| felaisch | 31.07.2013 13:47 |
Wsys control (+evtl qvo6) auf meinem Rechner
Hallo liebes Team,
Ich habe die Tage mir ein Torrentprogramm von BitLord runtergeladen und mir dabei qvo6 eingefangen. Das Problem habe ich mit adwCleaner und hijackThis behandelt (glaube ich zumindest), und dachte ich hätte bereits alles notwendige getan, da qvo6 sich nicht mehr gemeldet hat.
Gestern habe ich dann wegen meiner momentan sehr langen Boot-Zeit mir mit Soluto angeschaut, was denn alles so bootet, und dabei Wsys control entdeckt. Nach kurzem Googlen habe ich es mit Soluto aus dem Boot entfernt, aber ich wollte das ganze jetzt mal etwas ernsthafter angehen, und deswegen bin ich hier. Code:
OTL logfile created on: 31.07.2013 13:43:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arne\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,27% Memory free
8,00 Gb Paging File | 5,81 Gb Available in Paging File | 72,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 1,95 Gb Free Space | 3,33% Space Free | Partition Type: NTFS
Drive D: | 407,17 Gb Total Space | 170,22 Gb Free Space | 41,81% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 135,91 Gb Free Space | 14,59% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1281,30 Gb Free Space | 68,78% Space Free | Partition Type: NTFS
Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.31 13:42:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.10.31 21:06:20 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.27 00:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.07.19 05:56:21 | 000,376,896 | ---- | M] (Wsys Co., Ltd.) [On_Demand | Stopped] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc)
SRV - [2013.07.11 12:11:42 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.26 13:18:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.21 13:51:56 | 000,182,840 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2012.11.21 13:51:48 | 000,644,152 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012.10.31 21:06:20 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.21 13:42:36 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.10.31 21:06:42 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.05.20 06:04:27 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007.04.23 15:21:16 | 000,269,824 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 BE CD F6 D4 9B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2EED6240-EC7F-4CA3-B767-A4FB38E92C0A}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{56B46D28-65B6-45AA-B752-C074F721885F}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5D8AAB20-B868-459F-80F5-51FA6919BE01}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{F4C2410B-54B4-4B2E-8A55-2BD8D02962A7}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.merlinmann.com/rightnow/"
FF - prefs.js..extensions.enabledAddons: wikilook%40testpilot:2.7.0
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Ba95d8332-e4b4-6e7f-98ac-20b733364387%7D:0.6.5
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2
FF - prefs.js..extensions.enabledItems: wikilook@testpilot:2.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('.brightcove.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.22 12:45:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.10 18:24:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.10 18:24:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 21:06:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 21:06:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 21:06:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.26 13:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: D:\Zeugs\Thunderbird\components [2012.11.01 01:03:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: D:\Zeugs\Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\THBExt_2_x [2011.06.26 16:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\THBExt_3_1_x [2011.06.26 16:53:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.22 12:45:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.26 13:18:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: D:\Zeugs\Thunderbird\components [2012.11.01 01:03:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: D:\Zeugs\Thunderbird\plugins
[2011.01.20 23:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Extensions
[2011.01.20 23:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.07.31 13:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\gzp056bd.default\extensions
[2013.04.15 23:48:47 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\gzp056bd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012.10.13 13:47:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\gzp056bd.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.03.24 13:50:08 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\gzp056bd.default\extensions\en-US@dictionaries.addons.mozilla.org
