Addition.txt Code:
Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015
Ran by Ryker at 2015-06-28 13:53:00
Running from C:\Users\Ryker\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-960941955-715801640-531254083-500 - Administrator - Disabled)
Dani (S-1-5-21-960941955-715801640-531254083-1001 - Administrator - Enabled) => C:\Users\Dani
Gast (S-1-5-21-960941955-715801640-531254083-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-960941955-715801640-531254083-1007 - Limited - Enabled)
Ryker (S-1-5-21-960941955-715801640-531254083-1000 - Administrator - Enabled) => C:\Users\Ryker
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998798030.48.56.6032618 - Audible, Inc.)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.11.378 - Avira Operations GmbH & Co. KG)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version: - )
Box Sync (64 bit) (HKLM\...\{B6E694C7-23C3-4A84-B2F6-BDBFAF5C85A4}) (Version: 3.4.20.0 - Box, Inc)
BrainBread v1.2 (HKLM-x32\...\BrainBread_is1) (Version: 1.2 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Command & Conquer Die ersten 10 Jahre (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version: - 800 North and Digital Ranch)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Dystopia (HKLM-x32\...\Steam App 17580) (Version: - Team Dystopia)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Eternal Silence (HKLM-x32\...\Steam App 17550) (Version: - ES Team)
F300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free Realms Installer (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Free Realms Installer) (Version: 1.0.3.118 - Sony Online Entertainment)
GameXN GO (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\Game Organizer) (Version: - EasyBits Media)
GetRight (HKLM-x32\...\GetRight_is1) (Version: - Headlight Software, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox)
HomePlug-Konfigurationsassistent (HKLM-x32\...\dlanconftiny) (Version: 4.0.0.0 - HomePlug)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ 7.6 Build #5620 Banner Remover 1.0 (HKLM-x32\...\{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1) (Version: - murb.com)
ICQ7.6 (HKLM-x32\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Insurgency (HKLM-x32\...\Steam App 17700) (Version: - Team Insurgency)
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Iron Grip: Marauders (HKLM-x32\...\Steam App 31740) (Version: - )
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.06.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.31.3 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG MC USB Modem driver (HKLM-x32\...\{6059C682-4C5F-4106-8487-943E98225D3B}) (Version: 1.0.0.0000 - LG Electronics)
LG PC Suite II (HKLM-x32\...\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}) (Version: 2.00.0000 - LG PC Suite)
LG PC Suite II (x32 Version: 2.00.0000 - LG PC Suite) Hidden
LG USB Modem Driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.5.1 - LG Electronics)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
maxdome Download Manager 4.1.300.78 (HKLM-x32\...\{E948B551-08DB-4163-8995-8C43B03D1B19}) (Version: 4.1.30078 - Prosieben)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - THQ)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig)
MyFreeCodec (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\MyFreeCodec) (Version: - )
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NoAds (HKLM-x32\...\NoAds) (Version: - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
Overwatch Mod 1.3.5 (HKLM-x32\...\Overwatch Mod) (Version: 1.3.5 - redMatter)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.1 - )
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 3.2.1667 (1667) - Koninklijke Philips Electronics N.V.)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.)
