Grüß Gott

Mein Anti-Vir hat die beiden Programme gefunden. Der zeit haben sie noch nichts sichtbares auf dem System an Schaden angerichtet.

Aber EXPFLASH.Straconn.Gen wird mir immer wieder angezeigt. Obwohl es in der Quarantäne schon öfters hinein geschoben wird oder ich ihn lösche aber er will einfach nicht verschwinden.
Ich hatte mehrere Systemscanns gemacht und nichts gefunden. Aber die Funde von Anti-Vir sind immer öfters aufgetaucht.

Ich hoffe ihr könnt mir helfen den Virus wieder los zu werden.

OTL

Zitat:

OTL logfile created on: 08.07.2013 23:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Folken\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

11,96 Gb Total Physical Memory | 8,98 Gb Available Physical Memory | 75,13% Memory free
15,25 Gb Paging File | 9,99 Gb Available in Paging File | 65,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,39 Gb Total Space | 682,96 Gb Free Space | 74,36% Space Free | Partition Type: NTFS
Drive D: | 11,64 Gb Total Space | 1,41 Gb Free Space | 12,11% Space Free | Partition Type: NTFS
Drive E: | 3,69 Gb Total Space | 0,01 Gb Free Space | 0,32% Space Free | Partition Type: FAT32
Drive F: | 485,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: JOSEF-PC | User Name: Folken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.08 19:41:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Folken\Desktop\OTL.exe
PRC - [2013.06.26 12:19:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.26 12:19:00 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.26 12:19:00 | 000,328,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2013.06.26 12:19:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.21 02:07:33 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Folken\AppData\Roaming\WebCake\WebCakeDesktop.exe
PRC - [2013.06.21 02:07:33 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013.06.18 10:26:02 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013.06.18 10:26:02 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013.06.17 10:29:56 | 002,723,368 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2013.06.10 12:08:18 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2013.06.07 23:20:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.04.22 15:22:16 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.18 10:51:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.18 10:50:08 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.18 10:46:54 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.07.18 10:45:15 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE


========== Modules (No Company Name) ==========

MOD - [2013.06.12 13:35:14 | 000,802,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\98bf7d68f19f0a2dd15b26f97771ec24\System.ServiceModel.Internals.ni.dll
MOD - [2013.06.12 13:35:14 | 000,121,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\6dbc4794082bffd0ad3e2dcc750a2035\SMDiagnostics.ni.dll
MOD - [2013.06.12 13:35:10 | 007,562,240 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bacedff71df875743daa9064b85c4e66\System.Xml.ni.dll
MOD - [2013.06.12 13:35:07 | 001,880,576 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6a8a61ca5208e404ca21a0c42a59a3c8\System.Xaml.ni.dll
MOD - [2013.06.12 13:35:06 | 012,698,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1bc35bb3e6a392c0fef52bc289e6d3d9\System.Windows.Forms.ni.dll
MOD - [2013.06.12 13:35:01 | 001,836,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\c9776e57fcd29751a6f9171589bfe577\System.Web.Services.ni.dll
MOD - [2013.06.12 13:28:58 | 000,641,024 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\3f0f5dc3b11fdcb086b4049ce5429ce9\System.Transactions.ni.dll
MOD - [2013.06.12 13:28:57 | 019,537,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\ea94ce8e71afd55226ced104e6e832ce\System.ServiceModel.ni.dll
MOD - [2013.06.12 13:28:48 | 002,786,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\065a34657d599a218b43196a1be4c8d2\System.Runtime.Serialization.ni.dll
MOD - [2013.06.12 13:28:45 | 001,631,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9eff07ed10b6ae9f9b1159a7d3612fcb\System.Drawing.ni.dll
MOD - [2013.06.12 13:28:44 | 007,249,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\2a70cd5771fd1c3520841e6310d04c4a\System.Data.ni.dll
MOD - [2013.06.12 13:28:41 | 000,958,464 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\15cfd8d46cc19704f61dac68b2378760\System.Configuration.ni.dll
MOD - [2013.06.12 13:28:41 | 000,147,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\1be32c8efe2b600916a7c2525db28e23\System.Configuration.Install.ni.dll
MOD - [2013.06.12 13:28:40 | 018,544,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\06ad035ae847f3bf5aa37702ee54f073\PresentationFramework.ni.dll
MOD - [2013.06.12 13:28:32 | 010,926,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e53bef236e7a584766cbde94066936fa\PresentationCore.ni.dll
MOD - [2013.06.12 13:28:27 | 003,910,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\2a3d9ad8e84239b4f46bd37556a23d6b\WindowsBase.ni.dll
MOD - [2013.06.12 13:28:24 | 006,998,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b3d842ef956729e3ca0a3bc5e37ea6d8\System.Core.ni.dll
MOD - [2013.06.12 13:28:21 | 009,937,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\eaa570735a52e0010d3e9caa9ba50124\System.ni.dll
MOD - [2013.06.12 13:28:16 | 016,547,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93689d115589e64dd4912f7113a11656\mscorlib.ni.dll
MOD - [2013.05.17 14:27:55 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a4fd9fd9b43607da4f9ac563f63f6b0e\System.Configuration.ni.dll
MOD - [2013.05.17 14:25:49 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5cb0754debdf19b9f0d63d4d8721f532\System.Windows.Forms.ni.dll
MOD - [2013.04.22 15:22:16 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
MOD - [2013.04.09 15:12:19 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll
MOD - [2013.04.09 15:12:12 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll
MOD - [2013.04.09 15:11:51 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll
MOD - [2013.04.09 15:11:48 | 011,494,912 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012.10.09 04:23:11 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.09.28 23:41:48 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2012.06.08 13:34:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.10.12 03:43:13 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.10.12 03:42:25 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.06.30 21:37:41 | 000,332,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2013.06.26 12:19:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.26 12:19:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.17 10:29:56 | 002,723,368 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013.06.07 23:20:47 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.04.22 15:22:16 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012.10.12 19:22:08 | 000,035,744 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012.09.27 13:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012.07.18 10:51:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.18 10:50:08 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.18 10:46:54 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.07.18 10:45:15 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE -- (ICQ Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.06.30 21:37:41 | 000,544,768 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013.06.23 21:44:22 | 000,772,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013.05.04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.05.04 09:34:17 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.05.04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.04.15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:51 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 19:49:26 | 000,023,184 | ---- | M] (Texas Instruments, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\TIxHCIufilter.sys -- (tiufilter)
DRV:64bit: - [2012.11.20 19:49:26 | 000,017,528 | ---- | M] (Texas Instruments, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\TIxHCIlfilter.sys -- (tilfilter)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.26 16:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.12 03:42:22 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.10.12 03:42:20 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.10.12 03:42:20 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.18 10:46:20 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.04 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.25 12:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.02 16:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.06.02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/13
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{B5DDB804-BF64-4EF7-ACA4-BEE62B632CC7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/13
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{B5DDB804-BF64-4EF7-ACA4-BEE62B632CC7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{B5DDB804-BF64-4EF7-ACA4-BEE62B632CC7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.25.4.2
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: Lyrics%40LyricsContainer.co:1.116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\116.xpi [2013.06.30 13:20:37 | 000,005,593 | ---- | M] ()

[2013.06.28 02:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\Extensions
[2013.06.30 13:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\Firefox\Profiles\tig28dh8.default\extensions
[2013.06.30 13:20:43 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Folken\AppData\Roaming\mozilla\Firefox\Profiles\tig28dh8.default\extensions\plugin@getwebcake.com
[2013.06.20 15:40:21 | 000,663,388 | ---- | M] () (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\firefox\profiles\tig28dh8.default\extensions\webbooster@iminent.com.xpi
[2013.06.28 02:35:38 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\firefox\profiles\tig28dh8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.06.28 02:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.28 02:33:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.30 13:20:37 | 000,005,593 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\LYRICSCONTAINER\116.XPI

O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (LyricsContainer) - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files (x86)\LyricsContainer\116.dll (RYD Software)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Programme\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Folken\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - Startup: C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B874F6-5C10-4CC5-B3AB-2DF70FF78468}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.23 17:33:05 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2001.04.18 17:23:00 | 000,000,041 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9a5f2c8c-9ece-11e2-be6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a5f2c8c-9ece-11e2-be6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2001.04.30 19:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.08 19:41:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Folken\Desktop\OTL.exe
[2013.07.04 23:31:37 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\Nintendo DS
[2013.07.01 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\PDF24
[2013.07.01 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\OpenOffice.org
[2013.07.01 14:32:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.07.01 14:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.07.01 14:32:05 | 000,000,000 | ---D | C] -- C:\Users\Folken\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.07.01 13:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.07.01 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013.07.01 13:49:15 | 015,905,080 | ---- | C] (Geek Software GmbH ) -- C:\Users\Folken\Documents\pdf24-creator-5.6.0.exe
[2013.06.30 21:38:31 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SRSLabs
[2013.06.30 21:37:58 | 002,193,920 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll
[2013.06.30 21:37:58 | 001,401,856 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRRPTR64.DLL
[2013.06.30 21:37:58 | 000,674,304 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll
[2013.06.30 21:37:58 | 000,544,768 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\drivers\stwrt64.sys
[2013.06.30 21:37:58 | 000,315,904 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM64.DLL
[2013.06.30 21:37:58 | 000,287,744 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysWow64\SRCOM.dll
[2013.06.30 21:37:58 | 000,287,744 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM.DLL
[2013.06.30 21:37:58 | 000,256,000 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\st646457.dll
[2013.06.30 21:37:58 | 000,083,456 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRAPO64.DLL
[2013.06.30 21:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2013.06.30 15:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\psx emulation cheater
[2013.06.30 13:50:33 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2013.06.30 13:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2013.06.30 13:21:02 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Iminent
[2013.06.30 13:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.06.30 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
[2013.06.30 13:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013.06.30 13:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2013.06.30 13:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.06.30 13:20:43 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\WebCake
[2013.06.30 13:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013.06.30 13:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.06.30 13:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013.06.30 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\PSX
[2013.06.30 00:07:39 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\Star Wars - The Old Republic
[2013.06.28 02:34:51 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\Macromedia
[2013.06.28 02:33:41 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\Mozilla
[2013.06.28 02:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.06.28 02:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.06.28 02:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.27 19:00:04 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\Bewerbungsunterlagen
[2013.06.25 15:00:53 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\WBB3 Software
[2013.06.23 21:44:22 | 000,772,680 | ---- | C] (Realtek ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2013.06.17 19:37:39 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
[2013.06.17 19:36:19 | 000,000,000 | ---D | C] -- C:\Joymax
[2013.06.16 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\Diagnostics
[2013.06.16 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
[2013.06.16 00:09:36 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\windows\DIIUnin.exe
[2013.06.16 00:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2013.06.15 23:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo II
[2013.06.14 01:16:51 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\RIFT
[2013.06.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\RIFT
[2013.06.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
[2013.06.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT
[2013.06.12 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Avira
[2013.06.12 12:56:14 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.06.12 12:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.12 12:52:29 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.06.12 12:52:29 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.06.12 12:52:29 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.06.12 12:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.12 12:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

