| |  Problem mit EXPFLASH.Straconn.Gen und APPLSolimba.GEN
 Grüß Gott
Mein Anti-Vir hat die beiden Programme gefunden. Der zeit haben sie noch nichts sichtbares auf dem System an Schaden angerichtet.
Aber EXPFLASH.Straconn.Gen wird mir immer wieder angezeigt. Obwohl es in der Quarantäne schon öfters hinein geschoben wird oder ich ihn lösche aber er will einfach nicht verschwinden.
Ich hatte mehrere Systemscanns gemacht und nichts gefunden. Aber die Funde von Anti-Vir sind immer öfters aufgetaucht.
Ich hoffe ihr könnt mir helfen den Virus wieder los zu werden.
OTL Zitat:
OTL logfile created on: 08.07.2013 23:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Folken\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
11,96 Gb Total Physical Memory | 8,98 Gb Available Physical Memory | 75,13% Memory free
15,25 Gb Paging File | 9,99 Gb Available in Paging File | 65,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,39 Gb Total Space | 682,96 Gb Free Space | 74,36% Space Free | Partition Type: NTFS
Drive D: | 11,64 Gb Total Space | 1,41 Gb Free Space | 12,11% Space Free | Partition Type: NTFS
Drive E: | 3,69 Gb Total Space | 0,01 Gb Free Space | 0,32% Space Free | Partition Type: FAT32
Drive F: | 485,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: JOSEF-PC | User Name: Folken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.08 19:41:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Folken\Desktop\OTL.exe
PRC - [2013.06.26 12:19:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.26 12:19:00 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.26 12:19:00 | 000,328,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2013.06.26 12:19:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.21 02:07:33 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Folken\AppData\Roaming\WebCake\WebCakeDesktop.exe
PRC - [2013.06.21 02:07:33 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013.06.18 10:26:02 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013.06.18 10:26:02 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013.06.17 10:29:56 | 002,723,368 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2013.06.10 12:08:18 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2013.06.07 23:20:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.04.22 15:22:16 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.18 10:51:00 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.18 10:50:08 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.18 10:46:54 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.07.18 10:45:15 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE
========== Modules (No Company Name) ==========
MOD - [2013.06.12 13:35:14 | 000,802,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\98bf7d68f19f0a2dd15b26f97771ec24\System.ServiceModel.Internals.ni.dll
MOD - [2013.06.12 13:35:14 | 000,121,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\6dbc4794082bffd0ad3e2dcc750a2035\SMDiagnostics.ni.dll
MOD - [2013.06.12 13:35:10 | 007,562,240 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bacedff71df875743daa9064b85c4e66\System.Xml.ni.dll
MOD - [2013.06.12 13:35:07 | 001,880,576 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6a8a61ca5208e404ca21a0c42a59a3c8\System.Xaml.ni.dll
MOD - [2013.06.12 13:35:06 | 012,698,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1bc35bb3e6a392c0fef52bc289e6d3d9\System.Windows.Forms.ni.dll
MOD - [2013.06.12 13:35:01 | 001,836,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\c9776e57fcd29751a6f9171589bfe577\System.Web.Services.ni.dll
MOD - [2013.06.12 13:28:58 | 000,641,024 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\3f0f5dc3b11fdcb086b4049ce5429ce9\System.Transactions.ni.dll
MOD - [2013.06.12 13:28:57 | 019,537,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\ea94ce8e71afd55226ced104e6e832ce\System.ServiceModel.ni.dll
MOD - [2013.06.12 13:28:48 | 002,786,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\065a34657d599a218b43196a1be4c8d2\System.Runtime.Serialization.ni.dll
MOD - [2013.06.12 13:28:45 | 001,631,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9eff07ed10b6ae9f9b1159a7d3612fcb\System.Drawing.ni.dll
MOD - [2013.06.12 13:28:44 | 007,249,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\2a70cd5771fd1c3520841e6310d04c4a\System.Data.ni.dll
MOD - [2013.06.12 13:28:41 | 000,958,464 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\15cfd8d46cc19704f61dac68b2378760\System.Configuration.ni.dll
MOD - [2013.06.12 13:28:41 | 000,147,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\1be32c8efe2b600916a7c2525db28e23\System.Configuration.Install.ni.dll
MOD - [2013.06.12 13:28:40 | 018,544,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\06ad035ae847f3bf5aa37702ee54f073\PresentationFramework.ni.dll
MOD - [2013.06.12 13:28:32 | 010,926,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e53bef236e7a584766cbde94066936fa\PresentationCore.ni.dll
MOD - [2013.06.12 13:28:27 | 003,910,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\2a3d9ad8e84239b4f46bd37556a23d6b\WindowsBase.ni.dll
MOD - [2013.06.12 13:28:24 | 006,998,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b3d842ef956729e3ca0a3bc5e37ea6d8\System.Core.ni.dll
MOD - [2013.06.12 13:28:21 | 009,937,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\eaa570735a52e0010d3e9caa9ba50124\System.ni.dll
MOD - [2013.06.12 13:28:16 | 016,547,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93689d115589e64dd4912f7113a11656\mscorlib.ni.dll
MOD - [2013.05.17 14:27:55 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a4fd9fd9b43607da4f9ac563f63f6b0e\System.Configuration.ni.dll
MOD - [2013.05.17 14:25:49 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5cb0754debdf19b9f0d63d4d8721f532\System.Windows.Forms.ni.dll
MOD - [2013.04.22 15:22:16 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
MOD - [2013.04.09 15:12:19 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll
MOD - [2013.04.09 15:12:12 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll
MOD - [2013.04.09 15:11:51 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll
MOD - [2013.04.09 15:11:48 | 011,494,912 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012.10.09 04:23:11 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.09.28 23:41:48 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2012.06.08 13:34:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.10.12 03:43:13 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.10.12 03:42:25 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.06.30 21:37:41 | 000,332,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2013.06.26 12:19:10 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.26 12:19:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.17 10:29:56 | 002,723,368 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013.06.07 23:20:47 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.04.22 15:22:16 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012.10.12 19:22:08 | 000,035,744 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012.09.27 13:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012.07.18 10:51:00 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.18 10:50:08 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.18 10:46:54 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.07.18 10:45:15 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE -- (ICQ Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.06.30 21:37:41 | 000,544,768 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013.06.23 21:44:22 | 000,772,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013.05.04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.05.04 09:34:17 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.05.04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.04.15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 16:56:51 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 19:49:26 | 000,023,184 | ---- | M] (Texas Instruments, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\TIxHCIufilter.sys -- (tiufilter)
DRV:64bit: - [2012.11.20 19:49:26 | 000,017,528 | ---- | M] (Texas Instruments, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\TIxHCIlfilter.sys -- (tilfilter)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.26 16:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.12 03:42:22 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.10.12 03:42:20 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.10.12 03:42:20 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.18 10:46:20 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.04 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.25 12:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.02 16:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.06.02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/13
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{B5DDB804-BF64-4EF7-ACA4-BEE62B632CC7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/13
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{B5DDB804-BF64-4EF7-ACA4-BEE62B632CC7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{B5DDB804-BF64-4EF7-ACA4-BEE62B632CC7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.25.4.2
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: Lyrics%40LyricsContainer.co:1.116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\116.xpi [2013.06.30 13:20:37 | 000,005,593 | ---- | M] ()
[2013.06.28 02:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\Extensions
[2013.06.30 13:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\Firefox\Profiles\tig28dh8.default\extensions
[2013.06.30 13:20:43 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Folken\AppData\Roaming\mozilla\Firefox\Profiles\tig28dh8.default\extensions\plugin@getwebcake.com
[2013.06.20 15:40:21 | 000,663,388 | ---- | M] () (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\firefox\profiles\tig28dh8.default\extensions\webbooster@iminent.com.xpi
[2013.06.28 02:35:38 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Folken\AppData\Roaming\mozilla\firefox\profiles\tig28dh8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.06.28 02:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.28 02:33:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.30 13:20:37 | 000,005,593 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\LYRICSCONTAINER\116.XPI
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (LyricsContainer) - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files (x86)\LyricsContainer\116.dll (RYD Software)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Programme\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Folken\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - Startup: C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B874F6-5C10-4CC5-B3AB-2DF70FF78468}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.23 17:33:05 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2001.04.18 17:23:00 | 000,000,041 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9a5f2c8c-9ece-11e2-be6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a5f2c8c-9ece-11e2-be6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2001.04.30 19:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.08 19:41:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Folken\Desktop\OTL.exe
[2013.07.04 23:31:37 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\Nintendo DS
[2013.07.01 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\PDF24
[2013.07.01 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\OpenOffice.org
[2013.07.01 14:32:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.07.01 14:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.07.01 14:32:05 | 000,000,000 | ---D | C] -- C:\Users\Folken\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.07.01 13:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.07.01 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013.07.01 13:49:15 | 015,905,080 | ---- | C] (Geek Software GmbH ) -- C:\Users\Folken\Documents\pdf24-creator-5.6.0.exe
[2013.06.30 21:38:31 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SRSLabs
[2013.06.30 21:37:58 | 002,193,920 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll
[2013.06.30 21:37:58 | 001,401,856 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRRPTR64.DLL
[2013.06.30 21:37:58 | 000,674,304 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll
[2013.06.30 21:37:58 | 000,544,768 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\drivers\stwrt64.sys
[2013.06.30 21:37:58 | 000,315,904 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM64.DLL
[2013.06.30 21:37:58 | 000,287,744 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysWow64\SRCOM.dll
[2013.06.30 21:37:58 | 000,287,744 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM.DLL
[2013.06.30 21:37:58 | 000,256,000 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\st646457.dll
[2013.06.30 21:37:58 | 000,083,456 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SRAPO64.DLL
[2013.06.30 21:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2013.06.30 15:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\psx emulation cheater
[2013.06.30 13:50:33 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2013.06.30 13:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2013.06.30 13:21:02 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Iminent