Ricochet (HKLM-x32\...\Steam App 60) (Version: - Valve)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shutdown Timer (HKLM\...\{DC6B4110-394D-45B9-A677-BA495D84CA63}) (Version: 3.1 - Sinvise Systems)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.11.201309191111 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.10 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.08.82 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.34.161 - Akademische Arbeitsgemeinschaft)
Supreme Commander - Forged Alliance (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\{31D95937-B237-405D-920C-A3EF4E482395}) (Version: 1.00.0000 - Gas Powered Games)
Supreme Commander (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}) (Version: 1.00.0000 - Gas Powered Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.209.1204.OE006.01 - Micro-Star International Co., Ltd.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version: - Nadeo)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
Unity Web Player (HKU\S-1-5-21-960941955-715801640-531254083-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Windows Driver Package - Acer, Inc (androidusb) USB (03/06/2012 1.0.0010.00000) (HKLM\...\C19278C6DB5D44F2EAC8AFBCCA7FD6CFDBF4884C) (Version: 03/06/2012 1.0.0010.00000 - Acer, Inc)
Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0) (HKLM\...\B24074592222CFC1B8ABF520F9089E49FB1763D7) (Version: 05/27/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Linux Developer Community Net (03/06/2012 5.1.2600.2781) (HKLM\...\EBFE4DBC36C8B8E2F5F080132B0C197C1915C0DB) (Version: 03/06/2012 5.1.2600.2781 - Linux Developer Community)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version: - )
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version: - Zombie Panic! Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-960941955-715801640-531254083-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryker\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
==================== Restore Points =========================
17-06-2015 09:58:53 Geplanter Prüfpunkt
26-06-2015 12:58:22 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2011-05-19 19:53 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11A3533C-544F-4765-A600-9022F3BBF77C} - System32\Tasks\{5EAAAC72-8C38-4B47-93E5-60BDF175234F} => C:\Program Files (x86)\Tools&More\Joe\Joe.exe
Task: {158A77CD-8F10-41AE-B3BC-561A35EF45AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {2569591B-2E6B-4FC2-BC03-144588AC4709} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000Core => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {3E84D167-85E0-406D-89F1-49FD3E80F197} - System32\Tasks\{09D4BC09-C241-44FE-ADE2-818E990CD9F5} => pcalua.exe -a "C:\Users\Ryker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHJZPAM4\ICQ_7.4_Build__4629_Banner_Remover_1.0_Setup[1].exe" -d C:\Users\Ryker\Desktop
Task: {5D5E9070-4446-4C5A-9987-375A6D0409F8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000UA => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {6788AE94-53C5-459D-BDCC-ABA7E8EBE56A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {688CBF8C-C1A5-41D6-B9DD-B6C4C46D6B8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {8BDC7A15-3ADF-4555-B6DA-1233065EE312} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {99A5983E-18A6-468F-82DE-894969B8E7A1} - System32\Tasks\{765E7C2C-E5EF-4C20-9D54-A686FDF59639} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.169.405/de/abandoninstall?source=lightinstaller&page=tsGoogle&installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {A9557707-901C-4FA3-A8A2-5977CFE1F528} - System32\Tasks\{502C5963-98BE-487A-BF29-7F8E57E9BEAB} => pcalua.exe -a "E:\DRIVER\[11] Bluetooth\BTW_ver.6.2.1.800\Setup.exe" -d "E:\DRIVER\[11] Bluetooth\BTW_ver.6.2.1.800"
Task: {DD8A5148-5934-4B06-990C-A7633BDBC693} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {DF07D031-8199-4198-A154-CBC9AB3355AE} - System32\Tasks\{3207A0DF-B74F-492A-8EB7-4DC8FE162B9C} => pcalua.exe -a "C:\Users\Ryker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHDETGGJ\jre-6u22-windows-i586-iftw-rv[1].exe" -d C:\Users\Ryker\Desktop
Task: {E6EE3E76-857D-4942-8E1B-01751DD5449D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {F3C22DAD-253B-4060-9868-1137D1653C2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000Core.job => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-960941955-715801640-531254083-1000UA.job => C:\Users\Ryker\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-04 19:17 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2011-01-11 21:18 - 2011-12-11 16:43 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-10-02 19:39 - 2009-10-02 19:39 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-09-12 18:52 - 2014-09-12 18:52 - 00537600 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\Python.Runtime\3b455cc6d4bf80f8d8f71d1cb57fa844\Python.Runtime.ni.dll
