| |
| |||||||
Log-Analyse und Auswertung: malewarebytes scan mit vielen fundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.05.2012, 15:45
| #1 |
 |  malewarebytes scan mit vielen funden Guten Tag Ich habe heute mein system mit dem quickscan von malewarebytes gescanned, da ich durch tuneup ein autostartprogramm entdeckt hab was mir recht merkwürdig vorkam der name war userinit die exe hieß appconf32.exe. das habe ich gegoogelt und ein user dieses forums hat empfohlen windows komplett neu zu installieren und nur dateien zu behalten die keine exe sind und alle passwörter danach zu ändern. da ich keine windows cd beim kauf meines pcs bekommen hab, entschied ich mich erstmal mein malewarebytes log hier zu scannen und auf empfehlungen zu warten. achja was mir auch beim scan aufgefallen ist und mich ziemlich erschrocken hat war das malewarebytes eine meldung anzeigte das es die verbindung zu einer gefährlichen website geschlossen habe. hier der log: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.03.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Boris :: BORIS-PC [Administrator] Schutz: Aktiviert 03.05.2012 16:10:24 mbam-log-2012-05-03 (16-10-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 235187 Laufzeit: 7 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FUNMOODS (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods|UninstallString (PUP.Funmoods) -> Daten: "C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 2 C:\Program Files\Funmoods\funmoods\1.5.11.16 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Funmoods\funmoods\1.5.11.16\bh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 9 C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Boris\Desktop\grplauncher0.6.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Boris\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank schonmal für eure Mühe und Hilfe Grüße |
|
03.05.2012, 18:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | malewarebytes scan mit vielen funden Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
03.05.2012, 20:45
| #3 |
| | malewarebytes scan mit vielen funden So ich habe jetzt nochmal einen Vollständigen Scan durchgeführt, der hat aber nichts gefunden. Meinst du es ist wirklich notwendig noch diesen Online Scan durchzuführen? und sollte ich jetzt besser all meine pws ändern?
__________________ |
|
04.05.2012, 10:35
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malewarebytes scan mit vielen fundenZitat:
Passwörter änderst du am besten von einem anderen sauberen Rechner aus oder kannst du ganz genau wissen, dass dieser Rechner doch nicht befallen ist? Ohne genaueren Analysen kann das niemand sagen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.05.2012, 16:08
| #5 |
| | malewarebytes scan mit vielen funden so habe den eset scan durchgeführt. hier die ergebnisse: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=074c8a48a8d04d4faaaefd06dfe39768
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-04 02:42:11
# local_time=2012-05-04 04:42:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 5015161 5015161 0 0
# compatibility_mode=5892 16776573 100 100 3240 173669175 0 0
# compatibility_mode=8192 67108863 100 0 238 238 0 0
# scanned=346790
# found=10
# cleaned=10
# scan_time=6083
C:\Program Files\DVDVideoSoft\Free Audio CD Burner\icon1045.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ICQ7.5\upgrade\2dcd1d63cb45e6613582211c3d5f4b23 Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ICQ7.5\upgrade\53e83dd5315bfb1f928441c9b4618b68 Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ICQ7.6\install_dll\OCSetupHlp.dll Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\TrackMania\Cache\883C9B377792A06FEBC59FA4CFF3C10C_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Boris\AppData\Roaming\11019\components\AcroFF019.dll probably a variant of Win32/Spy.Banker.XOS trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\Boris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\BReWErS.dll a variant of Win32/GameHack.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
04.05.2012, 18:56
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malewarebytes scan mit vielen funden So viel zum Thema, dass da ja nichts mehr sein kann  Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> malewarebytes scan mit vielen funden |
|
04.05.2012, 19:16
| #7 |
| | malewarebytes scan mit vielen funden erstmal danke für die hilfe soweit was genau meinst du mit normalem modus? zu 1. also eigentlich läuft alles normal bei meinem pc mir sind keine veränderungen aufgefallen ausser das einige windows updates nich installiert werden konnten und im startmenü steht das symbol installiert updates und fährt herrunter im ausschalt feld. wenn ich das anklicke steht es beim nächsten start immer noch da ich hab auch eine meldung vor etwas längerer zeit bekommen das 33 windows updates nicht installeirt werden konnten. zu 2. ist schwer zu sagen da ich im laufe der jahre allen möglichen kram installiert, deinstalliert oder einfach installationsordner gelöscht ohne deinstallation aber eigentlich kommt mir nichts irgendwie merkwürdig oder verändert vor und alle programme laufen korrekt. was meinst du zu diesem spy.banker trojaner im log könnte das einer sein der private daten von mir ausspioniert hat? |
|
04.05.2012, 19:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malewarebytes scan mit vielen funden Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2012, 20:22
| #9 |