[2013.07.14 15:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\td35xjsi.default\extensions
[2013.07.24 14:16:02 | 000,325,530 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2011.04.14 13:45:05 | 000,169,939 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\extensions\wikilook@testpilot.xpi
[2013.07.23 14:03:33 | 000,534,063 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.07.14 04:24:04 | 000,065,468 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
[2012.12.12 08:24:16 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.07.25 15:08:27 | 000,824,431 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.22 17:49:29 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.01.22 00:29:14 | 000,002,484 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\searchplugins\ixquick.xml
[2011.01.25 16:59:16 | 000,001,330 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\searchplugins\wikipedia-en.xml
[2011.01.28 21:57:38 | 000,005,613 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\gzp056bd.default\searchplugins\wolfram-mathworld.xml
[2013.06.26 13:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.06.26 13:18:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.06.26 13:18:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2013.06.26 13:18:11 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.06.26 13:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.26 13:18:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.01.11 13:22:42 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{526B31AD-8DB6-4E66-BBF7-9524C446BB18}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE2BF432-7F1F-48A8-960C-C69F0B17B18B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.14 10:00:22 | 000,008,192 | ---- | M] (Microsoft) - F:\AutoOff.exe -- [ NTFS ]
O32 - AutoRun File - [2010.01.20 12:02:34 | 000,000,065 | ---- | M] () - F:\autorun.unf -- [ NTFS ]
O33 - MountPoints2\{fe5b1d3e-16ad-11e0-953b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe5b1d3e-16ad-11e0-953b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.31 13:42:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe
[2013.07.16 15:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.07.14 15:27:02 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.07.14 14:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.07.14 02:53:24 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Python-Eggs
[2013.07.14 02:53:21 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\BitLord
[2013.07.14 02:51:56 | 000,000,000 | ---D | C] -- C:\Users\Arne\Documents\BitLord
[2013.07.14 02:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.07.11 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\Adobe
[2010.12.27 05:26:00 | 000,932,662 | ---- | C] (The Pidgin developer community) -- C:\Program Files\pidgin.dll
[2010.12.27 05:26:00 | 000,605,383 | ---- | C] (The Pidgin developer community) -- C:\Program Files\libpurple.dll
[2010.12.27 05:26:00 | 000,048,618 | ---- | C] (The Pidgin developer community) -- C:\Program Files\pidgin.exe
[2010.12.27 05:25:52 | 000,259,132 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2010.12.27 05:25:52 | 000,232,807 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2010.12.27 05:25:52 | 000,215,727 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2010.12.27 05:25:50 | 001,290,804 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2010.12.27 05:25:50 | 000,414,890 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2010.12.27 05:25:50 | 000,333,204 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libnspr4.dll
[2010.12.27 05:25:50 | 000,286,885 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2010.12.27 05:25:50 | 000,128,262 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2010.12.27 05:25:50 | 000,031,554 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libplc4.dll
[2010.12.27 05:25:50 | 000,026,148 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libplds4.dll
[2010.12.27 05:25:48 | 000,077,888 | ---- | C] (Carnegie Mellon University) -- C:\Program Files\libsasl.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.07.31 13:42:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe
[2013.07.31 13:41:38 | 000,000,000 | ---- | M] () -- C:\Users\Arne\defogger_reenable
[2013.07.31 13:40:50 | 000,050,477 | ---- | M] () -- C:\Users\Arne\Desktop\Defogger.exe
[2013.07.31 13:39:22 | 000,016,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.31 13:39:22 | 000,016,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.31 13:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.31 13:31:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.31 13:31:24 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.31 06:48:00 | 000,002,780 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2013.07.31 06:48:00 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2013.07.30 23:35:59 | 000,000,264 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.30 23:26:42 | 000,666,633 | ---- | M] () -- C:\Users\Arne\Desktop\adwcleaner.exe