========== Files - Modified Within 30 Days ==========

[2013.07.08 23:36:59 | 000,000,000 | ---- | M] () -- C:\Users\Folken\defogger_reenable
[2013.07.08 23:35:43 | 012,546,048 | ---- | M] () -- C:\Users\Folken\Documents\cbw-thir.rar
[2013.07.08 21:18:58 | 000,022,035 | ---- | M] () -- C:\Users\Folken\Desktop\Anweisungen.odt
[2013.07.08 21:04:40 | 000,043,730 | ---- | M] () -- C:\Users\Folken\Desktop\Geschichte von Merlesini.odt
[2013.07.08 19:54:54 | 000,007,334 | ---- | M] () -- C:\Users\Folken\Desktop\Problem mit EXPFLASH.Straconn.Gen und APPLSolimba.GEN.odt
[2013.07.08 19:43:28 | 000,377,856 | ---- | M] () -- C:\Users\Folken\Desktop\gmer_2.1.19163.exe
[2013.07.08 19:41:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Folken\Desktop\OTL.exe
[2013.07.08 19:38:11 | 000,050,477 | ---- | M] () -- C:\Users\Folken\Desktop\Defogger.exe
[2013.07.08 16:42:54 | 000,021,898 | ---- | M] () -- C:\Users\Folken\Desktop\Anti Vir Berichte.odt
[2013.07.08 14:35:13 | 000,021,051 | ---- | M] () -- C:\Users\Folken\AppData\Local\recently-used.xbel
[2013.07.08 13:10:04 | 000,000,428 | ---- | M] () -- C:\windows\tasks\LyricsContainer Update.job
[2013.07.08 10:54:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.07 21:53:34 | 000,000,354 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForFolken.job
[2013.07.05 13:54:31 | 000,003,236 | ---- | M] () -- C:\Users\Folken\Desktop\DeSmuME_0.9.9_x64 - Verknüpfung.lnk
[2013.07.04 21:50:22 | 000,291,088 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2013.07.04 21:50:22 | 000,291,088 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013.07.04 21:50:16 | 000,280,904 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2013.07.04 18:20:55 | 000,313,624 | ---- | M] () -- C:\Users\Folken\Documents\ideas1040.zip
[2013.07.01 14:34:34 | 000,001,241 | ---- | M] () -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:32:56 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:31:46 | 152,249,762 | ---- | M] () -- C:\Users\Folken\Documents\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.07.01 13:54:33 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.07.01 13:54:33 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.07.01 13:49:15 | 015,905,080 | ---- | M] (Geek Software GmbH ) -- C:\Users\Folken\Documents\pdf24-creator-5.6.0.exe
[2013.06.30 21:37:41 | 006,101,504 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stlang64.dll
[2013.06.30 21:37:41 | 002,193,920 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll
[2013.06.30 21:37:41 | 001,897,984 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\IDTNC64.cpl
[2013.06.30 21:37:41 | 001,702,912 | ---- | M] (IDT, Inc.) -- C:\windows\sttray64.exe
[2013.06.30 21:37:41 | 001,401,856 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRRPTR64.DLL
[2013.06.30 21:37:41 | 000,674,304 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll
[2013.06.30 21:37:41 | 000,544,768 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\drivers\stwrt64.sys
[2013.06.30 21:37:41 | 000,315,904 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM64.DLL
[2013.06.30 21:37:41 | 000,287,744 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysWow64\SRCOM.dll
[2013.06.30 21:37:41 | 000,287,744 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM.DLL
[2013.06.30 21:37:41 | 000,256,000 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\st646457.dll
[2013.06.30 21:37:41 | 000,225,280 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\HPToneCtrls64.dll
[2013.06.30 21:37:41 | 000,083,456 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRAPO64.DLL
[2013.06.30 15:36:55 | 000,001,967 | ---- | M] () -- C:\Users\Folken\Desktop\psx emulation cheater.lnk
[2013.06.30 15:13:40 | 001,326,080 | ---- | M] () -- C:\Users\Folken\Documents\pecsetup_v2.5.exe
[2013.06.30 14:52:36 | 001,336,832 | ---- | M] () -- C:\Users\Folken\Documents\pecsetup.exe
[2013.06.30 14:35:34 | 000,060,490 | ---- | M] () -- C:\Users\Folken\Documents\cdrpeops104.zip
[2013.06.30 14:34:05 | 000,021,203 | ---- | M] () -- C:\Users\Folken\Documents\cdrXeven_v0.93.zip
[2013.06.30 14:33:55 | 000,024,824 | ---- | M] () -- C:\Users\Folken\Documents\spupetedsound115.zip
[2013.06.30 14:13:40 | 000,175,318 | ---- | M] () -- C:\Users\Folken\Documents\gpupeteogl209.zip
[2013.06.30 13:30:58 | 188,870,397 | ---- | M] () -- C:\Users\Folken\Documents\Digimon World.7z
[2013.06.30 13:20:59 | 000,000,635 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.06.30 13:11:57 | 000,524,288 | ---- | M] () -- C:\Users\Folken\Documents\SCPH1001.BIN
[2013.06.30 13:11:05 | 000,784,150 | ---- | M] () -- C:\Users\Folken\Documents\pSX1.13.zip
[2013.06.28 02:33:38 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.26 23:25:41 | 000,570,880 | ---- | M] () -- C:\Users\Folken\Documents\com.designfreaks.style.anime.v1.1.0.tar
[2013.06.26 22:19:05 | 000,171,520 | ---- | M] () -- C:\Users\Folken\Documents\com.designfreaks.style.heaven.v1.0.0.tar
[2013.06.26 22:14:34 | 001,090,048 | ---- | M] () -- C:\Users\Folken\Documents\com.designfreaks.style.celticflower.v1.1.3.tar
[2013.06.26 20:45:50 | 000,342,495 | ---- | M] () -- C:\Users\Folken\Documents\forumstandardleaves-in-fall-style.tgz
[2013.06.26 14:59:24 | 000,010,586 | ---- | M] () -- C:\Users\Folken\Documents\systeminfo.xml
[2013.06.26 14:51:12 | 000,004,400 | ---- | M] () -- C:\Users\Folken\Documents\admintools.xml
[2013.06.26 14:50:56 | 000,024,465 | ---- | M] () -- C:\Users\Folken\Documents\options.xml
[2013.06.26 12:19:12 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.06.24 19:31:20 | 001,762,065 | ---- | M] () -- C:\Users\Folken\Documents\banner hh forum2.xcf
[2013.06.24 19:31:03 | 000,423,800 | ---- | M] () -- C:\Users\Folken\Documents\banner hh forum.xcf
[2013.06.24 14:14:31 | 000,096,169 | ---- | M] () -- C:\Users\Folken\Documents\AppleSeed.ttf
[2013.06.23 22:53:33 | 000,745,562 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.06.23 22:53:33 | 000,697,824 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.06.23 22:53:33 | 000,169,488 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.06.23 22:53:33 | 000,143,646 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.06.23 22:53:32 | 001,752,656 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.06.23 22:47:00 | 000,310,192 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.06.23 22:46:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.06.23 22:46:39 | 1680,539,646 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.23 21:44:22 | 000,772,680 | ---- | M] (Realtek ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2013.06.23 18:39:24 | 008,624,516 | ---- | M] () -- C:\Users\Folken\Documents\Bewerbungs Unterlagen.rar
[2013.06.23 18:37:49 | 001,338,909 | ---- | M] () -- C:\Users\Folken\Documents\Bewerbungsunterlagen IT-System-Elekroniker.pdf
[2013.06.17 19:37:39 | 000,000,692 | ---- | M] () -- C:\Users\Folken\Desktop\GDMO.lnk
[2013.06.17 18:54:56 | 000,000,931 | ---- | M] () -- C:\Users\Folken\Documents\Kündigung.rtf
[2013.06.17 18:24:44 | 000,678,173 | ---- | M] () -- C:\Users\Folken\Documents\Servicebereich_LogIn.pdf
[2013.06.16 00:29:36 | 000,040,655 | ---- | M] () -- C:\windows\DIIUnin.dat
[2013.06.16 00:23:03 | 000,001,907 | ---- | M] () -- C:\Users\Folken\Desktop\Diablo II - Lord of Destruction.lnk
[2013.06.16 00:09:37 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2013.06.16 00:09:36 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\windows\DIIUnin.exe
[2013.06.16 00:09:36 | 000,002,829 | ---- | M] () -- C:\windows\DIIUnin.pif
[2013.06.14 01:07:59 | 000,000,950 | ---- | M] () -- C:\Users\Folken\Desktop\RIFT.lnk
[2013.06.14 00:09:04 | 000,043,431 | ---- | M] () -- C:\Users\Folken\Documents\DownloadDatei_Staatsangehrigkeitsrecht_neu.pdf
[2013.06.13 15:12:16 | 000,000,219 | ---- | M] () -- C:\Users\Folken\Desktop\Dota 2.url
[2013.06.12 12:52:35 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 21:51:50 | 000,168,151 | ---- | M] () -- C:\Users\Folken\Documents\heaven-style.tgz