| | malewarebytes scan mit vielen funden hier das otl log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.05.2012 20:33:49 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Boris\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 66,90% Memory free 6,23 Gb Paging File | 5,19 Gb Available in Paging File | 83,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 284,09 Gb Total Space | 36,44 Gb Free Space | 12,83% Space Free | Partition Type: NTFS Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.04 20:29:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.02.09 11:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) -- C:\Programme\Tunngle\TnglCtrl.exe PRC - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe PRC - [2009.11.09 14:35:50 | 000,072,704 | ---- | M] (Autodesk) -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\System32\HidService.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.08 17:21:09 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2010.02.10 19:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.11.09 14:35:50 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.07.21 04:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) SRV - [2009.01.11 08:07:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\System32\HidService.exe -- (GenericHidService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.02.09 11:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.01.31 09:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 09:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.04.17 16:58:04 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.08.11 22:59:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.11.17 17:43:20 | 000,134,808 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus) DRV - [2009.11.09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009.11.07 12:50:22 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.11.07 12:50:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009.08.28 12:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd) DRV - [2009.08.05 15:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2009.08.05 13:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2009.07.28 21:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2009.07.24 12:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009.06.19 10:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2009.06.19 10:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2009.06.17 12:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008.11.06 07:33:58 | 000,043,928 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\phmcd.sys -- (phmcd) DRV - [2008.07.16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2006.08.28 23:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gan_adapter.sys -- (hamachi_oem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=0709&m=imedia_d3860_ge IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ironto IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes,DefaultScope = {62CA968C-E5F9-4FDC-9F4E-C8C994351E8B} IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826 IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE349&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{8719298B-F26E-449B-9698-4542A1E7CA4B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE349 IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.04 14:37:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 01:04:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\extensions\mail@shopping-preise.de FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\extensions\firejump@firejump.net FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boris\AppData\Roaming\11019 [2012.04.25 14:18:15 | 000,000,000 | ---D | M] [2009.10.16 18:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Extensions [2012.04.04 15:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\j1lg8v7j.default\extensions [2012.03.30 18:40:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\j1lg8v7j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.03.07 15:24:38 | 000,001,090 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\conduit.xml [2012.03.09 08:25:10 | 000,001,292 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\funmoods.xml [2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-1.xml [2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-2.xml [2012.03.09 08:25:10 | 000,000,901 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin.xml [2012.04.05 14:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.16 19:46:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.04.05 14:28:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.01.26 00:38:26 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2012.04.25 14:18:15 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\BORIS\APPDATA\ROAMING\11019 [2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\mozilla firefox\plugins\NPOP7PlugIn.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.09 08:25:10 | 000,002,050 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-209655109-2756548685-674970729-1010..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O7 - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36931A3B-291C-4867-B965-612740A42758}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F39D017-B652-4270-AB6F-6878927A7424}: DhcpNameServer = 193.22.254.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}: DhcpNameServer = 7.254.254.254 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Boris\Pictures\Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Boris\Pictures\Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell - "" = AutoRun O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell\AutoRun\command - "" = L:\loader.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\win32\autorun\m4ck.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll () Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll () Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.04 20:29:36 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe [2012.05.04 14:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.03 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Malwarebytes [2012.05.03 16:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.03 16:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.03 16:08:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.03 16:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.03 09:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black and White [2012.05.03 09:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Black & White [2012.04.29 00:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dead Island [2012.04.25 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11019 [2012.04.24 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11018 [2012.04.23 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11017 [2012.04.21 12:25:04 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer [2012.04.21 12:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer [2012.04.20 15:29:14 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11016 [2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2012.04.17 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11015 [2012.04.16 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11014 [2012.04.14 21:10:37 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.04.14 13:56:56 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.04.14 13:56:56 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.04.14 13:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.04.14 13:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.04.13 14:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com [2012.04.13 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com [2012.04.13 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11013 [2012.04.12 13:49:53 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11012 [2012.04.12 04:04:54 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\Almost Human [2012.04.12 03:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Legend of Grimrock [2012.04.11 23:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Interplay [2012.04.11 23:14:42 | 000,052,224 | ---- | C] (Interplay Productions) -- C:\Windows\ipuninst.exe [2012.04.11 23:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interplay [2012.04.11 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\UAs [2012.04.11 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11009 [2012.04.09 17:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlitzMax [2012.04.08 23:18:36 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe [2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2012.04.05 14:44:38 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe [2012.04.05 14:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld [2012.04.05 14:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Boris\AppData\Roaming\*.tmp files -> C:\Users\Boris\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.04 20:29:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe [2012.05.04 20:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.04 19:12:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.04 19:12:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.04 18:11:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.05.04 17:19:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.04 17:12:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.05.04 17:12:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.04 17:10:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.05.04 17:10:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2012.05.04 13:53:59 | 000,321,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.03 16:08:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.03 16:01:57 | 000,218,600 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe113.dll [2012.05.03 16:01:57 | 000,007,368 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe113.dll [2012.05.03 16:01:53 | 000,000,016 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\blckdom.res [2012.05.03 09:37:01 | 000,001,711 | ---- | M] () -- C:\Users\Boris\Desktop\Black and White.lnk [2012.05.01 17:19:14 | 000,000,011 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\urhtps.dat [2012.04.30 17:30:54 | 000,218,600 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe112.dll [2012.04.30 17:30:54 | 000,007,368 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe112.dll [2012.04.29 01:17:19 | 000,001,426 | ---- | M] () -- C:\Users\Boris\Desktop\Dead Island.lnk [2012.04.20 15:28:18 | 000,012,288 | ---- | M] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.20 14:13:59 | 000,929,124 | ---- | M] () -- C:\Users\Boris\Documents\pinfect.zip [2012.04.20 10:26:37 | 000,000,055 | ---- | M] () -- C:\Windows\Lic.xxx [2012.04.20 10:08:19 | 000,001,356 | ---- | M] () -- C:\Users\Boris\AppData\Local\d3d9caps.dat [2012.04.14 13:56:54 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.04.13 14:40:00 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk [2012.04.11 23:42:44 | 000,052,224 | ---- | M] (Interplay Productions) -- C:\Windows\ipuninst.exe [2012.04.10 16:27:08 | 000,330,195 | ---- | M] () -- C:\Users\Boris\.recently-used.xbel [2012.04.05 15:27:04 | 000,001,075 | ---- | M] () -- C:\Users\Boris\Desktop\ArtRage Studio Pro.lnk [2012.04.05 15:17:26 | 023,146,296 | ---- | M] () -- C:\Windows\REGBK00.ZIP [2012.04.05 14:44:37 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Boris\AppData\Roaming\*.tmp files -> C:\Users\Boris\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.03 16:08:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.03 16:01:57 | 000,218,600 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe113.dll [2012.05.03 16:01:57 | 000,007,368 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe113.dll [2012.05.03 09:36:10 | 000,001,711 | ---- | C] () -- C:\Users\Boris\Desktop\Black and White.lnk [2012.05.03 09:31:11 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll [2012.05.01 17:19:14 | 000,000,011 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\urhtps.dat [2012.04.30 17:30:54 | 000,218,600 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe112.dll [2012.04.30 17:30:54 | 000,007,368 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe112.dll [2012.04.29 01:17:19 | 000,001,426 | ---- | C] () -- C:\Users\Boris\Desktop\Dead Island.lnk [2012.04.20 10:07:56 | 000,929,124 | ---- | C] () -- C:\Users\Boris\Documents\pinfect.zip [2012.04.14 13:56:54 | 000,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.04.14 13:56:54 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.04.13 14:40:00 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk [2012.04.12 13:49:11 | 000,000,827 | ---- | C] () -- C:\Users\Boris\Desktop\LogMeIn Hamachi.lnk [2012.04.10 16:27:08 | 000,330,195 | ---- | C] () -- C:\Users\Boris\.recently-used.xbel [2012.04.05 15:27:04 | 000,001,075 | ---- | C] () -- C:\Users\Boris\Desktop\ArtRage Studio Pro.lnk [2012.04.05 15:16:03 | 023,146,296 | ---- | C] () -- C:\Windows\REGBK00.ZIP [2012.04.05 14:45:12 | 000,000,055 | ---- | C] () -- C:\Windows\Lic.xxx [2012.04.03 22:32:49 | 000,000,016 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\blckdom.res [2012.03.22 20:44:39 | 000,000,041 | ---- | C] () -- C:\Windows\MinGW.INI [2012.03.07 15:24:40 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.12.01 16:21:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.10.23 