitstempel:
 0x50487c7e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000420  Fehleroffset: 0x000ce6c3  ID des fehlerhaften Prozesses:
 0xa7c  Startzeit der fehlerhaften Anwendung: 0x01ce85ff1faa2e38  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 4e4e8f03-f1f3-11e2-b3a3-c417fef18964
 
Error - 22.07.2013 10:21:48 | Computer Name = Thaumiller-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.07.2013 10:22:02 | Computer Name = Thaumiller-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Canon\Solution Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.07.2013 10:22:02 | Computer Name = Thaumiller-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Canon\Solution Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.07.2013 10:22:10 | Computer Name = Thaumiller-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Canon\Solution Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.07.2013 10:22:10 | Computer Name = Thaumiller-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Canon\Solution Menu EX\MFC80U.DLL".  Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 21.07.2013 06:50:07 | Computer Name = Thaumiller-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AcSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 22.07.2013 10:04:45 | Computer Name = Thaumiller-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
 
Error - 22.07.2013 10:05:14 | Computer Name = Thaumiller-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131