========== Files Created - No Company Name ==========

[2013.07.08 23:37:57 | 000,000,100 | -H-- | C] () -- C:\Users\Folken\Desktop\.~lock.Anweisungen.odt#
[2013.07.08 23:36:59 | 000,000,000 | ---- | C] () -- C:\Users\Folken\defogger_reenable
[2013.07.08 23:29:33 | 012,546,048 | ---- | C] () -- C:\Users\Folken\Documents\cbw-thir.rar
[2013.07.08 21:18:38 | 000,022,035 | ---- | C] () -- C:\Users\Folken\Desktop\Anweisungen.odt
[2013.07.08 19:54:54 | 000,007,334 | ---- | C] () -- C:\Users\Folken\Desktop\Problem mit EXPFLASH.Straconn.Gen und APPLSolimba.GEN.odt
[2013.07.08 19:43:28 | 000,377,856 | ---- | C] () -- C:\Users\Folken\Desktop\gmer_2.1.19163.exe
[2013.07.08 19:38:11 | 000,050,477 | ---- | C] () -- C:\Users\Folken\Desktop\Defogger.exe
[2013.07.08 16:42:21 | 000,021,898 | ---- | C] () -- C:\Users\Folken\Desktop\Anti Vir Berichte.odt
[2013.07.08 15:02:28 | 000,043,730 | ---- | C] () -- C:\Users\Folken\Desktop\Geschichte von Merlesini.odt
[2013.07.08 14:35:13 | 000,021,051 | ---- | C] () -- C:\Users\Folken\AppData\Local\recently-used.xbel
[2013.07.05 13:54:31 | 000,003,236 | ---- | C] () -- C:\Users\Folken\Desktop\DeSmuME_0.9.9_x64 - Verknüpfung.lnk
[2013.07.04 18:20:55 | 000,313,624 | ---- | C] () -- C:\Users\Folken\Documents\ideas1040.zip
[2013.07.01 14:34:34 | 000,001,241 | ---- | C] () -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:32:56 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:31:01 | 152,249,762 | ---- | C] () -- C:\Users\Folken\Documents\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.07.01 13:54:33 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.07.01 13:54:33 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.06.30 15:36:55 | 000,001,967 | ---- | C] () -- C:\Users\Folken\Desktop\psx emulation cheater.lnk
[2013.06.30 14:52:36 | 001,336,832 | ---- | C] () -- C:\Users\Folken\Documents\pecsetup.exe
[2013.06.30 14:35:34 | 000,060,490 | ---- | C] () -- C:\Users\Folken\Documents\cdrpeops104.zip
[2013.06.30 14:34:05 | 000,021,203 | ---- | C] () -- C:\Users\Folken\Documents\cdrXeven_v0.93.zip
[2013.06.30 14:33:55 | 000,024,824 | ---- | C] () -- C:\Users\Folken\Documents\spupetedsound115.zip
[2013.06.30 14:13:51 | 000,425,984 | ---- | C] () -- C:\Users\Folken\Documents\gpuPeteOpenGL2.dll
[2013.06.30 14:00:22 | 000,175,318 | ---- | C] () -- C:\Users\Folken\Documents\gpupeteogl209.zip
[2013.06.30 13:49:03 | 001,326,080 | ---- | C] () -- C:\Users\Folken\Documents\pecsetup_v2.5.exe
[2013.06.30 13:38:39 | 000,000,079 | ---- | C] () -- C:\Users\Folken\Documents\Digimon World.cue
[2013.06.30 13:38:27 | 381,771,936 | ---- | C] () -- C:\Users\Folken\Documents\Digimon World.bin
[2013.06.30 13:20:57 | 000,000,635 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.06.30 13:20:37 | 000,000,428 | ---- | C] () -- C:\windows\tasks\LyricsContainer Update.job
[2013.06.30 13:15:06 | 188,870,397 | ---- | C] () -- C:\Users\Folken\Documents\Digimon World.7z
[2013.06.30 13:11:57 | 000,524,288 | ---- | C] () -- C:\Users\Folken\Documents\SCPH1001.BIN
[2013.06.30 13:11:05 | 000,784,150 | ---- | C] () -- C:\Users\Folken\Documents\pSX1.13.zip
[2013.06.28 02:33:38 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.28 02:33:38 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.26 23:25:57 | 000,567,503 | ---- | C] () -- C:\Users\Folken\Documents\anime-style.tgz
[2013.06.26 23:25:41 | 000,570,880 | ---- | C] () -- C:\Users\Folken\Documents\com.designfreaks.style.anime.v1.1.0.tar
[2013.06.26 22:20:55 | 000,168,151 | ---- | C] () -- C:\Users\Folken\Documents\heaven-style.tgz
[2013.06.26 22:19:05 | 000,171,520 | ---- | C] () -- C:\Users\Folken\Documents\com.designfreaks.style.heaven.v1.0.0.tar
[2013.06.26 22:14:34 | 001,090,048 | ---- | C] () -- C:\Users\Folken\Documents\com.designfreaks.style.celticflower.v1.1.3.tar
[2013.06.26 20:45:50 | 000,342,495 | ---- | C] () -- C:\Users\Folken\Documents\forumstandardleaves-in-fall-style.tgz
[2013.06.26 14:59:24 | 000,010,586 | ---- | C] () -- C:\Users\Folken\Documents\systeminfo.xml
[2013.06.26 14:51:12 | 000,004,400 | ---- | C] () -- C:\Users\Folken\Documents\admintools.xml
[2013.06.26 14:50:56 | 000,024,465 | ---- | C] () -- C:\Users\Folken\Documents\options.xml
[2013.06.24 19:31:20 | 001,762,065 | ---- | C] () -- C:\Users\Folken\Documents\banner hh forum2.xcf
[2013.06.24 19:30:51 | 000,423,800 | ---- | C] () -- C:\Users\Folken\Documents\banner hh forum.xcf
[2013.06.24 14:14:31 | 000,096,169 | ---- | C] () -- C:\Users\Folken\Documents\AppleSeed.ttf
[2013.06.23 22:46:52 | 000,310,192 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.06.23 18:39:17 | 008,624,516 | ---- | C] () -- C:\Users\Folken\Documents\Bewerbungs Unterlagen.rar
[2013.06.23 18:37:49 | 001,338,909 | ---- | C] () -- C:\Users\Folken\Documents\Bewerbungsunterlagen IT-System-Elekroniker.pdf
[2013.06.17 19:37:39 | 000,000,692 | ---- | C] () -- C:\Users\Folken\Desktop\GDMO.lnk
[2013.06.17 18:24:44 | 000,678,173 | ---- | C] () -- C:\Users\Folken\Documents\Servicebereich_LogIn.pdf
[2013.06.17 18:07:32 | 000,000,931 | ---- | C] () -- C:\Users\Folken\Documents\Kündigung.rtf
[2013.06.16 00:23:03 | 000,001,907 | ---- | C] () -- C:\Users\Folken\Desktop\Diablo II - Lord of Destruction.lnk
[2013.06.16 00:09:37 | 000,040,655 | ---- | C] () -- C:\windows\DIIUnin.dat
[2013.06.16 00:09:37 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2013.06.16 00:09:36 | 000,002,829 | ---- | C] () -- C:\windows\DIIUnin.pif
[2013.06.15 13:32:28 | 000,386,646 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013.06.14 01:07:59 | 000,000,950 | ---- | C] () -- C:\Users\Folken\Desktop\RIFT.lnk
[2013.06.14 00:09:04 | 000,043,431 | ---- | C] () -- C:\Users\Folken\Documents\DownloadDatei_Staatsangehrigkeitsrecht_neu.pdf
[2013.06.13 15:12:16 | 000,000,219 | ---- | C] () -- C:\Users\Folken\Desktop\Dota 2.url
[2013.06.12 12:52:35 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.29 19:30:40 | 000,291,088 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013.05.29 19:30:34 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2013.04.06 17:40:50 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.10.12 03:42:25 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012.08.10 17:10:05 | 000,915,038 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013.02.19 03:17:39 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.04.21 12:35:34 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\DVDVideoSoft
[2013.07.08 23:36:47 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\ICQ
[2013.04.22 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\ICQ Search
[2013.04.08 23:57:11 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\ICQ-Profile
[2013.07.08 11:02:03 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
[2013.06.30 13:21:02 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\Iminent
[2013.04.20 00:59:03 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\LolClient
[2013.07.01 14:34:29 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\OpenOffice.org
[2013.04.06 19:04:02 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\Opera
[2013.06.04 19:35:20 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\Origin
[2013.06.14 01:26:34 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\RIFT
[2013.04.24 14:00:55 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\The Creative Assembly
[2013.07.07 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\TS3Client
[2013.06.01 01:16:24 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\WebApp
[2013.06.30 13:20:45 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\WebCake
[2013.05.19 21:27:44 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