12:36:59 | 000,000,000 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\EasyToolz.ini [2011.09.17 23:56:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011.08.05 14:22:43 | 000,000,075 | ---- | C] () -- C:\Windows\Flarium24.INI [2011.06.27 13:38:06 | 000,000,240 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\wklnhst.dat [2011.05.29 16:00:01 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll [2011.05.29 16:00:01 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll [2011.05.29 16:00:01 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll [2011.05.29 16:00:01 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll [2011.01.08 14:30:57 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.12.13 17:33:39 | 000,107,292 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.11.24 16:37:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.10.23 20:41:58 | 000,000,306 | ---- | C] () -- C:\Windows\W2W.ini [2010.10.23 19:49:41 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe [2010.07.22 03:21:26 | 040,490,118 | -HS- | C] () -- C:\Windows\mb_warband_upgrade_1100_to_1113.exe [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.05.23 22:47:23 | 000,000,549 | ---- | C] () -- C:\Windows\eReg.dat ========== LOP Check ========== [2012.05.03 21:36:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.minecraft [2012.04.08 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.Nitrous [2011.02.08 21:11:53 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.visualvm [2012.04.03 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11006 [2012.04.11 22:30:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11009 [2012.04.12 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11012 [2012.04.13 13:41:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11013 [2012.04.16 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11014 [2012.04.17 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11015 [2012.04.20 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11016 [2012.04.23 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11017 [2012.04.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11018 [2012.04.25 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11019 [2010.04.18 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\acccore [2010.08.18 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Acoustica [2011.08.22 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ambient Design [2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Avaq [2009.10.16 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Blender Foundation [2011.09.18 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Braid [2010.05.22 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Bump Technologies, Inc [2010.08.11 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Lite [2011.04.17 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Pro [2009.10.22 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Desktopicon [2012.03.07 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DesktopIconForAmazon [2012.03.06 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Dev-Cpp [2012.01.22 18:07:26 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoft [2011.04.11 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.20 00:10:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\EasyMangosHandler [2010.01.06 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Engelmann Media [2011.07.16 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FileHunter [2011.05.22 14:13:50 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Firefly Studios [2010.03.12 22:51:01 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FOG Downloader [2010.01.22 13:01:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FreeFLVConverter [2011.06.20 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FUEL [2011.07.31 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GetRightToGo [2011.01.26 01:14:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GrabPro [2012.03.26 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\gtk-2.0 [2012.04.04 01:27:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Gutep [2010.01.28 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Hunspell [2012.05.04 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ [2011.01.26 00:14:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Iggels [2011.04.17 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ImgBurn [2012.02.25 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\IrfanView [2012.04.05 17:32:10 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Irit [2010.11.24 17:11:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Jumping Bytes [2012.03.17 17:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Kittomer Studios [2012.04.03 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\kock [2010.08.08 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LEGO Company [2010.06.19 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient [2010.12.05 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\mathegrafix [2011.06.21 12:53:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MAXON [2009.10.22 15:37:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MilkShape 3D 1.x.x [2010.11.24 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mobile Master [2010.05.26 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mount&Blade Warband [2011.07.20 13:55:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NCH Swift Sound [2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ocpode [2012.03.07 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OCS [2010.01.21 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org [2011.03.30 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera [2012.04.04 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Orbit [2010.10.10 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PACE Anti-Piracy [2011.01.26 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\phonostar GmbH [2011.01.26 00:20:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ProgSense [2011.01.26 01:18:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar [2010.09.08 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Registry Mechanic [2010.09.07 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sakura [2009.12.21 15:19:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ScummVM [2009.10.22 14:03:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\smc [2009.10.22 01:18:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sony [2010.04.25 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Spiral Graphics [2010.09.20 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SPORE [2010.08.18 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SynthMaker [2009.10.16 17:48:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\T-Online [2012.04.03 20:24:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer [2010.04.04 23:49:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Teeworlds [2011.06.27 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Template [2010.05.02 11:16:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Texture Maker [2011.06.25 20:25:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Thinstall [2010.12.03 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TS3Client [2012.03.11 15:52:59 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TuneUp Software [2011.10.09 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Tunngle [2010.10.17 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Turbine [2012.04.11 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\UAs [2010.04.17 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ubisoft [2011.04.06 14:59:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ultra Fractal 5 [2010.11.11 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Uniblue [2011.03.30 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Unity [2010.01.17 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utherverse [2012.04.19 14:29:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\uTorrent [2012.04.05 18:05:49 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utysik [2012.04.05 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wafeo [2010.09.06 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wildlife Park 2 [2012.04.11 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\xmldm [2010.08.09 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\XRay Engine [2011.02.10 18:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\YoWindow [2012.04.20 16:42:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ziymqa [2012.04.04 01:29:19 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Zoco [2012.05.04 17:10:21 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.05.03 21:36:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.minecraft [2012.04.08 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.Nitrous [2011.02.08 21:11:53 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.visualvm [2012.04.03 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11006 [2012.04.11 22:30:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11009 [2012.04.12 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11012 [2012.04.13 13:41:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11013 [2012.04.16 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11014 [2012.04.17 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11015 [2012.04.20 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11016 [2012.04.23 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11017 [2012.04.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11018 [2012.04.25 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11019 [2010.04.18 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\acccore [2010.08.18 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Acoustica [2012.02.25 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Adobe [2011.08.22 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ambient Design [2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Avaq [2012.03.07 15:04:31 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Avira [2009.10.16 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Blender Foundation [2011.09.18 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Braid [2010.05.22 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Bump Technologies, Inc [2012.04.18 14:21:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\codeblocks [2010.08.11 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Lite [2011.04.17 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Pro [2009.10.22 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Desktopicon [2012.03.07 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DesktopIconForAmazon [2012.03.06 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Dev-Cpp [2010.12.05 04:15:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DivX [2010.08.28 23:42:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\dvdcss [2012.01.22 18:07:26 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoft [2011.04.11 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.20 00:10:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\EasyMangosHandler [2010.01.06 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Engelmann Media [2011.07.16 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FileHunter [2011.05.22 14:13:50 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Firefly Studios [2010.03.12 22:51:01 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FOG Downloader [2010.01.22 13:01:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FreeFLVConverter [2011.06.20 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FUEL [2011.07.31 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GetRightToGo [2009.10.16 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Google [2011.01.26 01:14:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GrabPro [2012.03.26 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\gtk-2.0 [2012.04.04 01:27:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Gutep [2012.04.03 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Help [2010.01.28 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Hunspell [2012.05.04 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ [2012.04.03 20:28:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Identities [2011.01.26 00:14:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Iggels [2011.04.17 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ImgBurn [2010.09.05 17:23:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\InstallShield [2010.09.05 17:24:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\InstallShield Installation Information [2012.02.25 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\IrfanView [2012.04.05 17:32:10 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Irit [2010.11.24 17:11:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Jumping Bytes [2012.03.17 17:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Kittomer Studios [2012.04.03 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\kock [2010.08.08 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LEGO Company [2010.06.19 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient [2009.10.16 18:29:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Macromedia [2012.05.03 16:08:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Malwarebytes [2010.12.05 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\mathegrafix [2011.06.21 12:53:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MAXON [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Media Center Programs [2012.04.15 12:59:33 | 000,000,000 | --SD | M] -- C:\Users\Boris\AppData\Roaming\Microsoft [2009.10.22 15:37:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MilkShape 3D 1.x.x [2010.11.24 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mobile Master [2010.05.26 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mount&Blade Warband [2010.10.17 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mozilla [2011.07.20 13:57:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NCH Software [2011.07.20 13:55:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NCH Swift Sound [2009.10.18 09:23:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Nero [2012.02.04 12:47:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NVIDIA [2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ocpode [2012.03.07 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OCS [2010.01.21 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org [2011.03.30 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera [2012.04.04 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Orbit [2010.10.10 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PACE Anti-Piracy [2011.01.26 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\phonostar GmbH [2011.01.26 00:20:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ProgSense [2011.01.26 01:18:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar [2010.04.25 14:15:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Reallusion [2010.09.08 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Registry Mechanic [2010.09.07 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sakura [2009.12.21 15:19:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ScummVM [2010.01.31 05:22:56 | 000,000,000 | RH-D | M] -- C:\Users\Boris\AppData\Roaming\SecuROM [2011.09.27 08:47:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Skype [2011.09.27 08:47:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\skypePM [2009.10.22 14:03:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\smc [2009.10.22 01:18:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sony [2010.04.25 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Spiral Graphics [2010.09.20 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SPORE [2010.08.18 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SynthMaker [2009.10.16 17:48:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\T-Online [2009.10.24 13:00:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\teamspeak2 [2012.04.03 20:24:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer [2010.04.04 23:49:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Teeworlds [2011.06.27 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Template [2010.05.02 11:16:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Texture Maker [2011.06.25 20:25:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Thinstall [2010.12.03 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TS3Client [2012.03.11 15:52:59 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TuneUp Software [2011.10.09 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Tunngle [2010.10.17 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Turbine [2012.04.11 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\UAs [2010.04.17 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ubisoft [2011.04.06 14:59:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ultra Fractal 5 [2010.11.11 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Uniblue [2011.03.30 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Unity [2010.01.17 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utherverse [2012.04.19 14:29:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\uTorrent [2012.04.05 18:05:49 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utysik [2012.04.04 10:24:52 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\vlc [2012.04.05 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wafeo [2010.09.06 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wildlife Park 2 [2012.03.06 16:04:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Winamp [2009.10.18 09:41:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\WinRAR [2011.02.02 23:23:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Xfire [2012.04.11 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\xmldm [2010.08.09 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\XRay Engine [2011.02.10 18:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\YoWindow [2012.04.20 16:42:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ziymqa [2012.04.04 01:29:19 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Zoco < %APPDATA%\*.exe /s > [2009.10.22 21:43:13 | 000,031,836 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Desktopicon\uninst.exe [2012.03.07 15:24:39 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Boris\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2006.05.24 19:10:42 | 000,455,600 | ---- | M] (Macrovision Corporation) -- C:\Users\Boris\AppData\Roaming\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe [2010.06.19 17:01:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Boris\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.04.17 