[2013.07.29 21:27:16 | 000,001,459 | ---- | M] () -- C:\Users\Arne\.recently-used.xbel
[2013.07.29 16:08:30 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.29 16:08:30 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.29 16:08:30 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.29 16:08:30 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.29 16:08:30 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.29 14:13:24 | 000,001,047 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.07.17 19:31:25 | 000,017,408 | ---- | M] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.16 15:50:43 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.07.14 15:27:02 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.07.13 02:41:50 | 000,006,434 | ---- | M] () -- C:\Users\Arne\AppData\Local\recently-used.xbel
[2013.07.10 00:49:52 | 000,384,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.02 01:24:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.02 01:24:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.07.31 13:41:38 | 000,000,000 | ---- | C] () -- C:\Users\Arne\defogger_reenable
[2013.07.31 13:40:49 | 000,050,477 | ---- | C] () -- C:\Users\Arne\Desktop\Defogger.exe
[2013.07.30 23:26:36 | 000,666,633 | ---- | C] () -- C:\Users\Arne\Desktop\adwcleaner.exe
[2013.07.29 21:27:16 | 000,001,459 | ---- | C] () -- C:\Users\Arne\.recently-used.xbel
[2013.07.29 14:13:24 | 000,001,047 | ---- | C] () -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.07.16 15:50:43 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.07.14 15:36:35 | 000,000,264 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.13 02:41:50 | 000,006,434 | ---- | C] () -- C:\Users\Arne\AppData\Local\recently-used.xbel
[2013.07.02 01:24:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.02 01:24:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.11 15:15:12 | 000,941,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2012.08.13 10:57:00 | 000,012,927 | ---- | C] () -- C:\Program Files (x86)\readme.html
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.13 19:03:39 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.02 13:18:07 | 000,030,695 | ---- | C] () -- C:\Users\Arne\helden.zip.hld.ok
[2011.08.29 22:09:17 | 000,034,091 | ---- | C] () -- C:\Users\Arne\helden.zip.hld
[2011.08.18 23:58:32 | 000,000,173 | ---- | C] () -- C:\Users\Arne\.bastetrc
[2011.08.18 23:47:19 | 000,001,000 | ---- | C] () -- C:\Users\Arne\.bastetscores
[2011.08.10 20:08:45 | 000,003,932 | ---- | C] () -- C:\Users\Arne\.heldEinstellungen4_1.xml
[2011.08.10 20:08:45 | 000,000,251 | ---- | C] () -- C:\Users\Arne\.dsa4.properties
[2011.06.26 17:05:12 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011.06.26 16:54:50 | 000,017,408 | ---- | C] () -- C:\Users\Arne\AppData\Local\WebpageIcons.db
[2011.06.24 16:18:42 | 000,017,408 | ---- | C] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.21 16:16:41 | 000,000,036 | ---- | C] () -- C:\Users\Arne\.org.eclipse.epp.usagedata.recording.userId
[2011.01.19 19:29:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.19 00:39:43 | 000,125,472 | ---- | C] () -- C:\Program Files\pidgin-uninst.exe
[2010.12.27 05:26:00 | 000,582,656 | ---- | C] () -- C:\Program Files\exchndl.dll
[2010.12.27 05:26:00 | 000,320,220 | ---- | C] () -- C:\Program Files\libjabber.dll
[2010.12.27 05:26:00 | 000,249,123 | ---- | C] () -- C:\Program Files\liboscar.dll
[2010.12.27 05:26:00 | 000,190,084 | ---- | C] () -- C:\Program Files\libymsg.dll
[2010.12.27 05:25:52 | 000,417,501 | ---- | C] () -- C:\Program Files\sqlite3.dll
[2010.12.27 05:25:50 | 002,719,062 | ---- | C] () -- C:\Program Files\libsilc-1-1-2.dll
[2010.12.27 05:25:50 | 001,206,642 | ---- | C] () -- C:\Program Files\libsilcclient-1-1-2.dll
[2010.12.27 05:25:50 | 000,173,805 | ---- | C] () -- C:\Program Files\libmeanwhile-1.dll
[2010.12.27 05:25:48 | 001,213,633 | ---- | C] () -- C:\Program Files\libxml2-2.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.07.29 23:52:33 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.anki
[2013.06.20 02:22:08 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.purple
[2011.12.19 23:25:21 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\1&1 Mail & Media GmbH
[2011.03.28 15:18:18 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3
[2011.01.19 12:15:57 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Ashampoo
[2013.02.03 19:16:59 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Bioshock
[2013.07.14 02:56:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\BitLord