Extra.txt

Zitat:

OTL Extras logfile created on: 08.07.2013 23:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Folken\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

11,96 Gb Total Physical Memory | 8,98 Gb Available Physical Memory | 75,13% Memory free
15,25 Gb Paging File | 9,99 Gb Available in Paging File | 65,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,39 Gb Total Space | 682,96 Gb Free Space | 74,36% Space Free | Partition Type: NTFS
Drive D: | 11,64 Gb Total Space | 1,41 Gb Free Space | 12,11% Space Free | Partition Type: NTFS
Drive E: | 3,69 Gb Total Space | 0,01 Gb Free Space | 0,32% Space Free | Partition Type: FAT32
Drive F: | 485,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: JOSEF-PC | User Name: Folken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B9EF66F-AF97-46EA-AFBF-AEA77518AA85}" = rport=445 | protocol=6 | dir=out | app=system |
"{249E92A4-1635-4885-A473-78CD181023C0}" = lport=139 | protocol=6 | dir=in | app=system |
"{2E282C07-4027-48EF-9006-D5A5071732CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C3E1D6E-5EBE-416B-A402-321DA6DB74BA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{423B0A38-7D9A-4B60-9D0C-D29E25E4E2F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{459565BA-243D-4FF8-A40D-10531A644D9F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B0C1EF2-1B3B-4275-A3B3-489246ED364E}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe |
"{4D18B250-625D-429B-9A31-C1F70FB5EE68}" = lport=137 | protocol=17 | dir=in | app=system |
"{58CE6D87-9F84-4495-813C-57B6A2008E02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F811183-AEEB-44D8-8859-BD2919BE135E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62B040B2-375E-42B1-9B19-0BD5C6CF0E8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63B2211C-3903-419F-9722-91C562BD104F}" = rport=80 | protocol=6 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{76E454E0-B726-4910-9FDE-2C0BB7146858}" = rport=137 | protocol=17 | dir=out | app=system |
"{7A7453CB-93B1-4E26-BD17-58749B17D7BD}" = rport=80 | protocol=6 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.exe |
"{84EE482C-EBB8-44D9-9E51-15CFCC7397ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8C369CBD-CAB0-4597-B6A4-3A9F168D2A4F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8D523F32-3A38-4DB0-872F-FDAEE9ECA96C}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F542C7F-FC8E-4D20-B38F-6E6894AE4D86}" = lport=138 | protocol=17 | dir=in | app=system |
"{99AB3B70-4396-43B6-8C2A-BDF950B34F86}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A71EE85D-AE4E-47D5-B3C4-49A669107C3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B9C6D6A0-9AF5-4F1E-9555-31C410C6047C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBDADD54-BAAC-4E04-A64C-DFAD59F68B43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C15240A4-5BCA-4B14-AF85-86AC7C3B0EAB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D6A378F2-D3E4-4704-AA2D-49E50F03E964}" = rport=138 | protocol=17 | dir=out | app=system |
"{E827D456-8205-450E-98A9-67E2A0CCC73D}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe |
"{ED192CB8-E68F-493E-A055-C415B4552B2F}" = rport=80 | protocol=6 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{F7D79318-421C-44BF-B40B-43B2176F9C16}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FCE70544-A941-4FEE-AE47-FE8AAE218238}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005952BF-E3AE-4003-8EA1-BDCC89FCB0D5}" = protocol=6 | dir=out | app=system |
"{04EB9958-2441-4E92-91F6-B31D1B6EA3FE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{05845ADE-759C-418A-8D27-D377BD2B2D9C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08B231E6-3C4C-4967-B203-2696C634F52B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{0B6D94EE-5F3F-436E-A30B-348C609EF8DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BAD79E1-3AC9-46B7-8222-35A16EDC3036}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DD095A1-B4B2-4B45-B08A-BB55F353C4DA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DE7D88C-191A-4800-B487-DB1257F9E53A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11B8B8DE-629E-4B99-BCE2-6ECC525B59F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{139482D9-F3DD-4C3C-A504-F34F6CBC98FA}" = dir=out | name=hp connected photo powered by snapfish |
"{18A6D886-BFF8-4205-B63F-25C6DC157433}" = protocol=17 | dir=in | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.exe |
"{194BA8AD-BCA4-44D7-80C8-B2B6FCACE69A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{1A26B3D3-79C7-490B-A614-F96E818B3B1B}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{1C2CC004-BFF9-4D5C-B91A-1528F0320C40}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1CA7590C-DB8D-44B4-9945-8FE9A8CB2FC0}" = dir=in | name=ebay |
"{1D2B3156-705F-40B5-AC38-2827A577F88C}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{23A54D60-826C-4F2A-A3C5-12D6B2231A1C}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{24028A49-3856-4BB2-A715-8711E342195E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{24A7F539-C6D1-43D9-884E-34A64056CE19}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{27EC1799-6D66-4C4D-82C8-51DAA3C4A1A1}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2C23CEB0-E979-4BB0-A3C1-B4AAE2480E57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2ECEB180-7F43-48FE-B1D5-ED9E1DA75062}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{2FBAABB9-C95C-4C1C-8A91-FE624BB69AD3}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{3101E16E-E868-4A04-AE59-2ADF823A16C6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{31AED751-900E-4212-B377-60D3121F861B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3305B282-0CF9-4245-8431-40A99FE8C4ED}" = protocol=17 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.exe |
"{35C87915-A0B7-4ADB-A840-24FBB103C21A}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{362A699C-5033-438A-8A72-AB7A2FB65B64}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{394AA0C2-1736-45FF-8963-71CFE06CD3B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3C5553AB-EDBA-48BF-A73B-5EF2BAF7D5F2}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{3D57FF6C-EB0D-44F4-A0CB-65CD743706F1}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{3DA7C1A2-B906-4430-A6C8-E496B71A1631}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3FF38AD5-3C20-4791-A52A-C46626BF9677}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{40FC0F19-7739-44C5-9006-2C4E87FCDFFD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42C0C2C5-6DFA-4671-98F8-D90B5732FB97}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{44761AB2-0B90-4EDA-B2B5-201CC87FC2C2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4502A670-EF5C-440C-9595-184693790683}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe |
"{4960B87A-C0C0-4872-A809-3B793A96233A}" = protocol=17 | dir=in | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{49A52700-3785-416F-B7C3-283C9E8EAE1A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4EBE8256-C703-4EAA-B070-0C63FF8F9241}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{51DFBA9D-AF32-4DA3-BCD3-550D1EC5B189}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{52730920-3352-492F-84A6-4ECBA2433D0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5351FAC4-0982-415E-ACF3-7A8EADB91471}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{5429ED58-A499-435D-92EF-DCAB10C72DCA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55AB7A89-88AD-41E0-9081-E5832187C1AA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{56670866-EAB7-4F11-9EFF-8E1FF3928350}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{5801248F-7DCF-492D-A29D-373E419D873A}" = dir=out | name=ebay |
"{59DF142E-3A29-42AA-A70E-BD58E246EADE}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5AF0B44B-4C0C-4D81-93F0-4E12FDCD1610}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5B4063EF-8BBA-4092-9E74-B58BC6D46A10}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5F89B5A1-FD7A-4F13-B42C-33AF14923AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6284038D-FCBE-4C8E-985E-CA229C39CCBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{62AA7EB5-EA8C-460E-9AA8-F9845A050B2A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{63BAF848-95A7-49BA-AC97-4B586C54DFF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{65CD270C-E144-45F1-884D-2DD598844F7A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6848DDF0-350C-479B-A325-F95176FE4679}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{6C8CB570-7FD7-4A56-9F10-4A3602924607}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6FAE3441-F65F-4899-89C1-5961643416A2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{6FD92707-0145-4D44-BB7C-6D17BBD123D6}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{705A2D1B-6F75-40AB-9EF0-FB417DF0F6B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{737ECDC7-5326-41F5-941B-B84F96A94028}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{740E191A-2A35-46CA-831A-3185D423B920}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{741EBBD3-747C-4DDA-88FE-FBFE7526C78C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{74479111-67B9-4D03-BFF9-B9EC3ED1C4A4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{74F5A108-E9B7-4D8A-B950-B38781BEE726}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{75F84DEF-617B-4510-A307-9BF9827F2110}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7633C04E-6438-4F9A-83B6-DCFEA2697FDE}" = dir=out | name=norton studio |
"{7DF62E80-1CC2-438A-9130-ED98794B1673}" = dir=out | name=windows_ie_ac_001 |
"{7F086906-B8E7-4F73-85D2-5C462CA2DEE1}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe |
"{7F9FBB06-90E7-402D-919B-CD5DF94D1CF6}" = protocol=17 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{85041390-CD67-4C7C-B81F-0ABA8F429A16}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{89579800-176E-4E62-ADA9-148C6C203A66}" = dir=in | name=skype |
"{8D976E2B-E563-4F46-970C-6EFECBB6A5AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90A2C69D-FF00-4D3F-A70F-BEABFE2E4CAE}" = dir=out | name=getting started with windows 8 |
"{90F3E06A-85B2-47A6-821B-5D177ABFBDCF}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{936E98EA-B3DB-44CF-BD9A-0D03FECC9EA4}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{97F3E19E-F70B-4493-9FA2-6BDBCEEF18E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{9D95AA0D-AB29-4DCF-BEAA-41A40257E378}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A16D0456-3FBF-4FB8-BB2C-99BE958BAF31}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{A1A61B04-84C4-409F-985F-5B07DEB83AF7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{A2D9C80D-015B-4BD7-B6E8-C92BC5B8FE2C}" = dir=out | name=skype |
"{A80696E6-0A2D-4FB0-BF09-6CF0136A9C06}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{A8336D42-5A93-40E6-8BD7-BC2DFB7E0826}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{A84AA03D-0B84-4605-8B3D-45B08531BD47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{B28E4472-3F03-4D6B-B05A-737AA522A6E0}" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll |
"{B37A3EDD-4062-4496-BF67-540517F952CB}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{B3A3B624-4A36-44F3-80E1-D8E155CFF79D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe |
"{B6382473-712B-4973-9A2D-A384EA1173D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{B6F49CD5-D756-4200-87F0-C77081CF07B0}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{B7BE5721-2C07-47E9-A76D-B97F98BE2CBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{B99E3610-0877-4A5A-AB26-E67D01645171}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC46CC1D-E2C1-4323-97E7-7AF4CC571784}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"{BD89A435-7DA3-48BD-BB06-7DDB4D39B4C6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{C0044856-888E-4A23-8686-E6CAA699C7D7}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{C10385BB-07E3-4256-B888-1CB2685DB1CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{C39BCFF6-9E01-47C9-98FB-37B6F1074BB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{C39E8713-6D70-40BB-8AB6-9E11779D84F1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{C52A75D1-BB6C-4DF7-A20C-5A1FBF798AA7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C594FFEB-A722-4D61-8EC1-50F90C9D5C49}" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll |
"{C6DBAE1E-A23B-4153-9FCA-231FE415570C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{CCF663AA-1468-455F-85AA-274CBB7A60E4}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{CD91B67D-2008-4552-97D5-F1663C4A37A1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{CF389137-8CF6-454E-9728-EB6E91280616}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF7D7029-647D-4F55-8640-3F7E3BDD1596}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFC54DE1-43C2-44ED-82EB-CBF9560284D9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D2922917-89B1-48AB-AB2B-076AD11B13E6}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D58C39A9-2A9E-4756-8F20-4D8E57A77DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6973BF6-5FBF-4479-BE88-344FCFAADBEC}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{D6F06DD7-3A7B-4321-A1BA-1382D92D0D83}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{D9EE59C6-3C9C-4377-939C-23A93E461742}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{DE04C495-6A8A-41CE-B523-5CD98E7E5C25}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{E16C9D3C-D32C-4A30-A08F-838C377E0F9B}" = protocol=17 | dir=in | app=c:\users\folken\appdata\roaming\icqm\icq.exe |
"{E2D1D009-AC52-4539-8FE0-28C705C90C4B}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E37B271B-5DCB-4091-BF67-EC4628B52067}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{E5C40858-B94B-4A96-9FA4-E42D6F54B879}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9E436E9-71FF-485D-8425-08EE8251F49B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EA2C8CEA-6CAD-43F5-BE23-E4957DB7F532}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{EC0A4512-9324-4132-B0B2-73D37BBF231D}" = protocol=6 | dir=in | app=c:\users\folken\appdata\roaming\icqm\icq.exe |
"{EED5CB9F-5060-4433-AAF1-0337F3190732}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2044390-2DAB-49BB-9A1D-5680F788EF76}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{F586B61B-1DE4-4031-B2FE-6EA0BBFFC5EF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F58BF9A9-3FD8-422A-B84C-0E3C03D20A4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7209F59-902C-4AF7-AB2B-0CF5E7BC8D7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"{FAFC85F4-FC91-4574-8AD3-7D23D3A799C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{FBF4EA46-F1BE-476B-A16F-B1630ED66AE5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{FFFC0C4F-25F3-4EAE-AAE3-B16756657C39}" = dir=out | name=hp registration |
"TCP Query User{56AAD0E3-D2F1-479C-B235-BB546F07B900}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{6FED92B8-159C-401C-AFB8-CBA2CBF3CD4E}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{7F29FE54-66BF-428F-87FD-548E1C8335B5}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{8C4D377F-7DEC-423B-A682-0D1619A186CB}C:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{363C5EED-6805-4B7B-94B2-3D03F16ECE1A}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{53214C89-F795-4966-BEDC-EFB20D57C917}C:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{8B0CC3AD-1939-4491-AD01-877DEE841771}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{B99C6A3F-FA4F-4F00-ACA4-2DA7D6341E88}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8305DB2-3F6A-43CF-8CE3-EFD3D0F1C352}" = CBR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.68
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.68
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}" = HP Registration Service
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"GIMP-2_is1" = GIMP 2.8.4
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FE0084-07DA-4FF2-9427-8C6C6BE7310D}" = Warframe
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1" = Connected Music powered by Universal Music Group version 1.0
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DD7575CC-5005-4B22-8E72-0637F6C01C58}" = Iminent
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DMO" = GDMO
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.419
"Guard.Mail.ru" = Guard.ICQ
"Hunted: The Demon's Forge_is1" = Hunted: The Demon's Forge Version 1.0
"ICQToolbar" = ICQ Toolbar
"IMBoosterARP" = Iminent
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Lyrics@LyricsContainer.co" = LyricsContainer
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.16.1860" = Opera 12.16
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Steam App 10500" = Empire: Total War
"Steam App 113400" = APB Reloaded
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 570" = Dota 2
"Steam App 6370" = Bloodline Champions
"TI xHCI Filter Driver" = TI xHCI Filter Driver 1.0.0.4
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RIFT" = RIFT
"soe-PlanetSide 2 PSG" = PlanetSide 2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30.06.2013 19:40:07 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1141