[2013.06.30 13:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.06.30 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
[2013.06.30 13:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013.06.30 13:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2013.06.30 13:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.06.30 13:20:43 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\WebCake
[2013.06.30 13:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013.06.30 13:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.06.30 13:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013.06.30 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\PSX
[2013.06.30 00:07:39 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\Star Wars - The Old Republic
[2013.06.28 02:34:51 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\Macromedia
[2013.06.28 02:33:41 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\Mozilla
[2013.06.28 02:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.06.28 02:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.06.28 02:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.27 19:00:04 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\Bewerbungsunterlagen
[2013.06.25 15:00:53 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\WBB3 Software
[2013.06.23 21:44:22 | 000,772,680 | ---- | C] (Realtek ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2013.06.17 19:37:39 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
[2013.06.17 19:36:19 | 000,000,000 | ---D | C] -- C:\Joymax
[2013.06.16 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Local\Diagnostics
[2013.06.16 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
[2013.06.16 00:09:36 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\windows\DIIUnin.exe
[2013.06.16 00:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2013.06.15 23:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo II
[2013.06.14 01:16:51 | 000,000,000 | ---D | C] -- C:\Users\Folken\Documents\RIFT
[2013.06.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\RIFT
[2013.06.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
[2013.06.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT
[2013.06.12 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\Folken\AppData\Roaming\Avira
[2013.06.12 12:56:14 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.06.12 12:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.12 12:52:29 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.06.12 12:52:29 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.06.12 12:52:29 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.06.12 12:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.12 12:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
========== Files - Modified Within 30 Days ==========
[2013.07.08 23:36:59 | 000,000,000 | ---- | M] () -- C:\Users\Folken\defogger_reenable
[2013.07.08 23:35:43 | 012,546,048 | ---- | M] () -- C:\Users\Folken\Documents\cbw-thir.rar
[2013.07.08 21:18:58 | 000,022,035 | ---- | M] () -- C:\Users\Folken\Desktop\Anweisungen.odt
[2013.07.08 21:04:40 | 000,043,730 | ---- | M] () -- C:\Users\Folken\Desktop\Geschichte von Merlesini.odt
[2013.07.08 19:54:54 | 000,007,334 | ---- | M] () -- C:\Users\Folken\Desktop\Problem mit EXPFLASH.Straconn.Gen und APPLSolimba.GEN.odt
[2013.07.08 19:43:28 | 000,377,856 | ---- | M] () -- C:\Users\Folken\Desktop\gmer_2.1.19163.exe
[2013.07.08 19:41:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Folken\Desktop\OTL.exe
[2013.07.08 19:38:11 | 000,050,477 | ---- | M] () -- C:\Users\Folken\Desktop\Defogger.exe
[2013.07.08 16:42:54 | 000,021,898 | ---- | M] () -- C:\Users\Folken\Desktop\Anti Vir Berichte.odt
[2013.07.08 14:35:13 | 000,021,051 | ---- | M] () -- C:\Users\Folken\AppData\Local\recently-used.xbel
[2013.07.08 13:10:04 | 000,000,428 | ---- | M] () -- C:\windows\tasks\LyricsContainer Update.job
[2013.07.08 10:54:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.07 21:53:34 | 000,000,354 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForFolken.job
[2013.07.05 13:54:31 | 000,003,236 | ---- | M] () -- C:\Users\Folken\Desktop\DeSmuME_0.9.9_x64 - Verknüpfung.lnk
[2013.07.04 21:50:22 | 000,291,088 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2013.07.04 21:50:22 | 000,291,088 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013.07.04 21:50:16 | 000,280,904 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2013.07.04 18:20:55 | 000,313,624 | ---- | M] () -- C:\Users\Folken\Documents\ideas1040.zip
[2013.07.01 14:34:34 | 000,001,241 | ---- | M] () -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:32:56 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:31:46 | 152,249,762 | ---- | M] () -- C:\Users\Folken\Documents\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.07.01 13:54:33 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.07.01 13:54:33 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.07.01 13:49:15 | 015,905,080 | ---- | M] (Geek Software GmbH ) -- C:\Users\Folken\Documents\pdf24-creator-5.6.0.exe
[2013.06.30 21:37:41 | 006,101,504 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stlang64.dll
[2013.06.30 21:37:41 | 002,193,920 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll
[2013.06.30 21:37:41 | 001,897,984 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\IDTNC64.cpl
[2013.06.30 21:37:41 | 001,702,912 | ---- | M] (IDT, Inc.) -- C:\windows\sttray64.exe
[2013.06.30 21:37:41 | 001,401,856 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRRPTR64.DLL
[2013.06.30 21:37:41 | 000,674,304 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll
[2013.06.30 21:37:41 | 000,544,768 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\drivers\stwrt64.sys
[2013.06.30 21:37:41 | 000,315,904 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM64.DLL
[2013.06.30 21:37:41 | 000,287,744 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysWow64\SRCOM.dll
[2013.06.30 21:37:41 | 000,287,744 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRCOM.DLL
[2013.06.30 21:37:41 | 000,256,000 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\st646457.dll
[2013.06.30 21:37:41 | 000,225,280 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\HPToneCtrls64.dll
[2013.06.30 21:37:41 | 000,083,456 | ---- | M] (Synopsys, Inc.) -- C:\windows\SysNative\SRAPO64.DLL
[2013.06.30 15:36:55 | 000,001,967 | ---- | M] () -- C:\Users\Folken\Desktop\psx emulation cheater.lnk
[2013.06.30 15:13:40 | 001,326,080 | ---- | M] () -- C:\Users\Folken\Documents\pecsetup_v2.5.exe
[2013.06.30 14:52:36 | 001,336,832 | ---- | M] () -- C:\Users\Folken\Documents\pecsetup.exe