[2012.09.27 17:09:14 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Braid
[2012.06.12 21:54:52 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\calibre
[2013.01.25 21:34:16 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Doublefine
[2013.07.31 13:33:01 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Dropbox
[2012.10.13 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoft
[2011.06.11 00:46:08 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Fantasy Grounds II
[2011.06.05 12:01:54 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ghc
[2013.07.29 21:27:16 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\gtk-2.0
[2011.04.05 13:58:32 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Guitar Pro 6
[2011.01.19 12:15:57 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Leadertech
[2013.01.13 19:37:38 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\LEGO Company
[2011.02.10 18:24:05 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Local
[2011.03.03 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Miranda
[2011.12.25 19:52:54 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Mp3tag
[2013.04.08 22:24:17 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\My Games
[2011.01.21 13:59:50 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\OpenOffice.org
[2013.07.14 02:53:24 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Python-Eggs
[2011.06.19 22:55:04 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Scribus
[2011.10.31 19:50:51 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Soluto
[2013.01.02 20:38:47 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\SumatraPDF
[2012.05.07 01:19:42 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Surfer
[2011.01.20 23:26:21 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Thunderbird
[2012.10.10 16:10:59 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\TS3Client
[2013.05.11 15:15:16 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Webcammax
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 31.07.2013 13:43:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Arne\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,27% Memory free
8,00 Gb Paging File | 5,81 Gb Available in Paging File | 72,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 1,95 Gb Free Space | 3,33% Space Free | Partition Type: NTFS
Drive D: | 407,17 Gb Total Space | 170,22 Gb Free Space | 41,81% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 135,91 Gb Free Space | 14,59% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1281,30 Gb Free Space | 68,78% Space Free | Partition Type: NTFS
Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15496566-58C9-440D-93E8-0D5F31CF1575}" = lport=2869 | protocol=6 | dir=in | app=system |
"{18ADB689-43EA-4A16-9BA2-5767B4CF5BA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28ED6480-DBB7-49B1-8BB3-E921C39A5D53}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{296060D0-76D8-48CF-AE11-E29562DDAF76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{359D461B-03C1-485E-9DDF-5FCA93FE6596}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3797DACA-E8FE-40E2-BCE2-8666B72C0549}" = lport=10243 | protocol=6 | dir=in | app=system |
"{43F6FFB5-5D38-4B2C-9AA0-0C05E7C3B43A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{446EE721-A0DB-4B5C-9CDA-885A324218FB}" = rport=139 | protocol=6 | dir=out | app=system |
"{495460C1-D055-40A7-82DF-BB4177302DA3}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C29D3B3-3E16-498B-AFF1-0EF2986DF687}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5876EDA6-0095-435C-AF8D-DAD72330C48C}" = lport=139 | protocol=6 | dir=in | app=system |
"{5B2B7F78-0B1B-42AF-A40B-7F7864745EE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FD75996-86BA-49EE-B37E-7673C3703EE2}" = rport=137 | protocol=17 | dir=out | app=system |
"{646ADCDF-9610-4FD5-B1CE-62992BD5F486}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BC15183-D31A-415A-B4AD-029F948121B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C49314-0A7A-432E-A665-A928370BF004}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87E41EB3-EF2C-4697-A04E-288595C9EEFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E85976B-2319-48BC-ABD6-7EEB1F98B8DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8F69A892-7731-45D8-A5A8-1A83DBDB3DF8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{949F9095-07B1-4BB2-BA7A-5D076739026A}" = lport=138 | protocol=17 | dir=in | app=system |
"{C252B841-7F15-4077-A272-FA769B6E74B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{E826491A-86C3-4635-8122-CE0245DC26E6}" = rport=445 | protocol=6 | dir=out | app=system |
"{F425FCEE-E3EF-4AA9-96DE-65927B7C3151}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0469B746-E131-4526-B786-E8F56E3DC863}" = protocol=6 | dir=in | app=c:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe |
"{04D9A296-C842-443B-A87E-AA1E2BDB2C9A}" = protocol=6 | dir=in | app=d:\spiele\rayman\gu.exe |
"{05164A37-E615-49A9-B5C6-E030FFB17B78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05CF56BB-8E12-471E-A0E0-838EACE4664E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{06533347-3B23-42B2-9330-2E0C7A76DE02}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\driver san francisco\driver.exe |
"{070466B9-B357-4465-9A6A-EC58A1D65B43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B51781A-6960-40CB-833F-BC08F454D949}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0D1C8BB0-96D1-41F7-9102-50ADC9579667}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\braid\braid.exe |
"{0ECB7ACE-E3C8-4402-87D2-648CB6B55693}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\braid\braid.exe |
"{134CEEE6-A0AC-4B16-A79A-157F7C0B1177}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{13839099-CFD1-4A30-A60F-7A232501B49A}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{17E8E48B-97D6-4705-9EC5-2049CED94538}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{18BD47F8-4289-497E-872D-0175C8B21786}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{1CED4A39-A72C-4019-9299-94F7FAC2CE9E}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{238196C4-4F04-4F4E-8570-CA2416B7F3C9}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\team fortress 2\hl2.exe |
"{26368669-29BF-482E-8F42-4B3AC1E85ECF}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{28726C29-51EE-4487-BD1B-9B705C3B7B8B}" = protocol=17 | dir=in | app=c:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe |
"{29E8C1D3-5C59-4529-82DE-4337D0822189}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dota 2 beta\dota.exe |
"{2C5A84DA-F5A0-444B-A242-92116FD2A616}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{2E85E1FC-CE3F-4BF2-B75A-C11110AA9373}" = protocol=17 | dir=in | app=d:\spiele\mass effect\binaries\masseffect.exe |
"{3226BF3F-1BB9-4217-BC17-4B5651FDFE55}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{37311332-97A1-490C-98E6-CB71C273138D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{3954195B-76E7-4712-992C-EFAA9893C688}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\monaco\monaco.exe |
"{3D22324F-6E6E-4AB4-9BC6-35FEB4C91882}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{405CC9EE-8F5B-4EFB-8FBC-5CD8284E91FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4081F1ED-9136-4A38-AF7D-39A23F1C89E2}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{45C67A96-EB61-4ADE-BB28-CE63701EED64}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{480FBA5A-1969-4686-844A-FF6C643099DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{48E94B00-C8BB-496B-990D-5F5037268C4E}" = protocol=6 | dir=in | app=d:\spiele\rayman\rayman origins.exe |
"{4BC5D1F1-7205-40FB-8D1C-06B321CE0D54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C8EC4E0-412F-41B7-9AEF-8F3064EA59AD}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\magicka\magicka.exe |
"{4DCDC6A2-C705-4ED4-97EA-28AF2BC3D585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F6BFA5D-D694-4903-8926-D3BAAB662D80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{4F8C218C-26A4-443E-AC91-4B0BF4B94C10}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\bastion\bastion.exe |
"{527F509D-C14E-4EA2-A654-2F3CAD69258C}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{54B27F16-9906-4487-892F-A6BA4F8770EA}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\team fortress 2\hl2.exe |
"{5777E53B-0A1F-49B8-84BF-37056C9DB123}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{58E83703-8F21-4A65-98FA-C2C52B922002}" = protocol=6 | dir=in | app=d:\spiele\mass effect\binaries\masseffect.exe |
"{5D413124-F979-4049-BD47-B24CFA3A4F1D}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{5E46CC35-DC12-42E5-A067-4FE7B1510C1E}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\bastion\bastion.exe |
"{604A33F9-4B98-42B7-BE82-B3E06FD9CF62}" = protocol=6 | dir=in | app=d:\spiele\mass effect\binaries\masseffect.exe |
"{68F843AA-E523-48A1-9986-2AB65EBBAD44}" = protocol=6 | dir=in | app=d:\spiele\civilization4.exe |
"{6B3E7FA4-4004-40CC-8CAE-BA9FAC488F74}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{6BBECCCB-F68B-4F99-9392-D099BF911ADD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6CD71222-D6DD-48FC-95F4-AB1C3D6FC8D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7058AAA5-AE1A-433A-932A-643C503D0084}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{70AF56AA-0409-4EBC-9261-D039F8C4CB2C}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\rayman origins demo\rayman origins.exe |