2013-01-03 18:12 - 2013-01-03 18:12 - 00471552 _____ () C:\Program Files\Box Sync\_hashlib.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00046080 _____ () C:\Program Files\Box Sync\_socket.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 01167360 _____ () C:\Program Files\Box Sync\_ssl.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00689664 _____ () C:\Program Files\Box Sync\unicodedata.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00166912 _____ () C:\Program Files\Box Sync\_elementtree.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00164352 _____ () C:\Program Files\Box Sync\pyexpat.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00111616 _____ () C:\Program Files\Box Sync\_ctypes.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00127488 _____ () C:\Program Files\Box Sync\win32api.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00136704 _____ () C:\Program Files\Box Sync\pywintypes27.dll
2013-01-03 18:12 - 2013-01-03 18:12 - 00058368 _____ () C:\Program Files\Box Sync\_sqlite3.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00535040 _____ () C:\Program Files\Box Sync\sqlite3.dll
2013-01-03 18:12 - 2013-01-03 18:12 - 00037888 _____ () C:\Program Files\Box Sync\_testcapi.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00135168 _____ () C:\Program Files\Box Sync\win32security.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00007168 _____ () C:\Program Files\Box Sync\_win32sysloader.pyd
2013-01-03 18:12 - 2013-01-03 18:12 - 00138752 _____ () C:\Program Files\Box Sync\win32file.pyd
2009-05-01 18:58 - 2009-05-01 18:58 - 01057512 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00627944 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00514352 _____ () C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll
2009-05-01 18:58 - 2009-05-01 18:58 - 00517352 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoXML.dll
2010-10-10 11:20 - 2010-10-10 11:20 - 00057344 _____ () C:\Program Files (x86)\NoAds\NoAds.dll
2015-06-28 13:45 - 2015-06-28 13:45 - 00043008 _____ () c:\users\ryker\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfadayx.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:76650B61
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-960941955-715801640-531254083-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryker\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GameXN (news) => "C:\ProgramData\GameXN\GameXNGO.exe" /n
MSCONFIG\startupreg: GameXN (update) => "C:\ProgramData\GameXN\GameXNGO.exe" /u
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: Philips Device Listener => "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3150E58D-395C-4190-B694-91A8AA7BF036}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2ED2DCF7-198A-4659-9AE9-3FF1391A70E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1CBC3238-B8B0-4C30-BB2B-09386471B100}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{04F3D656-B6E4-46CA-9C95-61780103AA40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{63165656-A291-45AC-B0DE-DC79678B564E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{BFB8994C-9D80-4D3F-95A4-722AED35F903}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{9A019391-30A0-4EE0-BFD1-8502FF1538AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{AD7D349A-7C8F-444C-A36D-DB7A0FB9DBE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{032BC0C5-4465-4B9C-A033-CAE5D2E6FD4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{CC01C849-DD4E-40F2-B60D-68B0FB87ED75}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{D7F2F4FD-B017-4156-B01B-9A4A4552876A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{51BE2A90-3750-41E2-8961-7C40BDD30C50}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F3343690-0D2C-4A74-BB6C-BFC233DB3D5A}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{078CD23D-5684-4B22-916F-9E04BDF431A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{53EDEC70-F245-4F5E-AFE4-945B4056CF28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{4F1D79F2-2139-4A4C-BC46-7F4B38599E8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{73CB268A-56BC-4B9D-B29D-03A10965EEF0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{EE87D9E1-2778-4CDC-B207-9885EA366102}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{BF55ACFF-C394-48B7-A176-7FA9CA2B60B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{96DC050B-AF9E-4E72-A5F1-31354BA6BDBB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{A2EF00BC-FDA1-451E-BED7-23A92B288666}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{262572D4-2A32-4E84-BD7A-F0A4FDC3B397}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{E9175620-A66A-4043-B2EF-BC0C7CD6A36C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C45A8E54-C043-4071-B723-3768B6582464}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{027A2A1A-D752-4D17-8A0D-6E3DA529289B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E7DA5D4E-2B8F-47D2-9592-C0A3B67CEB37}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1EA37EC8-AEE9-435A-A285-549E73384A7F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0115CC7B-E7C1-4EB6-8582-933E9D66D84E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B126104F-56E5-462A-B4BF-3BD1368FD260}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7B836851-C6B2-48B5-AC29-9ADA10D8CC88}] => (Allow) LPort=2869
FirewallRules: [{B3D4DF08-82F7-45CA-AA07-809B57374E27}] => (Allow) LPort=1900
