TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. Hallo Leute,
Ich habe vor einigen Tagen meinen Laptop formatiert und Windows 7 neu aufgesetzt, da er von zwei Trojanern befallen war und ich sowieso ziemlich viel Mist drauf hatte. Bei der Formatierung wusste ich nicht genau welche Partitionen formatiert werden sollten, also formatierte ich nur (C:).
Nach dem Formatieren und der Installation von Treibern (hatte ich schon vorher heruntergeladen), Flashplayer und Co. wollte ich zu allererst die E-Mails checken, jedoch wurde ich nach dem Einloggen auf Freemail.de zu einer Seite weitergeleitet, auf der stand, dass ich deren Flashplayer benötige um mein Postfach zu öffnen. Naiv wie ich bin, hab ich mir das Setup auch gezogen, ob ich ihn installiert habe weis ich nicht mehr. Danach wurde ich jedoch nicht mehr auf die andere Seite weitergeleitet. Seitdem werden aber immer wieder Pop Up Fenster im Firefox geöffnet von Seiten die "World of Trust" als nicht vertrauenswürdig einstuft.
Heute habe ich die Setup-Datei mit Antivir überprüft und siehe da: "TR/Strictor.29593". Diesen habe ich in die Quarantäne verschoben und zu diesem Zeitpunkt entschloss ich mich das Trojaner-Board zu besuchen, um mir hoffentlich helfen zu lassen.
Ich hoffe das waren nicht zu viele Informationen für den Anfang. Ich bin mir aber nicht sicher, welche Informationen ihr alles benötigt.
Hier die LOG´s
OTL.txt Code:
OTL logfile created on: 01.06.2013 14:39:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop\Bereinigung
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,95 Gb Total Physical Memory | 4,34 Gb Available Physical Memory | 73,00% Memory free
11,90 Gb Paging File | 10,08 Gb Available in Paging File | 84,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,59 Gb Total Space | 372,13 Gb Free Space | 83,14% Space Free | Partition Type: NTFS
Drive D: | 17,87 Gb Total Space | 1,92 Gb Free Space | 10,76% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 77,78 Mb Free Space | 78,55% Space Free | Partition Type: FAT32
Drive F: | 269,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,42 Gb Total Space | 0,40 Gb Free Space | 2,80% Space Free | Partition Type: FAT32
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.01 13:54:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\Bereinigung\OTL.exe
PRC - [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.05.14 22:57:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012.07.18 18:08:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:08:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.07.18 18:08:01 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.07.18 18:08:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.18 18:08:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2011.08.09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.08.09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.28 08:14:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll
MOD - [2013.05.28 08:14:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll
MOD - [2013.05.27 19:23:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.05.27 19:23:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.27 19:22:53 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.05.27 19:22:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.27 19:22:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.05.27 19:22:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.05.27 19:22:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.27 19:22:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2012.04.25 14:02:52 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011.09.30 22:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.05.23 15:20:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.14 22:57:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 18:08:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:08:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.07.18 18:08:01 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.07.18 18:08:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012.01.04 00:37:16 | 000,311,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.12.11 03:48:26 | 000,260,424 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2011.12.09 06:41:00 | 000,269,640 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.08.09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.08.09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.06.28 17:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.06.14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.05.23 09:59:53 | 004,747,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.07.18 18:08:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 18:08:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.07.18 18:08:31 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.25 14:02:52 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.04.25 14:02:52 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.10.01 00:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.30 21:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.08.09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.06.10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.06.10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.06.09 18:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.30 16:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.20 07:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 5C 3D 97 B3 57 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: fmdownloader%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: ytfmdownloader%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.backup.ftp: "172.19.1.150"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "172.19.1.150"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "172.19.1.150"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "172.19.1.150"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "172.19.1.150"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.19.1.150"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.19.1.150"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013.06.01 13:25:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013.06.01 13:25:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcfan@fansoft.br: C:\Program Files (x86)\LyricsFan\FF\ [2013.05.24 06:49:40 | 000,000,000 | ---D | M]