"{74D65424-BEA9-42E1-A33B-88F49988B52B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75756479-DFEA-4B4A-B542-8A6F196FC479}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{7833AB96-8562-4E0F-B60B-6CCBE943E04D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{7E9D0CFE-BD39-43B8-B5F6-54F3EA3B1116}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{83CEFD4F-E2C4-45BB-B8B2-C28991B0EC0D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{8A1AC809-2E22-4E95-84DD-2D5BDD83FAC2}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{8F5B899B-8EFF-41EA-B1B9-C2222451CC75}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{8FAAC0C0-0C0D-4E01-8D7E-C62E06BF414B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{924D27D8-C3D3-4DF5-889B-E63F56896FC1}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\bastion\bastion.exe |
"{949D8090-1CAC-42E1-A36B-999F09760B8C}" = protocol=17 | dir=in | app=c:\users\arne\desktop\solutoinstaller121190.exe |
"{94EF5358-1931-4232-8C20-D56339C8F1A4}" = protocol=6 | dir=in | app=c:\users\arne\desktop\solutoinstaller121190.exe |
"{94F6D458-FF42-47CD-9788-9DAA70E0724F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{9653F524-AA07-4F6D-BFF7-0C3892D9CA44}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\magicka\magicka.exe |
"{9813DF63-770F-4104-BCF7-360339B8171F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9821E16D-D02A-45FF-BA51-50E81787F16F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\thecave\cave.exe |
"{983B7E72-C6F2-41FB-8BBE-B815940C342B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B42875D-7C01-4E28-98EA-39264216AD35}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dota 2 beta\dota.exe |
"{9C250B24-5268-416A-A420-FDDFF2412CCD}" = protocol=6 | dir=in | app=c:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe |
"{9FEE514D-3DA5-454D-B4F3-D96AE9DA90E5}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{A0309C28-D0E3-4B63-AB55-6E0C66B47AAF}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{A086DDAB-0D00-4A21-888B-467E14D6CACE}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{A1BC3318-3D9F-4BD5-AAD0-9DBF94DD30B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A2D20551-785A-4AB1-9488-12A3951D3567}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A36A097B-C25C-4B0F-967B-4292907A6D2B}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{AEF83646-BCD0-4DE8-8F73-A6CA6BF2D0CC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B68462A8-4A31-4432-A8D9-6706D2FEAEAA}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{B6CAFFCB-F719-4225-92E5-50DB057032E9}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{B6E7DC5E-3C12-4193-A762-8D07DF9EF797}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{B7C4E46F-CEBD-4FCF-B1E3-CCA43F4C6886}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{BC0FBDA1-2D23-4237-9E6C-7F3B7C23E71F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{BEAE75AF-F815-4303-9C50-0879A3022D53}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{BF34BFB0-CE68-4DCC-9943-E3E771956556}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{C0152731-E6F0-487C-A19D-7FB552CCE4CB}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{C0D278E4-9138-412D-A1D8-EE326FF2E582}" = protocol=17 | dir=in | app=c:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe |
"{C205A6A3-C01A-4688-83A8-A3FE455A2269}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5A46DEC-1AEA-4A47-8821-1F6F971B1375}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\bastion\bastion.exe |
"{C923F172-9696-4614-B609-72C8A23B49C8}" = protocol=17 | dir=in | app=d:\spiele\rayman\rayman origins.exe |
"{CB05906A-9B0E-46E0-ADA8-A1D85B27F0BD}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{CBA13A97-0EE6-4F71-8553-DD633A91E342}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC79150E-DF5E-4448-9FB8-1D4A7CFD4A31}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\magicka\magicka.exe |
"{CE7035A4-4A04-431B-8B37-EB760D7CA664}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\thecave\cave.exe |
"{D4C436E7-04BA-4944-88DF-33280EEE0178}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{D7DAA9AF-1CC8-4182-8613-0C247008D528}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{D9320313-FFEB-475A-AF70-DA3FD65EF1DA}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{DD897223-4584-41D1-B906-66F71D6BFD63}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\monaco\monaco.exe |
"{E0D2408D-FF99-4CF1-B279-FB0A0F31701F}" = protocol=17 | dir=in | app=d:\spiele\civilization4.exe |
"{E3AEB09F-2F1F-4590-872F-CEE611245ADD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{E448DFCA-597B-4E82-9D10-361B0DEC20FF}" = protocol=17 | dir=in | app=d:\spiele\mass effect\masseffectlauncher.exe |
"{E5BAFAEA-18DF-4BE4-B120-1BEF2648FE1D}" = protocol=17 | dir=in | app=d:\spiele\mass effect\masseffectlauncher.exe |
"{E5D61158-52A6-4549-B4C3-DAD5ADB968D7}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\hackfleischkannibale\team fortress 2\hl2.exe |