FirewallRules: [{1557B7F3-9481-41D5-B2D9-57FE1337015D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A1FC333C-AF90-48B0-A38D-D624BD78CA8B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E28EFEE0-4119-4077-8FF3-7D2768E61643}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8261168C-04C9-4F39-9FBB-D00A6571AB1C}] => (Allow) C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{06EF0E67-C665-4B02-80FF-E67E396E92A4}] => (Allow) C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{9E8F1368-C5D0-4FF1-8126-8FEE4B9C17A6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B87CDDAF-B732-40E7-AE01-67E9C5F89595}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\half-life\hl.exe
FirewallRules: [{385CA366-37B9-457D-A4D7-C5817DC888D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\half-life\hl.exe
FirewallRules: [{0858E787-85D0-4391-A74A-E3D125F22655}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DCDCE746-636F-4C06-9DA3-B1BC42BE7B03}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBE50F9A-32BD-4DD2-BF4F-31A3AAD4066A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\zombie panic! source\hl2.exe
FirewallRules: [{B59EA489-55E5-41E2-BA52-2CCFEB430FC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\zombie panic! source\hl2.exe
FirewallRules: [{E0F42141-A4E9-4E30-9DF1-E88E99C38223}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\eternal-silence\hl2.exe
FirewallRules: [{B82D0B19-4F2A-484C-8BEC-A8A51B708D68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\eternal-silence\hl2.exe
FirewallRules: [{2CC670A1-FE7D-454A-986E-35AF83F77B99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\opposing force\hl.exe
FirewallRules: [{D596197E-C175-407E-81D4-63054D0C7D21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\opposing force\hl.exe
FirewallRules: [{4FF6FD5E-9A65-4D9B-9E42-AD9AD268C429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\eternal-silence\hl2.exe
FirewallRules: [{4457E2EE-D114-455B-882F-597EB36912A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\eternal-silence\hl2.exe
FirewallRules: [{96128C9E-D04C-4EB4-AC64-8E0107299747}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\dystopia\hl2.exe
FirewallRules: [{0C04A4DE-4985-48C9-A063-347C8135DDB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\dystopia\hl2.exe
FirewallRules: [{997FCD40-DB70-44BA-8A9B-2CF6B11966AD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3B6977C1-F386-43D8-AD5A-275122D606C8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F7BBEA4D-87BA-46F0-812D-1DD3B3313534}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0D01B419-310A-472F-911A-059B3351C288}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D24FF0CA-B6DB-47D8-BFE2-B51A439B3465}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{092B3084-266C-4CDA-AEA1-1C76F4397521}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8D89479A-7595-4AF7-9FB4-9BD6DD2E3DD9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8B431837-3FFC-41CD-9853-1947BA8FA106}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{99329926-A6DC-4206-898B-C70DBEE6FB8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1C20A7E6-3BB0-4CB4-9537-84D4F0BD1F07}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CDB807BB-34BF-4618-9C39-8F57BAB53E33}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE867560-FEE5-407E-A3BA-731FC48F44CC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91C80D6D-1A6E-43BB-BF98-40C3DF674F48}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{676655FF-48E1-4B89-B7E4-8CA4F5D2EB78}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{011787E7-E7A8-44EF-BB46-65EDDE911A47}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{702C2D34-B3F9-4456-8199-8805A613F1B7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6CEEB9BF-DF7B-4ECC-8B8A-2C230B914558}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6081A82F-58E0-4454-972F-E96DD7074F06}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{35591AB7-A104-4A6C-A1DF-4E356C6260F2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9907D2E8-F968-4DB7-BC95-4D1DFCCDA7E7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B491FDB7-1000-44CB-A65D-AA92064BE93B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CFA75D3F-B5B2-4767-A1FB-AD517ED05822}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{44E6026E-FBB0-4A55-BDEE-FB827C424BD6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{906F1627-0AB7-4F6D-AEB8-6AC574D8692F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0A5AF72-4AB6-4B27-8022-26BAD51263FF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBA29EB7-CBC5-4586-9CCE-90F4A34901F5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4418911B-775A-44AF-A79E-DFF75510CB70}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{575CAB96-267B-4E3F-99C9-5192C0D58101}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F302C38E-4A19-4BAF-80F9-ACF409C8D7DB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7C4830E4-4B92-4C89-BF53-C9E45015E5CA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D482551-6CD2-4DDC-8C32-CD72874202BB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{08F123E8-C0B8-4189-B444-9E31795FE376}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7B45F9E8-DD2A-4B20-98C4-D686CDDEBD7A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B0C13B5B-1C4F-4680-8E10-B7BD95DF6D49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6A114205-1DA2-4584-97DC-85D70BE69ECC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6990C142-7A64-48D1-8A32-8CDE6AC9ABBF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D40B941C-8131-4E29-90B4-E5470F2319E2}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{8236781C-7900-443D-9BAE-0588B1BC5C42}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{CD4E61C7-160C-40E2-BBCA-71E13BD83535}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{57E5375F-39F6-4C61-9026-B40D4F66CDF5}] => (Allow) C:\Program Files (x86)\ICQ7.6\ICQ.exe