[2013.05.23 10:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
[2013.05.23 22:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\th39jonx.default\extensions
[2013.05.23 22:27:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\th39jonx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.05.23 22:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.23 10:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.23 10:37:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.01 13:25:01 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\FMDOWNLOADER@GMAIL.COM
[2013.06.01 13:25:01 | 000,000,000 | ---D | M] (Freemake Youtube Download Button) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\YTFMDOWNLOADER@GMAIL.COM
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O2 - BHO: (Lyrics Fan) - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Program Files (x86)\LyricsFan\lrcfan.dll (FAN Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = hxxp://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55361C37-6034-40CB-A8F1-DF445646E151}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E167851-AE3F-4DE5-8327-BC4871EAC5B3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.31 19:01:03 | 000,000,129 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0a4917a2-c381-11e2-9133-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0a4917a2-c381-11e2-9133-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012.01.31 19:01:03 | 001,715,048 | R--- | M] (Hewlett-Packard Co.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.01 14:00:19 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Bereinigung
[2013.06.01 13:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013.06.01 13:25:03 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\Freemake
[2013.06.01 13:25:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.06.01 13:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.06.01 13:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.06.01 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013.05.31 18:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.05.31 18:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.29 14:56:45 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Neuer Ordner
[2013.05.29 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Audacity
[2013.05.28 10:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.05.27 22:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acoustica MP3 To Wave Converter PLUS
[2013.05.27 22:14:36 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\mp3DirectCut
[2013.05.27 22:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut
[2013.05.27 20:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RADVideo
[2013.05.27 20:42:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker
[2013.05.27 20:32:44 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Animake
[2013.05.27 20:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Animake
[2013.05.27 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.05.27 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\IrfanView
[2013.05.27 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.05.27 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\vlc
[2013.05.27 11:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.05.27 11:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.05.26 15:54:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.05.26 15:54:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.05.26 10:35:09 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.05.26 10:34:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.05.24 16:37:12 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\PunkBuster
[2013.05.24 16:35:22 | 000,000,000 | RH-D | C] -- C:\Users\HP\AppData\Roaming\SecuROM
[2013.05.24 16:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013.05.24 16:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013.05.24 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\WinRAR
[2013.05.24 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.24 13:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.24 13:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.24 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Hewlett-Packard
[2013.05.24 09:23:58 | 000,000,000 | ---D | C] -- C:\Users\HP\.thumbnails
[2013.05.24 09:22:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\fontconfig
[2013.05.24 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\gegl-0.2
[2013.05.24 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\HP\.gimp-2.8
[2013.05.24 09:21:21 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\schrott
[2013.05.24 09:11:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW Graphics
[2013.05.24 09:11:01 | 000,237,056 | ---- | C] (MW Publishing) -- C:\Windows\SysWow64\mwgfx24.dll
[2013.05.24 09:11:01 | 000,191,488 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfx.dll
[2013.05.24 09:11:01 | 000,104,960 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwdds.dll
[2013.05.24 09:11:01 | 000,056,832 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwace.dll
[2013.05.24 09:11:01 | 000,028,672 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfxcopy.exe
[2013.05.24 09:11:01 | 000,000,000 | ---D | C] -- C:\Graphics
[2013.05.24 06:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFan
[2013.05.23 22:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.05.23 22:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.23 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.05.23 22:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013.05.23 21:58:57 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Adobe
[2013.05.23 21:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindLyrics
[2013.05.23 21:33:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.05.23 16:32:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.23 15:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.05.23 15:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.05.23 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Macromedia
[2013.05.23 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Macromedia
[2013.05.23 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Adobe
[2013.05.23 15:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.05.23 15:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013.05.23 15:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013.05.23 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\HpUpdate
[2013.05.23 15:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.05.23 15:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013.05.23 15:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.05.23 15:29:10 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\HP
[2013.05.23 15:20:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.05.23 15:20:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.05.23 14:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.05.23 14:42:48 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs
[2013.05.23 12:13:41 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\TmForever
[2013.05.23 12:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2013.05.23 12:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
[2013.05.23 12:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever
[2013.05.23 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Avira
[2013.05.23 11:03:45 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Nexway
[2013.05.23 10:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.23 10:52:49 | 000,140,936 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.05.23 10:52:49 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.23 10:52:49 | 000,114,168 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.05.23 10:52:49 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.23 10:52:49 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.23 10:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.23 10:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.05.23 10:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.05.23 10:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.05.23 10:45:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.05.23 10:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.05.23 10:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.05.23 10:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.05.23 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Microsoft Help
[2013.05.23 10:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.05.23 10:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.05.23 10:42:31 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.05.23 10:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.05.23 10:37:23 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Mozilla
[2013.05.23 10:37:23 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Mozilla
[2013.05.23 10:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.05.23 10:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.23 10:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.23 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\AuthenTec
[2013.05.23 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Schule
[2013.05.23 10:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.05.23 10:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP SimplePass
[2013.05.23 10:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AuthenTec
[2013.05.23 10:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AuthenTec
[2013.05.23 10:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.05.23 10:32:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[2013.05.23 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YouCam
[2013.05.23 10:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2013.05.23 10:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.05.23 10:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Telespree
[2013.05.23 10:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2013.05.23 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Hewlett-Packard
[2013.05.23 10:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2013.05.23 10:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2013.05.23 10:24:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\hpqLog
[2013.05.23 10:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2013.05.23 10:23:36 | 000,000,000 | ---D | C] -- C:\HP
[2013.05.23 10:22:10 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013.05.23 10:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.05.23 10:20:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Intel Corporation
[2013.05.23 10:20:27 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Synaptics
[2013.05.23 10:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2013.05.23 10:14:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.05.23 10:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp60655
[2013.05.23 10:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2013.05.23 10:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors
[2013.05.23 10:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.05.23 10:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda
[2013.05.23 10:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013.05.23 10:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013.05.23 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\InstallShield
[2013.05.23 09:58:13 | 000,428,136 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.05.23 09:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.05.23 09:56:17 | 000,000,000 | ---D | C] -- C:\Windows\HPQ
[2013.05.23 09:55:45 | 006,344,704 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe
[2013.05.23 09:55:45 | 005,298,688 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll
[2013.05.23 09:55:45 | 004,444,672 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2013.05.23 09:55:45 | 001,819,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2013.05.23 09:55:45 | 001,425,408 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2013.05.23 09:55:45 | 001,085,440 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll
[2013.05.23 09:55:45 | 000,249,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe
[2013.05.23 09:55:45 | 000,223,744 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll
[2013.05.23 09:55:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013.05.23 09:55:14 | 000,251,904 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2013.05.23 09:55:13 | 001,987,072 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2013.05.23 09:55:13 | 000,654,336 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2013.05.23 09:55:13 | 000,535,552 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2013.05.23 09:55:13 | 000,448,512 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2013.05.23 09:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2013.05.23 09:34:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\ATI
[2013.05.23 09:34:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\ATI
[2013.05.23 09:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.05.23 09:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.05.23 09:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.05.23 09:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.05.23 09:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.05.23 09:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.05.23 09:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.05.23 09:28:37 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.05.23 09:28:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.05.23 09:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.05.23 09:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.05.23 09:27:56 | 000,000,000 | ---D | C] -- C:\Intel
[2013.05.23 09:27:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.05.23 09:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2013.05.23 09:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013.05.23 09:26:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.05.23 09:26:54 | 000,000,000 | ---D | C] -- C:\SWsetup
[2013.05.23 09:24:17 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.23 09:24:17 | 000,000,000 | R--D | C] -- C:\Users\HP\Searches
[2013.05.23 09:24:17 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.23 09:24:07 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Identities
[2013.05.23 09:24:04 | 000,000,000 | R--D | C] -- C:\Users\HP\Contacts
[2013.05.23 09:24:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\VirtualStore
[2013.05.23 09:23:51 | 000,000,000 | --SD | C] -- C:\Users\HP\AppData\Roaming\Microsoft
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Videos
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Saved Games
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Pictures
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Music
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Links
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Favorites
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Downloads
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Documents
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Desktop
[2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Vorlagen
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\AppData\Local\Verlauf
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\AppData\Local\Temporary Internet Files
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Startmenü
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\SendTo
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Recent
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Netzwerkumgebung
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Lokale Einstellungen
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Documents\Eigene Videos
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Documents\Eigene Musik
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Eigene Dateien
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Documents\Eigene Bilder
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Druckumgebung
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Cookies
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\AppData\Local\Anwendungsdaten
[2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Anwendungsdaten
[2013.05.23 09:23:51 | 000,000,000 | -H-D | C] -- C:\Users\HP\AppData
[2013.05.23 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Temp
[2013.05.23 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Microsoft
[2013.05.23 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Media Center Programs
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.05.23 09:18:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.05.23 09:16:15 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.05.23 09:15:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2013.06.01 14:38:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.01 14:38:43 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.01 14:38:43 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.01 14:38:43 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.01 14:38:43 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.01 14:37:35 | 000,000,000 | ---- | M] () -- C:\Users\HP\defogger_reenable