[2013.06.30 14:35:34 | 000,060,490 | ---- | M] () -- C:\Users\Folken\Documents\cdrpeops104.zip
[2013.06.30 14:34:05 | 000,021,203 | ---- | M] () -- C:\Users\Folken\Documents\cdrXeven_v0.93.zip
[2013.06.30 14:33:55 | 000,024,824 | ---- | M] () -- C:\Users\Folken\Documents\spupetedsound115.zip
[2013.06.30 14:13:40 | 000,175,318 | ---- | M] () -- C:\Users\Folken\Documents\gpupeteogl209.zip
[2013.06.30 13:30:58 | 188,870,397 | ---- | M] () -- C:\Users\Folken\Documents\Digimon World.7z
[2013.06.30 13:20:59 | 000,000,635 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.06.30 13:11:57 | 000,524,288 | ---- | M] () -- C:\Users\Folken\Documents\SCPH1001.BIN
[2013.06.30 13:11:05 | 000,784,150 | ---- | M] () -- C:\Users\Folken\Documents\pSX1.13.zip
[2013.06.28 02:33:38 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.26 23:25:41 | 000,570,880 | ---- | M] () -- C:\Users\Folken\Documents\com.designfreaks.style.anime.v1.1.0.tar
[2013.06.26 22:19:05 | 000,171,520 | ---- | M] () -- C:\Users\Folken\Documents\com.designfreaks.style.heaven.v1.0.0.tar
[2013.06.26 22:14:34 | 001,090,048 | ---- | M] () -- C:\Users\Folken\Documents\com.designfreaks.style.celticflower.v1.1.3.tar
[2013.06.26 20:45:50 | 000,342,495 | ---- | M] () -- C:\Users\Folken\Documents\forumstandardleaves-in-fall-style.tgz
[2013.06.26 14:59:24 | 000,010,586 | ---- | M] () -- C:\Users\Folken\Documents\systeminfo.xml
[2013.06.26 14:51:12 | 000,004,400 | ---- | M] () -- C:\Users\Folken\Documents\admintools.xml
[2013.06.26 14:50:56 | 000,024,465 | ---- | M] () -- C:\Users\Folken\Documents\options.xml
[2013.06.26 12:19:12 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.06.24 19:31:20 | 001,762,065 | ---- | M] () -- C:\Users\Folken\Documents\banner hh forum2.xcf
[2013.06.24 19:31:03 | 000,423,800 | ---- | M] () -- C:\Users\Folken\Documents\banner hh forum.xcf
[2013.06.24 14:14:31 | 000,096,169 | ---- | M] () -- C:\Users\Folken\Documents\AppleSeed.ttf
[2013.06.23 22:53:33 | 000,745,562 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.06.23 22:53:33 | 000,697,824 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.06.23 22:53:33 | 000,169,488 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.06.23 22:53:33 | 000,143,646 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.06.23 22:53:32 | 001,752,656 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.06.23 22:47:00 | 000,310,192 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.06.23 22:46:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.06.23 22:46:39 | 1680,539,646 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.23 21:44:22 | 000,772,680 | ---- | M] (Realtek ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2013.06.23 18:39:24 | 008,624,516 | ---- | M] () -- C:\Users\Folken\Documents\Bewerbungs Unterlagen.rar
[2013.06.23 18:37:49 | 001,338,909 | ---- | M] () -- C:\Users\Folken\Documents\Bewerbungsunterlagen IT-System-Elekroniker.pdf
[2013.06.17 19:37:39 | 000,000,692 | ---- | M] () -- C:\Users\Folken\Desktop\GDMO.lnk
[2013.06.17 18:54:56 | 000,000,931 | ---- | M] () -- C:\Users\Folken\Documents\Kündigung.rtf
[2013.06.17 18:24:44 | 000,678,173 | ---- | M] () -- C:\Users\Folken\Documents\Servicebereich_LogIn.pdf
[2013.06.16 00:29:36 | 000,040,655 | ---- | M] () -- C:\windows\DIIUnin.dat
[2013.06.16 00:23:03 | 000,001,907 | ---- | M] () -- C:\Users\Folken\Desktop\Diablo II - Lord of Destruction.lnk
[2013.06.16 00:09:37 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2013.06.16 00:09:36 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\windows\DIIUnin.exe
[2013.06.16 00:09:36 | 000,002,829 | ---- | M] () -- C:\windows\DIIUnin.pif
[2013.06.14 01:07:59 | 000,000,950 | ---- | M] () -- C:\Users\Folken\Desktop\RIFT.lnk
[2013.06.14 00:09:04 | 000,043,431 | ---- | M] () -- C:\Users\Folken\Documents\DownloadDatei_Staatsangehrigkeitsrecht_neu.pdf
[2013.06.13 15:12:16 | 000,000,219 | ---- | M] () -- C:\Users\Folken\Desktop\Dota 2.url
[2013.06.12 12:52:35 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 21:51:50 | 000,168,151 | ---- | M] () -- C:\Users\Folken\Documents\heaven-style.tgz
========== Files Created - No Company Name ==========
[2013.07.08 23:37:57 | 000,000,100 | -H-- | C] () -- C:\Users\Folken\Desktop\.~lock.Anweisungen.odt#
[2013.07.08 23:36:59 | 000,000,000 | ---- | C] () -- C:\Users\Folken\defogger_reenable
[2013.07.08 23:29:33 | 012,546,048 | ---- | C] () -- C:\Users\Folken\Documents\cbw-thir.rar
[2013.07.08 21:18:38 | 000,022,035 | ---- | C] () -- C:\Users\Folken\Desktop\Anweisungen.odt
[2013.07.08 19:54:54 | 000,007,334 | ---- | C] () -- C:\Users\Folken\Desktop\Problem mit EXPFLASH.Straconn.Gen und APPLSolimba.GEN.odt
[2013.07.08 19:43:28 | 000,377,856 | ---- | C] () -- C:\Users\Folken\Desktop\gmer_2.1.19163.exe
[2013.07.08 19:38:11 | 000,050,477 | ---- | C] () -- C:\Users\Folken\Desktop\Defogger.exe
[2013.07.08 16:42:21 | 000,021,898 | ---- | C] () -- C:\Users\Folken\Desktop\Anti Vir Berichte.odt
[2013.07.08 15:02:28 | 000,043,730 | ---- | C] () -- C:\Users\Folken\Desktop\Geschichte von Merlesini.odt
[2013.07.08 14:35:13 | 000,021,051 | ---- | C] () -- C:\Users\Folken\AppData\Local\recently-used.xbel
[2013.07.05 13:54:31 | 000,003,236 | ---- | C] () -- C:\Users\Folken\Desktop\DeSmuME_0.9.9_x64 - Verknüpfung.lnk
[2013.07.04 18:20:55 | 000,313,624 | ---- | C] () -- C:\Users\Folken\Documents\ideas1040.zip
[2013.07.01 14:34:34 | 000,001,241 | ---- | C] () -- C:\Users\Folken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:32:56 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.07.01 14:31:01 | 152,249,762 | ---- | C] () -- C:\Users\Folken\Documents\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
[2013.07.01 13:54:33 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.07.01 13:54:33 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.06.30 15:36:55 | 000,001,967 | ---- | C] () -- C:\Users\Folken\Desktop\psx emulation cheater.lnk
[2013.06.30 14:52:36 | 001,336,832 | ---- | C] () -- C:\Users\Folken\Documents\pecsetup.exe
[2013.06.30 14:35:34 | 000,060,490 | ---- | C] () -- C:\Users\Folken\Documents\cdrpeops104.zip
[2013.06.30 14:34:05 | 000,021,203 | ---- | C] () -- C:\Users\Folken\Documents\cdrXeven_v0.93.zip
[2013.06.30 14:33:55 | 000,024,824 | ---- | C] () -- C:\Users\Folken\Documents\spupetedsound115.zip
[2013.06.30 14:13:51 | 000,425,984 | ---- | C] () -- C:\Users\Folken\Documents\gpuPeteOpenGL2.dll
[2013.06.30 14:00:22 | 000,175,318 | ---- | C] () -- C:\Users\Folken\Documents\gpupeteogl209.zip
[2013.06.30 13:49:03 | 001,326,080 | ---- | C] () -- C:\Users\Folken\Documents\pecsetup_v2.5.exe
[2013.06.30 13:38:39 | 000,000,079 | ---- | C] () -- C:\Users\Folken\Documents\Digimon World.cue