Error - 30.06.2013 19:40:09 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30.06.2013 19:40:09 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2297

Error - 30.06.2013 19:40:09 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2297

Error - 30.06.2013 19:40:10 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30.06.2013 19:40:10 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3454

Error - 30.06.2013 19:40:10 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3454

Error - 30.06.2013 19:40:11 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30.06.2013 19:40:11 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4563

Error - 30.06.2013 19:40:11 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4563

Error - 01.07.2013 15:27:37 | Computer Name = Josef-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
Zeitstempel: 0x5028bfc0 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16384,
Zeitstempel: 0x50108b02 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00010137 ID des fehlerhaften
Prozesses: 0x1c78 Startzeit der fehlerhaften Anwendung: 0x01ce76575724d8b8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\RPCRT4.dll Berichtskennung: 4926a4cd-e284-11e2-be7c-10604b7e1d3e
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

[ System Events ]
Error - 12.06.2013 06:46:38 | Computer Name = Josef-PC | Source = DCOM | ID = 10010
Description =

Error - 12.06.2013 06:48:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%2147942487

Error - 12.06.2013 06:48:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2147942487

Error - 12.06.2013 07:51:07 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 12.06.2013 08:43:44 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 13.06.2013 05:40:46 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 13.06.2013 08:12:04 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 14.06.2013 07:35:44 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 14.06.2013 07:59:21 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 16.06.2013 05:27:19 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =


< End of report >

Log File

Zitat:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-08 23:58:13
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000DM003-9YN162 rev.HP16 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Folken\AppData\Local\Temp\pgloypow.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff80270ad041c 1 byte [31]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1088] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa204f1532 4 bytes [4F, 20, FA, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1088] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa204f153a 4 bytes [4F, 20, FA, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1088] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa204f165a 4 bytes [4F, 20, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\MSIMG32.dll!GradientFill + 690 000007fa204f1532 4 bytes [4F, 20, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\MSIMG32.dll!GradientFill + 698 000007fa204f153a 4 bytes [4F, 20, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fa204f165a 4 bytes [4F, 20, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa280e177a 4 bytes [0E, 28, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa280e1782 4 bytes [0E, 28, FA, 07]
.text c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[4056] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fa280e177a 4 bytes [0E, 28, FA, 07]
.text c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[4056] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fa280e1782 4 bytes [0E, 28, FA, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1064] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fa0c591b32 4 bytes [59, 0C, FA, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1064] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fa0c591b3a 4 bytes [59, 0C, FA, 07]
.text c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[4332] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fa280e177a 4 bytes [0E, 28, FA, 07]
.text c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[4332] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fa280e1782 4 bytes [0E, 28, FA, 07]

---- Threads - GMER 2.1 ----

Thread C:\windows\system32\csrss.exe [496:520] fffff960009a95e8

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Hallo,

Zitat:

Mein Anti-Vir hat die beiden Programme gefunden.

Kannst du bitte die Meldungen von Antivir hier posten, wo diese Funde genau dokumentiert sind?

Und zusätzlich:


Schritt 1

• Gehe in die Systemsteuerung und öffne Programme und Funktionen.
• Suche und deinstalliere dort der Reihe nach folgende Einträge:
  • WebCake 3.00
  • Iminent
  • ICQ Toolbar
  • LyricsContainer
• Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Starte bitte die OTL.exe.

• Setze den Haken bei Scan all Users.
• Drücke auf den Quick Scan Button.
• Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

• Log von AdwCleaner
• Log von OTL

C:\Users\Folken\AppData\Local\Opera\Opera\cache\g_0018\opr5H2KC.tmp
C:\Users\Folken\AppData\Local\Opera\Opera\cache\sesn\opr5GWNQ.tmp
C:\Users\Folken\AppData\Local\Opera\Opera\cache\g_0067\opr5GL2K.tmp
C:\Users\Folken\AppData\Local\Opera\Opera\cache\g_0077\opr5GA18.tmp
C:\Users\Folken\AppData\Local\Opera\Opera\cache\g_0073\opr5FWZD.tmp
C:\Users\Folken\AppData\Local\Opera\Opera\cache\g_0004\opr5F9CA.tmp
C:\Users\Folken\AppData\Local\Opera\Opera\cache\g_007E\opr5FLFH.tmp

(gehören alle zu EXPFLASH.Straconn.gen)

C:\Users\Folken\Documents\ePSXe.exe

(gehört zu Appl/Solimba.gen)

Schritt 1 wurde befolgt und alle Programme wurden deinstalliert. Ich wusste nicht mal das ich davon welche auf dem Rechner hatte.