FirewallRules: [{6FC63D06-90F2-445F-91F4-89CB90DA8893}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{86D03045-484A-4156-849D-051355389ED7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{253032AC-8787-45B4-AD43-AB5B0F21571F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0CD631C0-4712-44C3-9836-6E5716F4EB5F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{57B9A007-CFBD-4432-8C7E-0A49D73E284E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BC278292-B073-4EC5-AB06-743AC3C9B153}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{25981535-E2D3-4A7D-84D8-D88669B3F825}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6AD7EF68-EC93-4021-A9A9-65659FCA117D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForever.exe
FirewallRules: [{B3161CB8-5D60-49AA-9731-CDABDD2BD556}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForever.exe
FirewallRules: [{989915C0-26CC-4E1A-B524-6A21FAF82519}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe
FirewallRules: [{F5B731E5-17DC-4AB2-BA7E-B106AE93D77F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe
FirewallRules: [{4FC2EDE8-419C-4204-BE14-CDA8C2B60815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe
FirewallRules: [{E5A01125-0F8F-4308-AF83-C57453E14732}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\srcds.exe
FirewallRules: [{FFAA876F-C49F-43DA-9462-6BCC5B9D8202}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe
FirewallRules: [{5DFB95D9-3DF5-40FF-A98F-30FC7D2D4042}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe
FirewallRules: [{C73913D7-1546-4608-A954-3C9748B386DD}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
FirewallRules: [{1E65CC8C-03BB-432F-8A08-08EEA488C013}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
FirewallRules: [{D16BC3EA-378D-4E63-9F06-DC907394332D}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe
FirewallRules: [{92227C8E-D7CE-4AF9-B0BA-6E2EB43CDA08}] => (Allow) C:\Program Files (x86)\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe
FirewallRules: [{888DFC8B-5FC2-46F4-9DAD-5E71FD7F4362}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iron grip marauders\prism.exe
FirewallRules: [{CBA6AAFD-EB9C-4043-A3BE-EA324796D5CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iron grip marauders\prism.exe
FirewallRules: [{3DD94CB5-04F9-4966-86E2-DD5F18F30BF1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{009A5A96-D243-4481-9BD3-C61189F2422B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7958412D-ED67-4741-BF6A-0AADD96295C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DB2CAF31-7CFA-4580-A6E7-A0AB00D1E91F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A51A7DE6-5010-4D9C-B8B8-5E8F81467938}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{C3DB5050-EE51-4E9E-9E3F-7AF8342267ED}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{910CAFA8-900C-45AE-85DD-C52EB9A1B1DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\ricochet\hl.exe
FirewallRules: [{13C1D3E4-6A06-402A-BEDC-F0C783A1EC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\ricochet\hl.exe
FirewallRules: [{FE0CCA83-C513-4671-BBDB-91DE5F81AE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{5566D577-A81A-4ECD-8F92-9288375FB467}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{04D79086-9F04-47B0-838C-23F09E38CEDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{A49332FE-5C84-4629-98D9-4E0E2114AC45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{FD6B8F7E-23F2-494A-AA1A-6B1B7EB0E99A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\half-life\hl.exe
FirewallRules: [{E7A988CD-F11B-498B-A4C3-2D233877C0B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\half-life\hl.exe
FirewallRules: [{4671F96A-FC9A-449D-9894-74A8D766CA61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\counter-strike\hl.exe
FirewallRules: [{28B64742-ECB6-48A8-9D04-AB19F1E46DE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\counter-strike\hl.exe
FirewallRules: [{CB4EF122-FD91-4EF3-AF84-E7B1907F2CAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\counter-strike\hl.exe
FirewallRules: [{FB77EDD8-8B84-401B-BE78-CD8819BE9001}] => (Allow) C:\Program Files (x86)\Steam\steamapps\micr0flex@web.de\counter-strike\hl.exe
FirewallRules: [{CE51982A-B90E-4E8C-B541-EE10A7AB5C08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2EC6CED9-3504-4B9C-A5A8-730D412BBE04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1A72D36C-9B15-4738-A555-BB73135750BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForever.exe
FirewallRules: [{9815933A-0425-4AFC-937B-393BB1B64550}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForever.exe
FirewallRules: [{62DEABDE-D876-4C9F-93E3-81FF03902934}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe
FirewallRules: [{41E356BF-67DA-46E8-97AD-2990397FEE44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe
FirewallRules: [{394D3182-A0B7-4E68-A165-EE4BE5A7316F}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield 1942\BF1942.exe