[2013.06.30 13:38:27 | 381,771,936 | ---- | C] () -- C:\Users\Folken\Documents\Digimon World.bin
[2013.06.30 13:20:57 | 000,000,635 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.06.30 13:20:37 | 000,000,428 | ---- | C] () -- C:\windows\tasks\LyricsContainer Update.job
[2013.06.30 13:15:06 | 188,870,397 | ---- | C] () -- C:\Users\Folken\Documents\Digimon World.7z
[2013.06.30 13:11:57 | 000,524,288 | ---- | C] () -- C:\Users\Folken\Documents\SCPH1001.BIN
[2013.06.30 13:11:05 | 000,784,150 | ---- | C] () -- C:\Users\Folken\Documents\pSX1.13.zip
[2013.06.28 02:33:38 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.06.28 02:33:38 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.06.26 23:25:57 | 000,567,503 | ---- | C] () -- C:\Users\Folken\Documents\anime-style.tgz
[2013.06.26 23:25:41 | 000,570,880 | ---- | C] () -- C:\Users\Folken\Documents\com.designfreaks.style.anime.v1.1.0.tar
[2013.06.26 22:20:55 | 000,168,151 | ---- | C] () -- C:\Users\Folken\Documents\heaven-style.tgz
[2013.06.26 22:19:05 | 000,171,520 | ---- | C] () -- C:\Users\Folken\Documents\com.designfreaks.style.heaven.v1.0.0.tar
[2013.06.26 22:14:34 | 001,090,048 | ---- | C] () -- C:\Users\Folken\Documents\com.designfreaks.style.celticflower.v1.1.3.tar
[2013.06.26 20:45:50 | 000,342,495 | ---- | C] () -- C:\Users\Folken\Documents\forumstandardleaves-in-fall-style.tgz
[2013.06.26 14:59:24 | 000,010,586 | ---- | C] () -- C:\Users\Folken\Documents\systeminfo.xml
[2013.06.26 14:51:12 | 000,004,400 | ---- | C] () -- C:\Users\Folken\Documents\admintools.xml
[2013.06.26 14:50:56 | 000,024,465 | ---- | C] () -- C:\Users\Folken\Documents\options.xml
[2013.06.24 19:31:20 | 001,762,065 | ---- | C] () -- C:\Users\Folken\Documents\banner hh forum2.xcf
[2013.06.24 19:30:51 | 000,423,800 | ---- | C] () -- C:\Users\Folken\Documents\banner hh forum.xcf
[2013.06.24 14:14:31 | 000,096,169 | ---- | C] () -- C:\Users\Folken\Documents\AppleSeed.ttf
[2013.06.23 22:46:52 | 000,310,192 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.06.23 18:39:17 | 008,624,516 | ---- | C] () -- C:\Users\Folken\Documents\Bewerbungs Unterlagen.rar
[2013.06.23 18:37:49 | 001,338,909 | ---- | C] () -- C:\Users\Folken\Documents\Bewerbungsunterlagen IT-System-Elekroniker.pdf
[2013.06.17 19:37:39 | 000,000,692 | ---- | C] () -- C:\Users\Folken\Desktop\GDMO.lnk
[2013.06.17 18:24:44 | 000,678,173 | ---- | C] () -- C:\Users\Folken\Documents\Servicebereich_LogIn.pdf
[2013.06.17 18:07:32 | 000,000,931 | ---- | C] () -- C:\Users\Folken\Documents\Kündigung.rtf
[2013.06.16 00:23:03 | 000,001,907 | ---- | C] () -- C:\Users\Folken\Desktop\Diablo II - Lord of Destruction.lnk
[2013.06.16 00:09:37 | 000,040,655 | ---- | C] () -- C:\windows\DIIUnin.dat
[2013.06.16 00:09:37 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2013.06.16 00:09:36 | 000,002,829 | ---- | C] () -- C:\windows\DIIUnin.pif
[2013.06.15 13:32:28 | 000,386,646 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013.06.14 01:07:59 | 000,000,950 | ---- | C] () -- C:\Users\Folken\Desktop\RIFT.lnk
[2013.06.14 00:09:04 | 000,043,431 | ---- | C] () -- C:\Users\Folken\Documents\DownloadDatei_Staatsangehrigkeitsrecht_neu.pdf
[2013.06.13 15:12:16 | 000,000,219 | ---- | C] () -- C:\Users\Folken\Desktop\Dota 2.url
[2013.06.12 12:52:35 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.29 19:30:40 | 000,291,088 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013.05.29 19:30:34 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2013.04.06 17:40:50 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.10.12 03:42:25 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012.08.10 17:10:05 | 000,915,038 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2013.02.19 03:17:39 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.21 12:35:34 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\DVDVideoSoft
[2013.07.08 23:36:47 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\ICQ
[2013.04.22 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\ICQ Search
[2013.04.08 23:57:11 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\ICQ-Profile
[2013.07.08 11:02:03 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
[2013.06.30 13:21:02 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\Iminent
[2013.04.20 00:59:03 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\LolClient
[2013.07.01 14:34:29 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\OpenOffice.org
[2013.04.06 19:04:02 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\Opera
[2013.06.04 19:35:20 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\Origin
[2013.06.14 01:26:34 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\RIFT
[2013.04.24 14:00:55 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\The Creative Assembly
[2013.07.07 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\TS3Client
[2013.06.01 01:16:24 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\WebApp
[2013.06.30 13:20:45 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\WebCake
[2013.05.19 21:27:44 | 000,000,000 | ---D | M] -- C:\Users\Folken\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >
| Extra.txt Zitat:
OTL Extras logfile created on: 08.07.2013 23:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Folken\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
11,96 Gb Total Physical Memory | 8,98 Gb Available Physical Memory | 75,13% Memory free
15,25 Gb Paging File | 9,99 Gb Available in Paging File | 65,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,39 Gb Total Space | 682,96 Gb Free Space | 74,36% Space Free | Partition Type: NTFS
Drive D: | 11,64 Gb Total Space | 1,41 Gb Free Space | 12,11% Space Free | Partition Type: NTFS
Drive E: | 3,69 Gb Total Space | 0,01 Gb Free Space | 0,32% Space Free | Partition Type: FAT32
Drive F: | 485,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: JOSEF-PC | User Name: Folken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B9EF66F-AF97-46EA-AFBF-AEA77518AA85}" = rport=445 | protocol=6 | dir=out | app=system |
"{249E92A4-1635-4885-A473-78CD181023C0}" = lport=139 | protocol=6 | dir=in | app=system |
"{2E282C07-4027-48EF-9006-D5A5071732CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C3E1D6E-5EBE-416B-A402-321DA6DB74BA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{423B0A38-7D9A-4B60-9D0C-D29E25E4E2F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{459565BA-243D-4FF8-A40D-10531A644D9F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B0C1EF2-1B3B-4275-A3B3-489246ED364E}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe |
"{4D18B250-625D-429B-9A31-C1F70FB5EE68}" = lport=137 | protocol=17 | dir=in | app=system |