AdwCleaner Log

AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.304 - Datei am 09/07/2013 um 15:27:38 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Folken - JOSEF-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Folken\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Folken\AppData\Roaming\Mozilla\Firefox\Profiles\tig28dh8.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Folken\AppData\Roaming\Mozilla\Firefox\Profiles\tig28dh8.default\prefs.js

C:\Users\Folken\AppData\Roaming\Mozilla\Firefox\Profiles\tig28dh8.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Opera v12.16.1860.0

Datei : C:\Users\Folken\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : Home URL=hxxp://start.icq.com/
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

*************************

AdwCleaner[S1].txt - [11745 octets] - [09/07/2013 15:27:38]

########## EOF - C:\AdwCleaner[S1].txt - [11806 octets] ##########
         

--- --- ---


OTL Log
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 09.07.2013 15:33:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Folken\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
11,96 Gb Total Physical Memory | 10,49 Gb Available Physical Memory | 87,76% Memory free
15,08 Gb Paging File | 13,55 Gb Available in Paging File | 89,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,39 Gb Total Space | 682,72 Gb Free Space | 74,34% Space Free | Partition Type: NTFS
Drive D: | 11,64 Gb Total Space | 1,41 Gb Free Space | 12,11% Space Free | Partition Type: NTFS
Drive E: | 3,69 Gb Total Space | 0,01 Gb Free Space | 0,32% Space Free | Partition Type: FAT32
Drive F: | 485,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JOSEF-PC | User Name: Folken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.08 19:41:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Folken\Desktop\OTL.exe
PRC - [2013.06.26 12:19:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.26 12:19:00 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.26 12:19:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.10 12:08:18 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2013.06.07 23:20:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.04.19 23:03:40 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.13 11:08:08 | 000,103,936 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
PRC - [2012.07.18 10:51:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.18 10:50:08 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.18 10:46:54 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.07.18 10:45:15 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.19 23:03:40 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2012.06.08 13:34:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.10.12 03:43:13 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.10.12 03:42:25 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.06.30 21:37:41 | 000,332,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2013.06.26 12:19:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.26 12:19:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.07 23:20:47 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.12 19:22:08 | 000,035,744 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012.09.27 13:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012.07.18 10:51:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.18 10:50:08 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.18 10:46:54 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.07.18 10:45:15 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.30 21:37:41 | 000,544,768 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013.06.23 21:44:22 | 000,772,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013.05.04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.05.04 09:34:17 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.05.04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.04.15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:51 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 19:49:26 | 000,023,184 | ---- | M] (Texas Instruments, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\TIxHCIufilter.sys -- (tiufilter)
DRV:64bit: - [2012.11.20 19:49:26 | 000,017,528 | ---- | M] (Texas Instruments, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\TIxHCIlfilter.sys -- (tilfilter)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.26 16:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.12 03:42:22 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.10.12 03:42:20 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.10.12 03:42:20 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.18 10:46:20 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.04 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.25 12:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.02 16:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.06.02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/13
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{B5DDB804-BF64-4EF7-ACA4-BEE62B632CC7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/13
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{B5DDB804-BF64-4EF7-ACA4-BEE62B632CC7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/13
IE - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..\SearchScopes\{B5DDB804-BF64-4EF7-ACA4-BEE62B632CC7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.25.4.2
FF - prefs.js..extensions.enabledAddons: Lyrics%40LyricsContainer.co:1.116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.06.28 02:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\Extensions
[2013.07.09 15:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\Firefox\Profiles\tig28dh8.default\extensions
[2013.06.28 02:35:38 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\firefox\profiles\tig28dh8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.06.28 02:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.28 02:33:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\LYRICSCONTAINER\116.XPI
File not found (No name found) -- C:\USERS\FOLKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TIG28DH8.DEFAULT\EXTENSIONS\WEBBOOSTER@IMINENT.COM.XPI
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Programme\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2253044985-4109737946-1541171025-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B874F6-5C10-4CC5-B3AB-2DF70FF78468}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.23 17:33:05 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2001.04.18 17:23:00 | 000,000,041 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9a5f2c8c-9ece-11e2-be6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a5f2c8c-9ece-11e2-be6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2001.04.30 19:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.09 15:31:19 | 000,000,000 | ---D | C] -- C:\Users\Folken\Desktop\Virenbekämpfung
[2013.07.09 13:10:39 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\ElevatedDiagnostics
[2013.07.08 19:41:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Folken\Desktop\OTL.exe
[2013.07.04 23:31:37 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\Nintendo DS
[2013.07.01 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\PDF24
[2013.07.01 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\OpenOffice.org
[2013.07.01 14:32:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.07.01 14:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.07.01 14:32:05 | 000,000,000 | ---D | C] -- C:\Users\Folken\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.07.01 13:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.07.01 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013.07.01 13:49:15 | 015,905,080 | ---- | C] (Geek Software GmbH                                          ) -- C:\Users\Folken\Documents\pdf24-creator-5.6.0.exe
[2013.06.30 21:38:31 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SRSLabs
[2013.06.30 21:37:58 | 002,193,920 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll
[2013.06.30 21:37:58 | 001,401,856 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRRPTR64.DLL
[2013.06.30 21:37:58 | 000,674,304 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll
[2013.06.30 21:37:58 | 000,544,768 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\drivers\stwrt64.sys
[2013.06.30 21:37:58 | 000,315,904 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM64.DLL
[2013.06.30 21:37:58 | 000,287,744 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysWow64\SRCOM.dll
[2013.06.30 21:37:58 | 000,287,744 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM.DLL
[2013.06.30 21:37:58 | 000,256,000 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\st646457.dll
[2013.06.30 21:37:58 | 000,083,456 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRAPO64.DLL
[2013.06.30 21:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2013.06.30 15:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\psx emulation cheater
[2013.06.30 13:50:33 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2013.06.30 13:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2013.06.30 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\PSX
[2013.06.30 00:07:39 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\Star Wars - The Old Republic
[2013.06.28 02:34:51 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\Macromedia
[2013.06.28 02:33:41 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\Mozilla
[2013.06.28 02:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.06.28 02:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.06.28 02:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.27 19:00:04 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\Bewerbungsunterlagen