"{E755C33B-4806-42DD-91E4-D79F27865ABC}" = protocol=17 | dir=in | app=d:\spiele\rayman\gu.exe |
"{E7C90274-B41B-42E5-9297-258D960DB984}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E85D0385-9DB0-4BDC-9E96-EBD7FEB96A73}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{EB79FAB0-F298-48D5-B423-475A8AA4EF47}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EC4F63AA-6F2E-4175-A43C-C6EC69C3F4A3}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{EE1F4C13-3CF7-4AB2-9CA8-F8372A278AB8}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\rayman origins demo\rayman origins.exe |
"{EE8FA2A4-6BB5-4872-AEA3-808C23961156}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EEB58FF5-AF9D-4099-8BA1-DD37B59D78CB}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{F0582EE3-D648-4489-92CE-6394BAFC4345}" = protocol=6 | dir=out | app=system |
"{F226AE60-5535-4F77-9EB7-F932393AE549}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\driver san francisco\driver.exe |
"{F4458F0B-50F1-470D-A6FA-7104F9F64F90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F49ADD62-F8C8-48BC-BE30-867A3AE2D3BB}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\hackfleischkannibale\team fortress 2\hl2.exe |
"{F52BD8E2-6ECD-4A86-9730-38C71EA7E233}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{F62E6F7D-8EEC-49E5-A91F-4F3928DC7C68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6D2BFE3-2482-4010-9B24-58FAA767C922}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\portal 2\portal2.exe |
"{F7965EA8-3EA0-469F-B133-E401E9275F30}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F88B1297-D91A-42D5-817C-B628C376B579}" = protocol=17 | dir=in | app=d:\spiele\mass effect\binaries\masseffect.exe |
"{FDD299DA-0A32-4F3F-9EA7-3997733BFEAE}" = protocol=6 | dir=in | app=d:\spiele\mass effect\masseffectlauncher.exe |
"{FEE31730-F9E0-4D56-ABB0-DB743A95EB65}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\magicka\magicka.exe |
"{FF11CB5F-1FE6-4CDD-85AB-1671570882FE}" = protocol=6 | dir=in | app=d:\spiele\mass effect\masseffectlauncher.exe |
"TCP Query User{2A3B9A28-39E3-46ED-AF40-181238E9651B}D:\spiele\steam\steam.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe |
"TCP Query User{543E11BD-C70C-4C7D-A86A-114C6A969F14}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{71A17A51-89E9-4583-BB91-0F2E2EF606F6}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{A7CF2A98-56D0-4CBA-92B2-409248CF0F48}C:\program files\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin.exe |
"TCP Query User{AE2DACF1-39BB-426B-9153-C59F53910EB5}D:\spiele\steam\steamapps\hackfleischkannibale\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\hackfleischkannibale\team fortress 2\hl2.exe |
"TCP Query User{D341A4E2-585D-4AA9-9D0A-B778172369A2}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{00ADF3EB-6A63-4C5A-B9AF-2388D1F2869D}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{4774801A-7D31-4A6F-B0A2-B8350CAD0A51}C:\program files\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin.exe |
"UDP Query User{6927813D-8199-46DF-83F5-8311C3FBC452}D:\spiele\steam\steamapps\hackfleischkannibale\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\hackfleischkannibale\team fortress 2\hl2.exe |
"UDP Query User{A0875171-7826-444E-8960-2DE1407FC066}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{ACDC5BFF-636A-4511-909E-1CE1C6E800A4}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{C23A6E37-0EBB-40D3-8817-B7AB355C8637}D:\spiele\steam\steam.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2AE7F8F4-BFD5-4811-9B4D-15CDC6B7F424}" = PDF-XChange Viewer
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DCF00FE8-348E-43CF-96CB-6C8EBB0037C2}" = Soluto
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 Demo
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A10E0E1A-BE44-46F0-8188-C6B2C49D6456}" = calibre
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDAFF03F-3E7D-427B-A658-3807C4C58B0C}" = Goldfinger 8
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anki" = Anki
"Brain Workshop_is1" = Brain Workshop 4.8.1
"DivX Setup.divx.com" = DivX-Setup
"Fantasy Grounds II" = Fantasy Grounds II
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.0.602
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"GPL Ghostscript 9.02" = GPL Ghostscript
"HaskellPlatform-2011.2.0.1" = Haskell Platform 2011.2.0.1
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.17
"Mnemosyne_is1" = Mnemosyne 1.2.2
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"New LEGO Digital Designer" = LEGO Digital Designer
"Pidgin" = Pidgin
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"Scribus 1.3.9" = Scribus 1.3.9
"Steam App 107100" = Bastion
"Steam App 113020" = Monaco
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 207510" = Rayman Origins Demo
"Steam App 220" = Half-Life 2
"Steam App 221810" = The Cave