[2013.06.01 13:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 13:25:02 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2013.06.01 12:53:22 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.01 12:53:22 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.01 12:06:01 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 12:06:01 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 11:58:59 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Lyrics Fan Update.job
[2013.06.01 11:58:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.01 11:58:24 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.31 18:38:42 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.31 18:29:43 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.28 11:50:35 | 000,018,785 | ---- | M] () -- C:\Users\HP\AppData\Local\recently-used.xbel
[2013.05.27 22:27:45 | 000,001,072 | ---- | M] () -- C:\Users\HP\Desktop\TmForever - Verknüpfung.lnk
[2013.05.27 22:23:51 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013.05.27 22:11:00 | 000,001,059 | ---- | M] () -- C:\Users\HP\Desktop\mp3DirectCut.lnk
[2013.05.27 20:13:06 | 000,001,002 | ---- | M] () -- C:\Users\HP\Desktop\IrfanView.lnk
[2013.05.27 19:20:49 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.27 16:10:33 | 001,543,079 | ---- | M] () -- C:\Users\HP\Desktop\Djangoooo.zip
[2013.05.27 11:04:34 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.27 11:01:47 | 000,001,298 | ---- | M] () -- C:\Users\HP\Desktop\iw3mp - Verknüpfung.lnk
[2013.05.27 10:17:20 | 000,189,248 | ---- | M] () -- C:\Windows\SysNative\PnkBstrB.exe
[2013.05.27 10:17:05 | 000,189,248 | ---- | M] () -- C:\Windows\SysNative\PnkBstrB.ex0
[2013.05.27 10:17:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.27 10:17:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysNative\PnkBstrA.exe
[2013.05.27 10:16:38 | 000,840,264 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.05.27 10:09:20 | 000,281,768 | ---- | M] () -- C:\Windows\SysNative\PnkBstrB.xtr
[2013.05.24 17:16:19 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.24 17:16:19 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.24 09:21:14 | 000,001,442 | ---- | M] () -- C:\Users\HP\Desktop\gimp-2.8 - Verknüpfung.lnk
[2013.05.23 22:32:49 | 000,000,545 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.23 15:29:30 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.05.23 15:19:39 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2013.05.23 15:19:39 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2013.05.23 14:35:05 | 000,007,597 | ---- | M] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg
[2013.05.23 11:50:58 | 000,001,275 | ---- | M] () -- C:\Users\HP\Desktop\Raumtausch.lnk
[2013.05.23 10:52:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.23 10:37:15 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.23 10:32:12 | 000,001,365 | ---- | M] () -- C:\Users\HP\Documents\CyberLink YouCam.lnk
[2013.05.23 10:25:26 | 000,002,173 | ---- | M] () -- C:\Users\HP\Documents\HP Connection Manager.lnk
[2013.05.23 10:24:25 | 000,002,179 | ---- | M] () -- C:\Users\HP\Documents\HP Support Assistant.lnk
[2013.05.23 10:11:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf
[2013.05.23 10:09:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.05.23 10:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.05.23 10:00:41 | 001,089,238 | ---- | M] () -- C:\Windows\SysNative\oem13.inf
[2013.05.23 09:59:53 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2013.05.23 09:19:15 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.05.23 09:19:15 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.05.23 09:17:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
========== Files Created - No Company Name ==========
[2013.06.01 14:37:35 | 000,000,000 | ---- | C] () -- C:\Users\HP\defogger_reenable
[2013.06.01 13:25:02 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2013.05.31 18:29:43 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.28 11:50:35 | 000,018,785 | ---- | C] () -- C:\Users\HP\AppData\Local\recently-used.xbel
[2013.05.28 10:11:57 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.05.27 22:27:45 | 000,001,072 | ---- | C] () -- C:\Users\HP\Desktop\TmForever - Verknüpfung.lnk
[2013.05.27 22:23:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013.05.27 22:11:00 | 000,001,059 | ---- | C] () -- C:\Users\HP\Desktop\mp3DirectCut.lnk
[2013.05.27 22:01:03 | 001,543,079 | ---- | C] () -- C:\Users\HP\Desktop\Djangoooo.zip
[2013.05.27 20:13:06 | 000,001,002 | ---- | C] () -- C:\Users\HP\Desktop\IrfanView.lnk
[2013.05.27 11:04:33 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.27 11:01:47 | 000,001,298 | ---- | C] () -- C:\Users\HP\Desktop\iw3mp - Verknüpfung.lnk
[2013.05.27 10:20:58 | 000,281,768 | ---- | C] () -- C:\Windows\SysNative\PnkBstrB.xtr
[2013.05.27 10:20:58 | 000,189,248 | ---- | C] () -- C:\Windows\SysNative\PnkBstrB.exe
[2013.05.27 10:20:58 | 000,189,248 | ---- | C] () -- C:\Windows\SysNative\PnkBstrB.ex0
[2013.05.27 10:20:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysNative\PnkBstrA.exe
[2013.05.27 10:17:01 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.05.26 16:59:12 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.26 10:36:17 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.05.26 10:34:34 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.05.26 10:34:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.05.26 10:34:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.05.26 10:33:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.05.24 17:16:19 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.24 17:16:19 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.24 16:34:29 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.24 16:34:29 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.24 16:34:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.24 09:21:14 | 000,001,442 | ---- | C] () -- C:\Users\HP\Desktop\gimp-2.8 - Verknüpfung.lnk