[2013.06.25 15:00:53 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\WBB3 Software
[2013.06.23 21:44:22 | 000,772,680 | ---- | C] (Realtek                                            ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2013.06.17 19:37:39 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
[2013.06.17 19:36:19 | 000,000,000 | ---D | C] -- C:\Joymax
[2013.06.16 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\Diagnostics
[2013.06.16 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
[2013.06.16 00:09:36 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\windows\DIIUnin.exe
[2013.06.16 00:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2013.06.15 23:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo II
[2013.06.14 01:16:51 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\RIFT
[2013.06.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\RIFT
[2013.06.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
[2013.06.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT
[2013.06.12 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Avira
[2013.06.12 12:56:14 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.06.12 12:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.12 12:52:29 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.06.12 12:52:29 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.06.12 12:52:29 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.06.12 12:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.12 12:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.09 15:35:25 | 001,752,656 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.07.09 15:35:25 | 000,745,562 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.07.09 15:35:25 | 000,697,824 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.07.09 15:35:25 | 000,169,488 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.07.09 15:35:25 | 000,143,646 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.07.09 15:31:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.09 15:30:59 | 000,000,100 | -H-- | M] () -- C:\Users\Folken\Desktop\.~lock.Anweisungen.odt#
[2013.07.09 15:29:01 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.07.09 15:28:58 | 1680,539,646 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.09 15:26:56 | 000,022,635 | ---- | M] () -- C:\Users\Folken\Desktop\Anweisungen.odt
[2013.07.09 15:19:16 | 000,000,898 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.07.09 14:28:42 | 000,650,027 | ---- | M] () -- C:\Users\Folken\Desktop\adwcleaner.exe
[2013.07.08 23:48:26 | 000,000,354 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForFolken.job
[2013.07.08 23:48:14 | 000,329,952 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.07.08 23:36:59 | 000,000,000 | ---- | M] () -- C:\Users\Folken\defogger_reenable
[2013.07.08 23:35:43 | 012,546,048 | ---- | M] () -- C:\Users\Folken\Documents\cbw-thir.rar
[2013.07.08 21:04:40 | 000,043,730 | ---- | M] () -- C:\Users\Folken\Desktop\Geschichte von Merlesini.odt
[2013.07.08 19:54:54 | 000,007,334 | ---- | M] () -- C:\Users\Folken\Desktop\Problem mit EXPFLASH.Straconn.Gen und APPLSolimba.GEN.odt
[2013.07.08 19:43:28 | 000,377,856 | ---- | M] () -- C:\Users\Folken\Desktop\gmer_2.1.19163.exe
[2013.07.08 19:41:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Folken\Desktop\OTL.exe
[2013.07.08 19:38:11 | 000,050,477 | ---- | M] () -- C:\Users\Folken\Desktop\Defogger.exe
[2013.07.08 16:42:54 | 000,021,898 | ---- | M] () -- C:\Users\Folken\Desktop\Anti Vir Berichte.odt
[2013.07.08 14:35:13 | 000,021,051 | ---- | M] () -- C:\Users\Folken\AppData\Local\recently-used.xbel
[2013.07.05 13:54:31 | 000,003,236 | ---- | M] () -- C:\Users\Folken\Desktop\DeSmuME_0.9.9_x64 - Verknüpfung.lnk
[2013.07.04 21:50:22 | 000,291,088 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2013.07.04 21:50:22 | 000,291,088 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013.07.04 21:50:16 | 000,280,904 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2013.07.04 18:20:55 | 000,313,624 | ---- | M] () -- C:\Users\Folken\Documents\ideas1040.zip
[2013.07.01 14:34:34 | 000,001,241 | ---- | M] () -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:32:56 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:31:46 | 152,249,762 | ---- | M] () -- C:\Users\Folken\Documents\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.07.01 13:54:33 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.07.01 13:54:33 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.07.01 13:49:15 | 015,905,080 | ---- | M] (Geek Software GmbH                                          ) -- C:\Users\Folken\Documents\pdf24-creator-5.6.0.exe
[2013.06.30 21:37:41 | 006,101,504 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stlang64.dll
[2013.06.30 21:37:41 | 002,193,920 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll
[2013.06.30 21:37:41 | 001,897,984 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\IDTNC64.cpl
[2013.06.30 21:37:41 | 001,702,912 | ---- | M] (IDT, Inc.) -- C:\windows\sttray64.exe
[2013.06.30 21:37:41 | 001,401,856 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRRPTR64.DLL
[2013.06.30 21:37:41 | 000,674,304 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll
[2013.06.30 21:37:41 | 000,544,768 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\drivers\stwrt64.sys
[2013.06.30 21:37:41 | 000,315,904 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM64.DLL
[2013.06.30 21:37:41 | 000,287,744 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysWow64\SRCOM.dll
[2013.06.30 21:37:41 | 000,287,744 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM.DLL
[2013.06.30 21:37:41 | 000,256,000 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\st646457.dll
[2013.06.30 21:37:41 | 000,225,280 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\HPToneCtrls64.dll
[2013.06.30 21:37:41 | 000,083,456 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRAPO64.DLL
[2013.06.30 15:36:55 | 000,001,967 | ---- | M] () -- C:\Users\Folken\Desktop\psx emulation cheater.lnk
[2013.06.30 15:13:40 | 001,326,080 | ---- | M] () -- C:\Users\Folken\Documents\pecsetup_v2.5.exe
[2013.06.30 14:52:36 | 001,336,832 | ---- | M] () -- C:\Users\Folken\Documents\pecsetup.exe
[2013.06.30 14:35:34 | 000,060,490 | ---- | M] () -- C:\Users\Folken\Documents\cdrpeops104.zip
[2013.06.30 14:34:05 | 000,021,203 | ---- | M] () -- C:\Users\Folken\Documents\cdrXeven_v0.93.zip
[2013.06.30 14:33:55 | 000,024,824 | ---- | M] () -- C:\Users\Folken\Documents\spupetedsound115.zip
[2013.06.30 14:13:40 | 000,175,318 | ---- | M] () -- C:\Users\Folken\Documents\gpupeteogl209.zip
[2013.06.30 13:30:58 | 188,870,397 | ---- | M] () -- C:\Users\Folken\Documents\Digimon World.7z
[2013.06.30 13:11:57 | 000,524,288 | ---- | M] () -- C:\Users\Folken\Documents\SCPH1001.BIN
[2013.06.30 13:11:05 | 000,784,150 | ---- | M] () -- C:\Users\Folken\Documents\pSX1.13.zip
[2013.06.28 02:33:38 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.26 23:25:41 | 000,570,880 | ---- | M] () -- C:\Users\Folken\Documents\com.designfreaks.style.anime.v1.1.0.tar
[2013.06.26 22:19:05 | 000,171,520 | ---- | M] () -- C:\Users\Folken\Documents\com.designfreaks.style.heaven.v1.0.0.tar
[2013.06.26 22:14:34 | 001,090,048 | ---- | M] () -- C:\Users\Folken\Documents\com.designfreaks.style.celticflower.v1.1.3.tar
[2013.06.26 20:45:50 | 000,342,495 | ---- | M] () -- C:\Users\Folken\Documents\forumstandardleaves-in-fall-style.tgz
[2013.06.26 14:59:24 | 000,010,586 | ---- | M] () -- C:\Users\Folken\Documents\systeminfo.xml
[2013.06.26 14:51:12 | 000,004,400 | ---- | M] () -- C:\Users\Folken\Documents\admintools.xml
[2013.06.26 14:50:56 | 000,024,465 | ---- | M] () -- C:\Users\Folken\Documents\options.xml
[2013.06.26 12:19:12 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.06.24 19:31:20 | 001,762,065 | ---- | M] () -- C:\Users\Folken\Documents\banner hh forum2.xcf
[2013.06.24 19:31:03 | 000,423,800 | ---- | M] () -- C:\Users\Folken\Documents\banner hh forum.xcf
[2013.06.24 14:14:31 | 000,096,169 | ---- | M] () -- C:\Users\Folken\Documents\AppleSeed.ttf
[2013.06.23 21:44:22 | 000,772,680 | ---- | M] (Realtek                                            ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2013.06.23 18:39:24 | 008,624,516 | ---- | M] () -- C:\Users\Folken\Documents\Bewerbungs Unterlagen.rar
[2013.06.23 18:37:49 | 001,338,909 | ---- | M] () -- C:\Users\Folken\Documents\Bewerbungsunterlagen IT-System-Elekroniker.pdf
[2013.06.17 19:37:39 | 000,000,692 | ---- | M] () -- C:\Users\Folken\Desktop\GDMO.lnk
[2013.06.17 18:54:56 | 000,000,931 | ---- | M] () -- C:\Users\Folken\Documents\Kündigung.rtf
[2013.06.17 18:24:44 | 000,678,173 | ---- | M] () -- C:\Users\Folken\Documents\Servicebereich_LogIn.pdf
[2013.06.16 00:29:36 | 000,040,655 | ---- | M] () -- C:\windows\DIIUnin.dat
[2013.06.16 00:23:03 | 000,001,907 | ---- | M] () -- C:\Users\Folken\Desktop\Diablo II - Lord of Destruction.lnk
[2013.06.16 00:09:37 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2013.06.16 00:09:36 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\windows\DIIUnin.exe
[2013.06.16 00:09:36 | 000,002,829 | ---- | M] () -- C:\windows\DIIUnin.pif
[2013.06.14 01:07:59 | 000,000,950 | ---- | M] () -- C:\Users\Folken\Desktop\RIFT.lnk
[2013.06.14 00:09:04 | 000,043,431 | ---- | M] () -- C:\Users\Folken\Documents\DownloadDatei_Staatsangehrigkeitsrecht_neu.pdf
[2013.06.13 15:12:16 | 000,000,219 | ---- | M] () -- C:\Users\Folken\Desktop\Dota 2.url
[2013.06.12 12:52:35 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 21:51:50 | 000,168,151 | ---- | M] () -- C:\Users\Folken\Documents\heaven-style.tgz
 