FirewallRules: [{B4ADAA3D-019A-46A4-A7E9-27CAE408FB69}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield 1942\BF1942.exe
FirewallRules: [{3BD553FC-FF2D-441C-8EE5-B44C95835C3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\zombie panic! source\hl2.exe
FirewallRules: [{1EA0FFCC-0486-4E3E-A456-E470A7E2C19F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\zombie panic! source\hl2.exe
FirewallRules: [{20A1B2C0-8C1C-46E5-ADAE-2FAF7B786244}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{3A81907E-D117-46F3-BCDC-AC14B2D2D158}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{E55235EC-A9DF-49DA-BD90-B4BBAF543374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\opposing force\hl.exe
FirewallRules: [{0A8E59EC-DF8F-41D2-9C11-2ED9552DAD4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ryka\opposing force\hl.exe
FirewallRules: [{D7A53E00-212C-490B-94B5-FD087C6C2AFB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3C6DFD28-8BA4-4D9B-9615-6E6E0B0C2089}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4615C8B8-C314-42F5-90AC-4F0EC15F9A52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{5AF07BE5-43CB-4B64-8D8F-2635699154BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{6293F692-4213-499E-98F2-314D5BB333C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{ED49FD72-C9AD-4120-B896-C3D11E626710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DAF0C873-0442-40C3-B315-5C98BFCD325B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{D70604B5-411F-482F-A9BE-A89BC9577DF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{9E52189B-C0AA-4C7C-9A63-65E75659D755}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{592DFCF8-2246-4828-AC6B-0085DC73A8D1}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{4CEE6DD9-3AEC-455B-B3A4-BDCE4306EDBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FB6F3DD6-76FA-49BB-82F2-A72CA921AB67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C69C6201-B31A-4782-AB21-6E46C302E9D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{67EA05BF-BE03-4738-9D59-224A64684AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{17381765-A10D-48F7-9CA6-A6B7A56BB5A5}] => (Allow) C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4B869516-021C-4C15-8C52-0A205093C9E0}] => (Allow) C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9BA9729B-50F9-4298-B4C8-06B8B8F6A65A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F9A6A7F-E0B4-4ADB-A67D-DCCBD6E3C5DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB3737C4-5D00-48F5-9E10-04261E9A66B4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E6655014-B76F-4075-9988-D8BB58EDF3C3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B0996401-9267-4E86-8788-0B2D6CF74F70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{BC4328B0-AC16-44A4-B888-8B74BF12D25C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{528A56F6-76AD-42FA-BA9E-4FAE48350A27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{1C47D830-02BC-482C-A82F-6A6D10D9EFCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{90B32C47-161B-430D-B7A2-FC003048C740}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{91C116EA-AF90-46D1-8698-F6AE09CA30A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{D9CE1969-856F-4C3B-BD77-7E7870789E92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{182F3F38-B177-4269-ABD1-A9222326FF24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1572F4ED-B99B-4B64-A127-66142792519C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{45EA6CCB-8930-4E7A-BD5C-25EACEBEA941}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{893594D2-90D1-4E9F-A745-B769E3F70831}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AA8D3D86-1DC1-45DB-81E8-E9900A6F1B9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{937B221F-9106-4155-B3CC-869636747D40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2015 01:45:10 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 454) (User: )
Description: avguard (1880) GaviDB_1: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -501 auf.
Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_1: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_1: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_1: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 454) (User: )
Description: avguard (1880) GaviDB_0: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -501 auf.
Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_0: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_0: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard (1880) GaviDB_0: Während des Soft Recovery-Vorgangs wurde eine Beschädigung von Protokolldatei C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.log festgestellt. Der Datensatz mit der fehlerhaften Prüfsumme befindet sich an Position END. Daten, die nicht mit dem Füllmuster der Protokolldatei übereinstimmen, traten zuerst in Sektor 364 (0x0000016C) auf. Diese Protokolldatei wurde beschädigt und ist unbrauchbar.
Error: (06/28/2015 01:19:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
System errors:
=============
Error: (06/28/2015 01:46:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Network Devices Support" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/28/2015 01:46:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Network Devices Support erreicht.