"Steam App 22230" = Rock of Ages
"Steam App 26800" = Braid
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33440" = Driver San Francisco
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8870" = BioShock Infinite
"SumatraPDF" = SumatraPDF
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 2.0.7
"WinGimp-2.0_is1" = GIMP 2.6.11
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CGoban 3" = CGoban 3
"Dropbox" = Dropbox
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.07.2013 14:16:39 | Computer Name = Arne-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 11.07.2013 08:12:20 | Computer Name = Arne-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 11.07.2013 08:12:22 | Computer Name = Arne-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 11.07.2013 08:13:11 | Computer Name = Arne-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 11.07.2013 08:13:26 | Computer Name = Arne-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 11.07.2013 08:14:23 | Computer Name = Arne-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 11.07.2013 09:15:59 | Computer Name = Arne-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 12.07.2013 20:44:57 | Computer Name = Arne-PC | Source = Application Hang | ID = 1002
Description = Programm GuitarPro.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1460 Startzeit:
01ce7f42ede39f8a Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
Berichts-ID:
6f2dec20-eb55-11e2-a1a2-20cf30a4d372
Error - 14.07.2013 00:38:38 | Computer Name = Arne-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuitarPro.exe, Version: 0.0.0.0,
Zeitstempel: 0x4bf4f704 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4940,
Zeitstempel: 0x4ca2b271 Ausnahmecode: 0xc000000d Fehleroffset: 0x00008aa0 ID des fehlerhaften
Prozesses: 0xf38 Startzeit der fehlerhaften Anwendung: 0x01ce8049a98783b2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe Pfad des
fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
Berichtskennung:
3fca8510-ec3f-11e2-9ceb-20cf30a4d372
Error - 26.07.2013 14:08:24 | Computer Name = Arne-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =
[ System Events ]
Error - 30.07.2013 17:31:55 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.07.2013 17:33:04 | Computer Name = Arne-PC | Source = bowser | ID = 8003
Description =
Error - 30.07.2013 17:38:49 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error - 30.07.2013 17:38:51 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.07.2013 17:45:02 | Computer Name = Arne-PC | Source = bowser | ID = 8003
Description =
Error - 30.07.2013 18:21:02 | Computer Name = Arne-PC | Source = bowser | ID = 8003
Description =
Error - 30.07.2013 18:57:05 | Computer Name = Arne-PC | Source = bowser | ID = 8003
Description =
Error - 30.07.2013 20:36:39 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 31.07.2013 07:31:36 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 31.07.2013 07:47:09 | Computer Name = Arne-PC | Source = bowser | ID = 8003
Description =
< End of report >
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-31 14:26:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC46 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Arne\AppData\Local\Temp\kxldrpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80003609000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff8000360902f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777b0018 5 bytes JMP 000000016ac91765
.text C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe[3284] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076431465 2 bytes [43, 76]
.text C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe[3284] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000764314bb 2 bytes [43, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
Und hier die HijackThis-Datei, falls das hilft: Code:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:23:54, on 14.07.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
FIREFOX: 22.0 (de)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\program\soffice.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\program\soffice.bin
C:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Arne\appdata\roaming\dropbox\bin\dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Arne\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500418AS_9VMSQ30HXXXX9VMSQ30H&ts=1373763041
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500418AS_9VMSQ30HXXXX9VMSQ30H&ts=1373763041
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500418AS_9VMSQ30HXXXX9VMSQ30H&ts=1373763041
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST3500418AS_9VMSQ30HXXXX9VMSQ30H&ts=1373763041
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\ProgramData\eSafe\eGdpSvc.exe
--
End of file - 10799 bytes
|
Bitte lesen:
AdwCleaner auf deinen Desktop.