[2013.05.24 06:49:41 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\Lyrics Fan Update.job
[2013.05.23 22:32:39 | 000,000,545 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.23 22:15:16 | 000,002,003 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013.05.23 21:56:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.05.23 21:38:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.05.23 15:56:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.23 15:29:30 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.05.23 15:20:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.23 14:43:14 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.05.23 14:35:05 | 000,007,597 | ---- | C] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg
[2013.05.23 11:50:38 | 000,001,275 | ---- | C] () -- C:\Users\HP\Desktop\Raumtausch.lnk
[2013.05.23 10:52:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.23 10:37:15 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.23 10:37:14 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.23 10:32:12 | 000,001,365 | ---- | C] () -- C:\Users\HP\Documents\CyberLink YouCam.lnk
[2013.05.23 10:25:26 | 000,002,173 | ---- | C] () -- C:\Users\HP\Documents\HP Connection Manager.lnk
[2013.05.23 10:24:25 | 000,002,179 | ---- | C] () -- C:\Users\HP\Documents\HP Support Assistant.lnk
[2013.05.23 10:11:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf
[2013.05.23 10:09:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.05.23 10:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.05.23 10:00:47 | 001,089,238 | ---- | C] () -- C:\Windows\SysNative\oem13.inf
[2013.05.23 10:00:10 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2013.05.23 09:58:13 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013.05.23 09:32:59 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013.05.23 09:32:59 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat
[2013.05.23 09:28:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013.05.23 09:24:59 | 000,001,409 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.05.23 09:24:55 | 000,001,443 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.23 09:19:09 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.05.23 09:19:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.05.23 09:17:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.05.23 09:15:25 | 495,865,855 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.08.09 08:30:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.09 08:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.09 08:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.09 08:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.06.09 18:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
========== Purity Check ==========
< End of report > Extras.txt Code:
OTL Extras logfile created on: 01.06.2013 14:39:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop\Bereinigung
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,95 Gb Total Physical Memory | 4,34 Gb Available Physical Memory | 73,00% Memory free
11,90 Gb Paging File | 10,08 Gb Available in Paging File | 84,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,59 Gb Total Space | 372,13 Gb Free Space | 83,14% Space Free | Partition Type: NTFS
Drive D: | 17,87 Gb Total Space | 1,92 Gb Free Space | 10,76% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 77,78 Mb Free Space | 78,55% Space Free | Partition Type: FAT32
Drive F: | 269,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,42 Gb Total Space | 0,40 Gb Free Space | 2,80% Space Free | Partition Type: FAT32
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E883360-C146-4EF2-B540-B53E50593B51}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F9F762E-4C32-4B86-9EAE-FA25AE637174}" = rport=139 | protocol=6 | dir=out | app=system |
"{0FAEB3A2-7B5F-4B21-BF9E-59AA91F993B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1470C75C-6BF1-47FF-BEC5-6BB40074C0E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17532EC9-63A6-495C-99B7-BC4F7588B00F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{282D8877-88A4-4F9F-A8B4-54D0BD6F6244}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FB2FA2C-C07B-43D8-BD36-03C0F65C8F53}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2FE32FDE-29A2-414F-958D-C1244488E3F3}" = lport=445 | protocol=6 | dir=in | app=system |
"{5529F5FC-144A-4F2D-9B90-A9AE11288019}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D5FD6A9-F5BB-4719-B4EF-DE76B1E16475}" = lport=137 | protocol=17 | dir=in | app=system |
"{605B96F4-8514-4E87-8D50-06E030B76C60}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F16DD50-4343-4A0A-9993-426A319B1ABC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F848624-A4F7-4911-B697-7DC256F7EA45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{816FC32E-5E00-49C1-9AF1-4972B498F18F}" = lport=138 | protocol=17 | dir=in | app=system |
"{88AD8EEF-172E-4726-ADD3-0E0BD0180AC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{94221988-24F4-46F2-A977-189CA3058537}" = rport=445 | protocol=6 | dir=out | app=system |