========== Files Created - No Company Name ==========
 
[2013.07.09 15:30:59 | 000,000,100 | -H-- | C] () -- C:\Users\Folken\Desktop\.~lock.Anweisungen.odt#
[2013.07.09 14:28:42 | 000,650,027 | ---- | C] () -- C:\Users\Folken\Desktop\adwcleaner.exe
[2013.07.08 23:36:59 | 000,000,000 | ---- | C] () -- C:\Users\Folken\defogger_reenable
[2013.07.08 23:29:33 | 012,546,048 | ---- | C] () -- C:\Users\Folken\Documents\cbw-thir.rar
[2013.07.08 21:18:38 | 000,022,635 | ---- | C] () -- C:\Users\Folken\Desktop\Anweisungen.odt
[2013.07.08 19:54:54 | 000,007,334 | ---- | C] () -- C:\Users\Folken\Desktop\Problem mit EXPFLASH.Straconn.Gen und APPLSolimba.GEN.odt
[2013.07.08 19:43:28 | 000,377,856 | ---- | C] () -- C:\Users\Folken\Desktop\gmer_2.1.19163.exe
[2013.07.08 19:38:11 | 000,050,477 | ---- | C] () -- C:\Users\Folken\Desktop\Defogger.exe
[2013.07.08 16:42:21 | 000,021,898 | ---- | C] () -- C:\Users\Folken\Desktop\Anti Vir Berichte.odt
[2013.07.08 15:02:28 | 000,043,730 | ---- | C] () -- C:\Users\Folken\Desktop\Geschichte von Merlesini.odt
[2013.07.08 14:35:13 | 000,021,051 | ---- | C] () -- C:\Users\Folken\AppData\Local\recently-used.xbel
[2013.07.05 13:54:31 | 000,003,236 | ---- | C] () -- C:\Users\Folken\Desktop\DeSmuME_0.9.9_x64 - Verknüpfung.lnk
[2013.07.04 18:20:55 | 000,313,624 | ---- | C] () -- C:\Users\Folken\Documents\ideas1040.zip
[2013.07.01 14:34:34 | 000,001,241 | ---- | C] () -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:32:56 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:31:01 | 152,249,762 | ---- | C] () -- C:\Users\Folken\Documents\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.07.01 13:54:33 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.07.01 13:54:33 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.06.30 15:36:55 | 000,001,967 | ---- | C] () -- C:\Users\Folken\Desktop\psx emulation cheater.lnk
[2013.06.30 14:52:36 | 001,336,832 | ---- | C] () -- C:\Users\Folken\Documents\pecsetup.exe
[2013.06.30 14:35:34 | 000,060,490 | ---- | C] () -- C:\Users\Folken\Documents\cdrpeops104.zip
[2013.06.30 14:34:05 | 000,021,203 | ---- | C] () -- C:\Users\Folken\Documents\cdrXeven_v0.93.zip
[2013.06.30 14:33:55 | 000,024,824 | ---- | C] () -- C:\Users\Folken\Documents\spupetedsound115.zip
[2013.06.30 14:13:51 | 000,425,984 | ---- | C] () -- C:\Users\Folken\Documents\gpuPeteOpenGL2.dll
[2013.06.30 14:00:22 | 000,175,318 | ---- | C] () -- C:\Users\Folken\Documents\gpupeteogl209.zip
[2013.06.30 13:49:03 | 001,326,080 | ---- | C] () -- C:\Users\Folken\Documents\pecsetup_v2.5.exe
[2013.06.30 13:38:39 | 000,000,079 | ---- | C] () -- C:\Users\Folken\Documents\Digimon World.cue
[2013.06.30 13:38:27 | 381,771,936 | ---- | C] () -- C:\Users\Folken\Documents\Digimon World.bin
[2013.06.30 13:20:57 | 000,000,898 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.06.30 13:15:06 | 188,870,397 | ---- | C] () -- C:\Users\Folken\Documents\Digimon World.7z
[2013.06.30 13:11:57 | 000,524,288 | ---- | C] () -- C:\Users\Folken\Documents\SCPH1001.BIN
[2013.06.30 13:11:05 | 000,784,150 | ---- | C] () -- C:\Users\Folken\Documents\pSX1.13.zip
[2013.06.28 02:33:38 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.28 02:33:38 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.26 23:25:57 | 000,567,503 | ---- | C] () -- C:\Users\Folken\Documents\anime-style.tgz
[2013.06.26 23:25:41 | 000,570,880 | ---- | C] () -- C:\Users\Folken\Documents\com.designfreaks.style.anime.v1.1.0.tar
[2013.06.26 22:20:55 | 000,168,151 | ---- | C] () -- C:\Users\Folken\Documents\heaven-style.tgz
[2013.06.26 22:19:05 | 000,171,520 | ---- | C] () -- C:\Users\Folken\Documents\com.designfreaks.style.heaven.v1.0.0.tar
[2013.06.26 22:14:34 | 001,090,048 | ---- | C] () -- C:\Users\Folken\Documents\com.designfreaks.style.celticflower.v1.1.3.tar
[2013.06.26 20:45:50 | 000,342,495 | ---- | C] () -- C:\Users\Folken\Documents\forumstandardleaves-in-fall-style.tgz
[2013.06.26 14:59:24 | 000,010,586 | ---- | C] () -- C:\Users\Folken\Documents\systeminfo.xml
[2013.06.26 14:51:12 | 000,004,400 | ---- | C] () -- C:\Users\Folken\Documents\admintools.xml
[2013.06.26 14:50:56 | 000,024,465 | ---- | C] () -- C:\Users\Folken\Documents\options.xml
[2013.06.24 19:31:20 | 001,762,065 | ---- | C] () -- C:\Users\Folken\Documents\banner hh forum2.xcf
[2013.06.24 19:30:51 | 000,423,800 | ---- | C] () -- C:\Users\Folken\Documents\banner hh forum.xcf
[2013.06.24 14:14:31 | 000,096,169 | ---- | C] () -- C:\Users\Folken\Documents\AppleSeed.ttf
[2013.06.23 22:46:52 | 000,329,952 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.06.23 18:39:17 | 008,624,516 | ---- | C] () -- C:\Users\Folken\Documents\Bewerbungs Unterlagen.rar
[2013.06.23 18:37:49 | 001,338,909 | ---- | C] () -- C:\Users\Folken\Documents\Bewerbungsunterlagen IT-System-Elekroniker.pdf
[2013.06.17 19:37:39 | 000,000,692 | ---- | C] () -- C:\Users\Folken\Desktop\GDMO.lnk
[2013.06.17 18:24:44 | 000,678,173 | ---- | C] () -- C:\Users\Folken\Documents\Servicebereich_LogIn.pdf
[2013.06.17 18:07:32 | 000,000,931 | ---- | C] () -- C:\Users\Folken\Documents\Kündigung.rtf
[2013.06.16 00:23:03 | 000,001,907 | ---- | C] () -- C:\Users\Folken\Desktop\Diablo II - Lord of Destruction.lnk
[2013.06.16 00:09:37 | 000,040,655 | ---- | C] () -- C:\windows\DIIUnin.dat
[2013.06.16 00:09:37 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2013.06.16 00:09:36 | 000,002,829 | ---- | C] () -- C:\windows\DIIUnin.pif
[2013.06.15 13:32:28 | 000,386,646 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013.06.14 01:07:59 | 000,000,950 | ---- | C] () -- C:\Users\Folken\Desktop\RIFT.lnk
[2013.06.14 00:09:04 | 000,043,431 | ---- | C] () -- C:\Users\Folken\Documents\DownloadDatei_Staatsangehrigkeitsrecht_neu.pdf
[2013.06.13 15:12:16 | 000,000,219 | ---- | C] () -- C:\Users\Folken\Desktop\Dota 2.url
[2013.06.12 12:52:35 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.29 19:30:40 | 000,291,088 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013.05.29 19:30:34 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2013.04.06 17:40:50 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.10.12 03:42:25 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012.08.10 17:10:05 | 000,915,038 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013.02.19 03:17:39 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.21 12:35:34 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\DVDVideoSoft
[2013.07.08 23:36:47 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\ICQ
[2013.04.22 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\ICQ Search
[2013.04.08 23:57:11 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\ICQ-Profile
[2013.04.20 00:59:03 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\LolClient
[2013.07.01 14:34:29 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\OpenOffice.org
[2013.04.06 19:04:02 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\Opera
[2013.06.04 19:35:20 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\Origin
[2013.06.14 01:26:34 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\RIFT
[2013.04.24 14:00:55 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\The Creative Assembly
[2013.07.07 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\TS3Client
[2013.06.01 01:16:24 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\WebApp
[2013.05.19 21:27:44 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---

Hi,

Zitat:

Ich wusste nicht mal das ich davon welche auf dem Rechner hatte.

Ja, diese Adware-Sachen installiert man sich normalerweise auch nicht bewusst. Die kommen bei anderen Installationen mit..

Wir läuft der Rechner?


Schritt 1

Fixen mit OTL

• Starte bitte die OTL.exe.
• Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.25.4.2
FF - prefs.js..extensions.enabledAddons: Lyrics%40LyricsContainer.co:1.116

:commands
[emptytemp]
         

• Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
• Schließe bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:

• Fixlog von OTL
• Log von MBAM
• Log von ESET
• Log von SecurityCheck

Sollte ich die Passwörter für meine Accounts jetzt ändern oder welche Schritten wären in diesem Bereich nötig?



OTL Fix Run

Zitat:

All processes killed
========== OTL ==========
Prefs.js: webbooster%40iminent.com:6.25.4.2 removed from extensions.enabledAddons
Prefs.js: Lyrics%40LyricsContainer.co:1.116 removed from extensions.enabledAddons
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Folken
->Temp folder emptied: 797502072 bytes
->Temporary Internet Files folder emptied: 409952495 bytes
->FireFox cache emptied: 58499228 bytes
->Opera cache emptied: 79792839 bytes
->Flash cache emptied: 68718 bytes

User: hedev
->Temp folder emptied: 43164427 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10705214 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 589973 bytes

Total Files Cleaned = 1*335,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07092013_185620

Files\Folders moved on Reboot...
File\Folder C:\Users\Folken\AppData\Local\Temp\~PIB6CB.tmp not found!
File move failed. C:\Users\Folken\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\windows\temp\UploadUI.log moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

MBAM-Bericht

Zitat:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.09.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Folken :: JOSEF-PC [Administrator]

09.07.2013 19:03:21
mbam-log-2013-07-09 (19-03-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217158
Laufzeit: 2 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET-Log

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4160a971494b4c4b8d05febba493d9df
# engine=14331
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-09 05:25:19
# local_time=2013-07-09 07:25:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 1541 238814009 0 0
# compatibility_mode=5893 16776574 100 94 2357000 13979818 0 0
# scanned=80160
# found=0
# cleaned=0
# scan_time=1020
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4160a971494b4c4b8d05febba493d9df
# engine=14331
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-09 07:38:09
# local_time=2013-07-09 09:38:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 9511 238821979 3566 0
# compatibility_mode=5893 16776574 100 94 2364970 13987788 0 0
# scanned=273071
# found=0
# cleaned=0
# scan_time=7322

SecurityCheck-Log

Zitat:

Results of screen317's Security Check version 0.99.68
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Hi,

Zitat:

Sollte ich die Passwörter für meine Accounts jetzt ändern

Ich hab bei dir keine aktive Malware gesehen, so dass deine Passwörter jetzt speziell in Gefahr wären.
Aber es ist grundsätzlich immer eine gute Idee, von Zeit zu Zeit seine Passwörter zu ändern.

Sieht hier alles gut aus - wir räumen auf.


Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.

1. Starte defogger und drücke den Button Re-enable.
2. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
3. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
4. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
   • Schliesse alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
5. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

• Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
• Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

• Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
• Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
• Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

• Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
• Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
• Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
• Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
• Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

• NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
• Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

• Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
• Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

• Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
• Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
• Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
• Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

• Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
• Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

• Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
• Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
• Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
• Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
• Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Also so weit läuft jetzt alles ohne Probleme und das System ist wohl wieder sauber.

Dann vielen dank für deine Hilfe und diese einfach und dennoch gute Anleitung zur Behebung des Problems.
Also für mich ist das jetzt erledigt was die Viren angeht.

Danke für die Rückmeldung.


Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.