Error: (06/28/2015 01:46:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053HPSLPSVC{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (06/28/2015 01:44:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/28/2015 01:44:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.
Error: (06/28/2015 01:43:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/27/2015 08:50:48 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/27/2015 08:50:45 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/27/2015 06:20:36 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/27/2015 06:20:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office:
=========================
Error: (06/28/2015 01:45:10 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 454) (User: )
Description: avguard1880GaviDB_1: -501
Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_1: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)
Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_1: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)
Error: (06/28/2015 01:44:10 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_1: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)
Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 454) (User: )
Description: avguard1880GaviDB_0: -501
Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)
Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)
Error: (06/28/2015 01:44:08 PM) (Source: ESENT) (EventID: 465) (User: )
Description: avguard1880GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\Logs\edb.logEND364 (0x0000016C)
Error: (06/28/2015 01:19:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestc:\program files\CCleaner\CCleaner.exe
CodeIntegrity Errors:
===================================
Date: 2013-03-16 13:28:18.316
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-16 13:28:18.260
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-16 13:28:16.026
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-16 13:28:15.965
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-16 13:28:13.818
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-16 13:28:13.760
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-16 13:28:11.223
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-16 13:28:11.154
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-16 13:28:08.828
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-16 13:28:08.752
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 41%
Total physical RAM: 4078.06 MB
Available physical RAM: 2373.19 MB
Total Pagefile: 8154.32 MB
Available Pagefile: 5936.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:424.66 GB) (Free:155.66 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:33.47 GB) NTFS
Drive f: (Mobil) (Fixed) (Total:465.76 GB) (Free:72.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- ---
Gmer Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-28 14:35:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Ryker\AppData\Local\Temp\kwdiqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2580] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000730617fa 2 bytes CALL 767111a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2580] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073061860 2 bytes CALL 767111a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2580] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073061942 2 bytes JMP 77247089 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2580] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007306194d 2 bytes JMP 7724cba6 C:\Windows\syswow64\WS2_32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\maxdome\DCBin\DCService.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe[3304] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077661401 2 bytes JMP 7673b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077661419 2 bytes JMP 7673b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077661431 2 bytes JMP 767b8f29 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007766144a 2 bytes CALL 7671489d C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776614dd 2 bytes JMP 767b8822 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776614f5 2 bytes JMP 767b89f8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007766150d 2 bytes JMP 767b8718 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077661525 2 bytes JMP 767b8ae2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007766153d 2 bytes JMP 7672fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077661555 2 bytes JMP 767368ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007766156d 2 bytes JMP 767b8fe3 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077661585 2 bytes JMP 767b8b42 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007766159d 2 bytes JMP 767b86dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776615b5 2 bytes JMP 7672fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776615cd 2 bytes JMP 7673b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776616b2 2 bytes JMP 767b8ea4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776616bd 2 bytes JMP 767b8671 C:\Windows\syswow64\KERNEL32.dll
---- Processes - GMER 2.1 ----
Library c:\users\ryker\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfadayx.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-06-28 11:45:26) 0000000003bb0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000006bae0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005eb0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000006b6a0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006b3b0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30) 000000006b2f0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006af40000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069f40000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069d20000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069ac0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069a90000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30) 0000000069a80000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000069a50000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069a10000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000699c0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30) 00000000695d0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30) 00000000693c0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30) 0000000069410000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30) 0000000068df0000
Library C:\Users\Ryker\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Ryker\AppData\Roaming\Dropbox\bin\Dropbox.exe [3304](2015-03-04 21:45:30) 0000000068d80000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ed215a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ed215a@002566683693 0x5C 0xEA 0x2C 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ed215a@00023c260efc 0x29 0x0F 0x18 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ed215a@8425dbe239f8 0xA7 0x65 0x0B 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0xFD 0x52 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC9 0xE1 0x58 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1D 0x54 0x23 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ed215a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ed215a@002566683693 0x5C 0xEA 0x2C 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ed215a@00023c260efc 0x29 0x0F 0x18 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ed215a@8425dbe239f8 0xA7 0x65 0x0B 0xB6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD8 0xFD 0x52 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC9 0xE1 0x58 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1D 0x54 0x23 0xC3 ...
---- EOF - GMER 2.1 ----
|
Hinweis:
AdwCleaner auf deinen Desktop.