"{95D75479-F39A-403E-9388-9B293A8B406E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{966BAD92-8194-49E3-99BB-5608D555F3EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F8B61F7-9A01-42EC-9673-35DF55748CCD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C10D6643-98CF-4936-A7AE-670931599883}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E13E6A92-67A7-411E-B741-B8FAAB9ECB8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6857A5E-CB49-4DE2-A5FE-8111268B1528}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC740102-85E8-4D16-8E8F-0B8FF24C0292}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F3367C09-7976-42A5-9731-EB0ACD5DAB46}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E180075-A73E-4B82-B7AA-E1B3BD10E7D4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0FEBBC58-F187-46D7-A023-51C3C861487D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{13DCD82D-7FDD-4253-AFDB-BDBCA57DC0FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{197D39AC-E290-417D-88B8-7EF634F10A81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3934EFC1-A7ED-420B-9DE3-794B55F53FD2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44FE2142-D213-46CA-BCC2-B1CCCAE317A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45E1AC92-770F-439E-89E0-05441245C884}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe |
"{46CBF368-6441-40DB-A2F0-885E4268F97F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5AB60B13-C96F-4178-BA69-D99B14BB41DF}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe |
"{656C5B61-FB20-4109-8552-B7EEBE77F3CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E6C1373-4899-418F-B37F-092B107669E8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{88A8939D-9F3E-4AF5-8251-6B698835386A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8F228DA1-2AC4-40E9-AF5B-4271AB18A9B6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{90C35831-579B-493B-8747-F429715D0344}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{925B4FED-2D70-4CF4-B0DB-0F50D11ADFDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2C7313B-B790-4BC6-80E8-0A6C266F067D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9E2EAC5-5B3E-4122-A470-764B2B34689B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B2E46DA5-2041-4DD2-B68A-439B1FCE109D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC30FD82-F5E1-4808-82EE-2B6633C817BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7BEB55-98F2-489C-B8B0-CC9222264A93}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C0AC06C4-26BC-437D-A7D0-F7FE5D03198E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C1B57482-7383-4BBA-8E89-D35336E727DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D20B33AF-C4EA-4E94-A1EC-59E966627E9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5D77FAB-5C9C-48B1-8761-DF17E69AD759}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D8545397-FC8D-479A-B78F-E04412152899}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBC31DED-CC6C-43DA-BA55-4D19978C709F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E1E4AFD2-97DA-40BF-A760-2675A42A956B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E50427A5-C745-4B00-AFB6-ED1822EB3B2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB171E2E-78AA-4E9E-A018-2349E6FDD62B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FD06A6B9-0F31-4ABA-B3D8-3729AAE283C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FD9F6C85-3A4D-484D-9E45-5E946FC80092}" = protocol=6 | dir=out | app=system |
"TCP Query User{2C9B6000-6151-4010-83C3-D34084010625}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{9707715A-4E5D-47E7-983C-742049DAEB60}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{DE571F08-82CD-4E62-8F6A-DA31B86E7E62}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{0F007BBE-845E-4672-B947-59164299260E}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{36A12929-42A9-48B0-87FA-B762352E8C34}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{65FCC6DB-55AA-4B1A-AC11-038BAFC43450}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1876545F-47B1-80A7-2F98-D175DA98A392}" = ccc-utility64
"{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A9C5381E-F415-4EDC-95A2-9164218FEA8A}" = HP Deskjet 3520 series - Grundlegende Software für das Gerät
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E75A77D7-A854-44D6-A46B-82332AD79E9E}" = Studie zur Verbesserung von HP Deskjet 3520 series Produkten
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9E64F70-9BE4-4ECD-9B83-09E74CF5B6C3}" = AuthenTec TrueAPI 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics TouchPad Driver
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}" = Catalyst Control Center Graphics Previews Common
"{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding
"{120F4744-38ED-FB1E-F313-A7A7E419A71E}" = CCC Help Chinese Traditional
"{135AAD7D-FB4A-800C-E7F2-58D02B936C38}" = Catalyst Control Center Localization All
"{178EA4CE-9622-76B4-308F-73FEC150DBB4}" = CCC Help Norwegian
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}" = CCC Help Swedish
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}" = CCC Help Portuguese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{412308A1-73B4-A26B-57A8-BE827ADA9BF9}" = Catalyst Control Center Profiles Mobile
"{483539DB-FA71-4C45-8438-55D3DCFDECC8}" = HP Software Framework
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6937DA-DABE-31C9-C433-D67C640B7BED}" = CCC Help Italian
"{52594AFD-2797-356A-CC6F-57047524F1E1}" = CCC Help Japanese
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C7F3D35-9018-A839-3B9C-E50B517B9458}" = CCC Help Hungarian
"{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy
"{5E63C0AB-19B0-47D4-842E-6B324EB0614B}" = HP Connection Manager
"{60CD8628-DDD9-B498-A368-D01A4793CCFA}" = CCC Help Dutch
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6866ADAD-71F1-D306-B979-6371D8C4411A}" = CCC Help German
"{6B953497-169C-4929-9AA9-A9F510347468}" = HP Deskjet 3520 series Hilfe
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{76D0E682-0183-E295-FA4C-DA6763669CCA}" = CCC Help English
"{880B5A98-B242-4B53-BD6F-41EA17495EAD}" = HP SimplePass
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DB85CDE-EC37-A333-05B1-23846D03F08D}" = CCC Help Russian
"{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}" = CCC Help French
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
"{B18BEB15-A9DA-43D7-BAE1-C6C67484C2C0}" = ESU for Microsoft Windows 7 SP1