"{58CE6D87-9F84-4495-813C-57B6A2008E02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F811183-AEEB-44D8-8859-BD2919BE135E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62B040B2-375E-42B1-9B19-0BD5C6CF0E8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63B2211C-3903-419F-9722-91C562BD104F}" = rport=80 | protocol=6 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{76E454E0-B726-4910-9FDE-2C0BB7146858}" = rport=137 | protocol=17 | dir=out | app=system |
"{7A7453CB-93B1-4E26-BD17-58749B17D7BD}" = rport=80 | protocol=6 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.exe |
"{84EE482C-EBB8-44D9-9E51-15CFCC7397ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8C369CBD-CAB0-4597-B6A4-3A9F168D2A4F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8D523F32-3A38-4DB0-872F-FDAEE9ECA96C}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F542C7F-FC8E-4D20-B38F-6E6894AE4D86}" = lport=138 | protocol=17 | dir=in | app=system |
"{99AB3B70-4396-43B6-8C2A-BDF950B34F86}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A71EE85D-AE4E-47D5-B3C4-49A669107C3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B9C6D6A0-9AF5-4F1E-9555-31C410C6047C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBDADD54-BAAC-4E04-A64C-DFAD59F68B43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C15240A4-5BCA-4B14-AF85-86AC7C3B0EAB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D6A378F2-D3E4-4704-AA2D-49E50F03E964}" = rport=138 | protocol=17 | dir=out | app=system |
"{E827D456-8205-450E-98A9-67E2A0CCC73D}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe |
"{ED192CB8-E68F-493E-A055-C415B4552B2F}" = rport=80 | protocol=6 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{F7D79318-421C-44BF-B40B-43B2176F9C16}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FCE70544-A941-4FEE-AE47-FE8AAE218238}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005952BF-E3AE-4003-8EA1-BDCC89FCB0D5}" = protocol=6 | dir=out | app=system |
"{04EB9958-2441-4E92-91F6-B31D1B6EA3FE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{05845ADE-759C-418A-8D27-D377BD2B2D9C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08B231E6-3C4C-4967-B203-2696C634F52B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{0B6D94EE-5F3F-436E-A30B-348C609EF8DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BAD79E1-3AC9-46B7-8222-35A16EDC3036}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DD095A1-B4B2-4B45-B08A-BB55F353C4DA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DE7D88C-191A-4800-B487-DB1257F9E53A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11B8B8DE-629E-4B99-BCE2-6ECC525B59F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{139482D9-F3DD-4C3C-A504-F34F6CBC98FA}" = dir=out | name=hp connected photo powered by snapfish |
"{18A6D886-BFF8-4205-B63F-25C6DC157433}" = protocol=17 | dir=in | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.exe |
"{194BA8AD-BCA4-44D7-80C8-B2B6FCACE69A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{1A26B3D3-79C7-490B-A614-F96E818B3B1B}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{1C2CC004-BFF9-4D5C-B91A-1528F0320C40}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1CA7590C-DB8D-44B4-9945-8FE9A8CB2FC0}" = dir=in | name=ebay |
"{1D2B3156-705F-40B5-AC38-2827A577F88C}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{23A54D60-826C-4F2A-A3C5-12D6B2231A1C}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{24028A49-3856-4BB2-A715-8711E342195E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{24A7F539-C6D1-43D9-884E-34A64056CE19}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{27EC1799-6D66-4C4D-82C8-51DAA3C4A1A1}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2C23CEB0-E979-4BB0-A3C1-B4AAE2480E57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2ECEB180-7F43-48FE-B1D5-ED9E1DA75062}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{2FBAABB9-C95C-4C1C-8A91-FE624BB69AD3}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{3101E16E-E868-4A04-AE59-2ADF823A16C6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{31AED751-900E-4212-B377-60D3121F861B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3305B282-0CF9-4245-8431-40A99FE8C4ED}" = protocol=17 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.exe |
"{35C87915-A0B7-4ADB-A840-24FBB103C21A}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{362A699C-5033-438A-8A72-AB7A2FB65B64}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{394AA0C2-1736-45FF-8963-71CFE06CD3B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3C5553AB-EDBA-48BF-A73B-5EF2BAF7D5F2}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{3D57FF6C-EB0D-44F4-A0CB-65CD743706F1}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{3DA7C1A2-B906-4430-A6C8-E496B71A1631}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3FF38AD5-3C20-4791-A52A-C46626BF9677}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{40FC0F19-7739-44C5-9006-2C4E87FCDFFD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42C0C2C5-6DFA-4671-98F8-D90B5732FB97}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{44761AB2-0B90-4EDA-B2B5-201CC87FC2C2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{4502A670-EF5C-440C-9595-184693790683}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe |
"{4960B87A-C0C0-4872-A809-3B793A96233A}" = protocol=17 | dir=in | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{49A52700-3785-416F-B7C3-283C9E8EAE1A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4EBE8256-C703-4EAA-B070-0C63FF8F9241}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{51DFBA9D-AF32-4DA3-BCD3-550D1EC5B189}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{52730920-3352-492F-84A6-4ECBA2433D0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5351FAC4-0982-415E-ACF3-7A8EADB91471}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{5429ED58-A499-435D-92EF-DCAB10C72DCA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55AB7A89-88AD-41E0-9081-E5832187C1AA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{56670866-EAB7-4F11-9EFF-8E1FF3928350}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{5801248F-7DCF-492D-A29D-373E419D873A}" = dir=out | name=ebay |