"{B357B619-36C5-7C1E-063B-92677609CB14}" = CCC Help Danish
"{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C5D8263A-4D81-8979-91DE-B10120642FC5}" = Catalyst Control Center
"{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}" = CCC Help Finnish
"{CF48FF43-B417-637C-C804-0F285FD7ED05}" = CCC Help Spanish
"{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}" = CCC Help Czech
"{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}" = CCC Help Greek
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E59E0B3D-F840-5910-DF8C-73CFA82613C2}" = CCC Help Polish
"{E635F3DC-E92B-6E68-A2E7-BF77298E8584}" = PX Profile Update
"{E77268D6-5E7F-6DE1-34AC-A1A276710C21}" = CCC Help Chinese Standard
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F5C7356C-463C-75BC-E4E0-324E4516EB73}" = CCC Help Thai
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Professional Security
"COD4_is1" = Call of Duty(R) 4 - Modern Warfare(TM)
"FileHippo.com" = FileHippo.com Update Checker
"Freemake Video Downloader_is1" = Freemake Video Downloader
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"lrcfan@fansoft.br" = Lyrics Fan
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"TmNationsForever_is1" = TmNationsForever
"WinPcapInst" = WinPcap 4.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2013 06:15:11 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 28.05.2013 07:31:52 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 28.05.2013 10:58:18 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 28.05.2013 15:54:52 | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16483,
Zeitstempel: 0x515df825 Name des fehlerhaften Moduls: SeaNote.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4dd6f83b Ausnahmecode: 0xc0000005 Fehleroffset: 0x63851060
ID
des fehlerhaften Prozesses: 0xfe0 Startzeit der fehlerhaften Anwendung: 0x01ce5bdd3427824d
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
des fehlerhaften Moduls: SeaNote.dll Berichtskennung: 756910d3-c7d0-11e2-9b99-082e5f80547b
Error - 29.05.2013 02:15:59 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 29.05.2013 03:15:59 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 29.05.2013 04:16:00 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 30.05.2013 09:08:31 | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7abf9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000052fc6
ID
des fehlerhaften Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01ce5d36bd6644af
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 06512c30-c92a-11e2-96a0-20107a063c92
Error - 30.05.2013 17:20:02 | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001cffe7 ID des fehlerhaften Prozesses:
0x1070 Startzeit der fehlerhaften Anwendung: 0x01ce5d74ebc999fe Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: b042412b-c96e-11e2-9c58-082e5f80547b
Error - 31.05.2013 05:55:02 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = Programm iw3mp.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b0c Startzeit:
01ce5dd24ce26f26 Endzeit: 1258 Anwendungspfad: C:\Program Files (x86)\Activision\Call
of Duty 4 - Modern Warfare\iw3mp.exe Berichts-ID:
[ Hewlett-Packard Events ]
Error - 25.05.2013 09:21:47 | Computer Name = HP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 bei System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
bei System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() bei HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object
arg) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
Während des Vorgangs ist eine Ausnahme aufgetreten, sodass das Ergebnis ungültig
ist. Weitere Ausnahmedetails finden Sie in InnerException. StackTrace: bei System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
bei System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() bei HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object
arg) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml" konnte nicht gefunden werden. Name: HPSF.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
de-DE RAM: 6091 Ram Utilization: 30 TargetSite: Void RaiseExceptionIfNecessary()
[ HP Software Framework Events ]
Error - 24.05.2013 04:46:13 | Computer Name = HP-PC | Source = CaslSmBios | ID = 5
Description = 2013.05.24 10:46:13.464|00000588|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
[ System Events ]
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x33) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x34) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x35) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x36) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x37) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x38) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x39) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x3a) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x3b) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
< End of report > und die Gmer.txt (ich weis nicht ob ich das richtig gemacht habe. Ich hab nur "C:\" angewählt. Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-01 17:21:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0005 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\HP\AppData\Local\Temp\pxldipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072e61a22 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072e61ad0 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072e61b08 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072e61bba 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072e61bda 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077981465 2 bytes [98, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779814bb 2 bytes [98, 77]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 528
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 247
---- EOF - GMER 2.1 ---- Vielen Dank im Voraus! |