"{59DF142E-3A29-42AA-A70E-BD58E246EADE}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5AF0B44B-4C0C-4D81-93F0-4E12FDCD1610}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5B4063EF-8BBA-4092-9E74-B58BC6D46A10}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5F89B5A1-FD7A-4F13-B42C-33AF14923AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6284038D-FCBE-4C8E-985E-CA229C39CCBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{62AA7EB5-EA8C-460E-9AA8-F9845A050B2A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{63BAF848-95A7-49BA-AC97-4B586C54DFF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{65CD270C-E144-45F1-884D-2DD598844F7A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6848DDF0-350C-479B-A325-F95176FE4679}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{6C8CB570-7FD7-4A56-9F10-4A3602924607}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6FAE3441-F65F-4899-89C1-5961643416A2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{6FD92707-0145-4D44-BB7C-6D17BBD123D6}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{705A2D1B-6F75-40AB-9EF0-FB417DF0F6B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{737ECDC7-5326-41F5-941B-B84F96A94028}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{740E191A-2A35-46CA-831A-3185D423B920}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{741EBBD3-747C-4DDA-88FE-FBFE7526C78C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{74479111-67B9-4D03-BFF9-B9EC3ED1C4A4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{74F5A108-E9B7-4D8A-B950-B38781BEE726}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{75F84DEF-617B-4510-A307-9BF9827F2110}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7633C04E-6438-4F9A-83B6-DCFEA2697FDE}" = dir=out | name=norton studio |
"{7DF62E80-1CC2-438A-9130-ED98794B1673}" = dir=out | name=windows_ie_ac_001 |
"{7F086906-B8E7-4F73-85D2-5C462CA2DEE1}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe |
"{7F9FBB06-90E7-402D-919B-CD5DF94D1CF6}" = protocol=17 | dir=out | app=c:\users\folken\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{85041390-CD67-4C7C-B81F-0ABA8F429A16}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{89579800-176E-4E62-ADA9-148C6C203A66}" = dir=in | name=skype |
"{8D976E2B-E563-4F46-970C-6EFECBB6A5AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90A2C69D-FF00-4D3F-A70F-BEABFE2E4CAE}" = dir=out | name=getting started with windows 8 |
"{90F3E06A-85B2-47A6-821B-5D177ABFBDCF}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{936E98EA-B3DB-44CF-BD9A-0D03FECC9EA4}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{97F3E19E-F70B-4493-9FA2-6BDBCEEF18E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{9D95AA0D-AB29-4DCF-BEAA-41A40257E378}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A16D0456-3FBF-4FB8-BB2C-99BE958BAF31}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{A1A61B04-84C4-409F-985F-5B07DEB83AF7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{A2D9C80D-015B-4BD7-B6E8-C92BC5B8FE2C}" = dir=out | name=skype |
"{A80696E6-0A2D-4FB0-BF09-6CF0136A9C06}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{A8336D42-5A93-40E6-8BD7-BC2DFB7E0826}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{A84AA03D-0B84-4605-8B3D-45B08531BD47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{B28E4472-3F03-4D6B-B05A-737AA522A6E0}" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll |
"{B37A3EDD-4062-4496-BF67-540517F952CB}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{B3A3B624-4A36-44F3-80E1-D8E155CFF79D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe |
"{B6382473-712B-4973-9A2D-A384EA1173D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{B6F49CD5-D756-4200-87F0-C77081CF07B0}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{B7BE5721-2C07-47E9-A76D-B97F98BE2CBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{B99E3610-0877-4A5A-AB26-E67D01645171}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC46CC1D-E2C1-4323-97E7-7AF4CC571784}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"{BD89A435-7DA3-48BD-BB06-7DDB4D39B4C6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{C0044856-888E-4A23-8686-E6CAA699C7D7}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{C10385BB-07E3-4256-B888-1CB2685DB1CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{C39BCFF6-9E01-47C9-98FB-37B6F1074BB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{C39E8713-6D70-40BB-8AB6-9E11779D84F1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{C52A75D1-BB6C-4DF7-A20C-5A1FBF798AA7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C594FFEB-A722-4D61-8EC1-50F90C9D5C49}" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll |
"{C6DBAE1E-A23B-4153-9FCA-231FE415570C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{CCF663AA-1468-455F-85AA-274CBB7A60E4}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{CD91B67D-2008-4552-97D5-F1663C4A37A1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{CF389137-8CF6-454E-9728-EB6E91280616}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF7D7029-647D-4F55-8640-3F7E3BDD1596}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFC54DE1-43C2-44ED-82EB-CBF9560284D9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D2922917-89B1-48AB-AB2B-076AD11B13E6}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D58C39A9-2A9E-4756-8F20-4D8E57A77DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6973BF6-5FBF-4479-BE88-344FCFAADBEC}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{D6F06DD7-3A7B-4321-A1BA-1382D92D0D83}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{D9EE59C6-3C9C-4377-939C-23A93E461742}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{DE04C495-6A8A-41CE-B523-5CD98E7E5C25}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{E16C9D3C-D32C-4A30-A08F-838C377E0F9B}" = protocol=17 | dir=in | app=c:\users\folken\appdata\roaming\icqm\icq.exe |
"{E2D1D009-AC52-4539-8FE0-28C705C90C4B}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E37B271B-5DCB-4091-BF67-EC4628B52067}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{E5C40858-B94B-4A96-9FA4-E42D6F54B879}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9E436E9-71FF-485D-8425-08EE8251F49B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EA2C8CEA-6CAD-43F5-BE23-E4957DB7F532}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{EC0A4512-9324-4132-B0B2-73D37BBF231D}" = protocol=6 | dir=in | app=c:\users\folken\appdata\roaming\icqm\icq.exe |
"{EED5CB9F-5060-4433-AAF1-0337F3190732}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2044390-2DAB-49BB-9A1D-5680F788EF76}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{F586B61B-1DE4-4031-B2FE-6EA0BBFFC5EF}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F58BF9A9-3FD8-422A-B84C-0E3C03D20A4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7209F59-902C-4AF7-AB2B-0CF5E7BC8D7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"{FAFC85F4-FC91-4574-8AD3-7D23D3A799C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{FBF4EA46-F1BE-476B-A16F-B1630ED66AE5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{FFFC0C4F-25F3-4EAE-AAE3-B16756657C39}" = dir=out | name=hp registration |
"TCP Query User{56AAD0E3-D2F1-479C-B235-BB546F07B900}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{6FED92B8-159C-401C-AFB8-CBA2CBF3CD4E}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{7F29FE54-66BF-428F-87FD-548E1C8335B5}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{8C4D377F-7DEC-423B-A682-0D1619A186CB}C:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{363C5EED-6805-4B7B-94B2-3D03F16ECE1A}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{53214C89-F795-4966-BEDC-EFB20D57C917}C:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{8B0CC3AD-1939-4491-AD01-877DEE841771}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{B99C6A3F-FA4F-4F00-ACA4-2DA7D6341E88}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8305DB2-3F6A-43CF-8CE3-EFD3D0F1C352}" = CBR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.68
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.68
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}" = HP Registration Service
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"GIMP-2_is1" = GIMP 2.8.4
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FE0084-07DA-4FF2-9427-8C6C6BE7310D}" = Warframe
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1" = Connected Music powered by Universal Music Group version 1.0
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DD7575CC-5005-4B22-8E72-0637F6C01C58}" = Iminent
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DMO" = GDMO
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.419
"Guard.Mail.ru" = Guard.ICQ
"Hunted: The Demon's Forge_is1" = Hunted: The Demon's Forge Version 1.0
"ICQToolbar" = ICQ Toolbar
"IMBoosterARP" = Iminent
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Lyrics@LyricsContainer.co" = LyricsContainer
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.16.1860" = Opera 12.16
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Steam App 10500" = Empire: Total War
"Steam App 113400" = APB Reloaded
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 570" = Dota 2
"Steam App 6370" = Bloodline Champions
"TI xHCI Filter Driver" = TI xHCI Filter Driver 1.0.0.4
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RIFT" = RIFT
"soe-PlanetSide 2 PSG" = PlanetSide 2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2013 19:40:07 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1141
Error - 30.06.2013 19:40:09 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.06.2013 19:40:09 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2297
Error - 30.06.2013 19:40:09 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2297
Error - 30.06.2013 19:40:10 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.06.2013 19:40:10 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3454
Error - 30.06.2013 19:40:10 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3454
Error - 30.06.2013 19:40:11 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.06.2013 19:40:11 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4563
Error - 30.06.2013 19:40:11 | Computer Name = Josef-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4563
Error - 01.07.2013 15:27:37 | Computer Name = Josef-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500,
Zeitstempel: 0x5028bfc0 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16384,
Zeitstempel: 0x50108b02 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00010137 ID des fehlerhaften
Prozesses: 0x1c78 Startzeit der fehlerhaften Anwendung: 0x01ce76575724d8b8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\RPCRT4.dll Berichtskennung: 4926a4cd-e284-11e2-be7c-10604b7e1d3e
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 12.06.2013 06:46:38 | Computer Name = Josef-PC | Source = DCOM | ID = 10010
Description =
Error - 12.06.2013 06:48:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%2147942487
Error - 12.06.2013 06:48:35 | Computer Name = Josef-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2147942487
Error - 12.06.2013 07:51:07 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 12.06.2013 08:43:44 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 13.06.2013 05:40:46 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 13.06.2013 08:12:04 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 14.06.2013 07:35:44 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 14.06.2013 07:59:21 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 16.06.2013 05:27:19 | Computer Name = Josef-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
< End of report >
|
Log File Zitat:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-08 23:58:13
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000DM003-9YN162 rev.HP16 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Folken\AppData\Local\Temp\pgloypow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff80270ad041c 1 byte [31]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1088] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fa204f1532 4 bytes [4F, 20, FA, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1088] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fa204f153a 4 bytes [4F, 20, FA, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1088] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fa204f165a 4 bytes [4F, 20, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\MSIMG32.dll!GradientFill + 690 000007fa204f1532 4 bytes [4F, 20, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\MSIMG32.dll!GradientFill + 698 000007fa204f153a 4 bytes [4F, 20, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fa204f165a 4 bytes [4F, 20, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fa280e177a 4 bytes [0E, 28, FA, 07]
.text C:\windows\system32\nvvsvc.exe[1100] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fa280e1782 4 bytes [0E, 28, FA, 07]
.text c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[4056] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fa280e177a 4 bytes [0E, 28, FA, 07]
.text c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[4056] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fa280e1782 4 bytes [0E, 28, FA, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1064] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fa0c591b32 4 bytes [59, 0C, FA, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1064] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fa0c591b3a 4 bytes [59, 0C, FA, 07]
.text c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[4332] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fa280e177a 4 bytes [0E, 28, FA, 07]
.text c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[4332] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fa280e1782 4 bytes [0E, 28, FA, 07]
---- Threads - GMER 2.1 ----
Thread C:\windows\system32\csrss.exe [496:520] fffff960009a95e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
09.07.2013, 12:44
Baum-Darstellung