19:32:58 | 000,018,944 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{2158685C-E2B3-4026-B0A1-0FFE31837AFD}\Icon2158685C.exe [2009.11.14 21:26:49 | 000,004,608 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}\Icon40FE74B5.exe [2010.05.09 00:12:34 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe [2010.05.09 00:12:34 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe [2010.05.09 00:12:35 | 000,008,854 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe [2009.10.22 18:09:08 | 000,010,134 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2007.09.18 03:37:18 | 000,262,144 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\NCH Software\Components\flacdec2\flacdec2.exe [2007.08.29 15:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe [2012.03.07 15:24:34 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Boris\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2012.03.07 15:24:34 | 000,040,960 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011.01.26 00:38:24 | 000,704,248 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar\unins000.exe [2010.03.03 15:58:22 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar\Update.exe [2006.09.23 20:43:58 | 001,707,856 | ---- | M] (Microsoft Corporation) -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\instmsi.exe [2006.09.23 20:44:22 | 001,821,008 | ---- | M] (Microsoft Corporation) -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\instmsiw.exe [2006.10.25 10:04:20 | 003,608,576 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\mm.exe [2006.09.15 09:45:20 | 006,955,008 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe [2006.09.23 20:44:34 | 000,054,784 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\SteamInstall_German.exe [2006.09.23 20:44:30 | 000,111,419 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\steam_setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73\IDE\WinVista\sata_ide\nvstor32.sys [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys [2007.10.31 05:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73\IDE\WinVista\sataraid\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.08.11 22:59:58 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB9818$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:64217CD0 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > [/Code] |
|
04.05.2012, 20:24
| #10 |
| | malewarebytes scan mit vielen funden ich doppelposte hier weils zu viele zeichen hatte hier das extra file von otl OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.05.2012 20:33:49 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Boris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 66,90% Memory free
6,23 Gb Paging File | 5,19 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,09 Gb Total Space | 36,44 Gb Free Space | 12,83% Space Free | Partition Type: NTFS
Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16D405D8-F953-4DD2-8A5A-9D9EEE5E9D80}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{17B3D5C0-C61F-4A1D-AE96-DB4863AE9408}" = lport=138 | protocol=17 | dir=in | app=system |
"{1880B996-7A9C-4A57-8AF0-C9FE315632C8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{25EBCB20-10A0-4D7C-BC80-9E80ADD4D11C}" = rport=137 | protocol=17 | dir=out | app=system |
"{2B664397-F9B2-4D16-8588-DD0B33C648CB}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{2BF801DC-8D92-4297-BA60-6BE572437D4B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{31A13E34-FC45-4133-97CF-2B8AB2577377}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38AE8D31-C9A9-4044-8FF0-4325890B1025}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
"{38CE5D1D-57DE-4F2D-9F3E-4C1213C7B982}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher |
"{3D1382CF-C86E-46D4-9BB6-D72D165B5D28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D3D50F1-FA05-4493-84F9-6851DDA703D4}" = lport=6923 | protocol=6 | dir=in | name=league of legends launcher |
"{3DBB8EA1-638D-4481-AEE5-425EB4AABF94}" = rport=445 | protocol=6 | dir=out | app=system |
"{3F93DC00-70C9-45C7-9F33-1DC3487C1423}" = lport=25565 | protocol=6 | dir=in | name=minecraft |
"{491DF767-ACFF-488D-B3E2-13B9D3ECE459}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher |
"{4A0D7FB0-D95D-4265-B8EC-9524EAEEAFBA}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher |
"{539B7996-E722-4F32-AA95-3CFFA52EBDA0}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher |
"{636D8103-85B0-4D46-8869-41342380A226}" = rport=138 | protocol=17 | dir=out | app=system |
"{769B59E4-4E71-43DD-9709-14F1AC9B29EE}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher |
"{76FE37F4-FB8E-4694-AC00-E01B3C54F178}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7B1455CA-FB24-40D7-8ACE-5125AB45202D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7D781E32-3A4B-4044-97C5-A042C35ECF6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7D7AEE22-AB39-4BFE-A4E4-EF230FBBE7A2}" = lport=137 | protocol=17 | dir=in | app=system |
"{7D92076E-F5AB-4B69-8FDE-8A0BF3E52C08}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8609416A-58AB-4017-9958-5360EED02861}" = rport=139 | protocol=6 | dir=out | app=system |
"{9182E02F-DEA2-497B-9E62-D3CDAEB09D98}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher |
"{91F4EDE9-1B58-4017-AC67-9DF41DC4D106}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher |
"{923751DB-1BCC-4249-869D-0C955CF5B200}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
"{926DD65B-F4F5-43B0-88CF-1E70CD878CC8}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher |
"{943746CF-6B73-45EF-A298-6543F36AEC21}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{94522379-6B1D-40E0-AD44-EDA41167B7AD}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{99E79BB5-6A90-4C09-9A86-321B7D8C3C9C}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher |
"{9FA029B4-32FA-4778-8AF7-F5947BFF6D46}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{B23104C8-BF71-4A5E-95A8-3C7181F13860}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher |
"{B25F2FEC-25FD-4A45-92BB-151C86DE53EF}" = lport=6923 | protocol=17 | dir=in | name=league of legends launcher |
"{B8396BF4-AA93-4945-9EFE-8003C7A6AE99}" = lport=445 | protocol=6 | dir=in | app=system |
"{C962D8B7-2BE9-42B4-977A-6CBEF83A56D8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{E37E8B01-AE88-45DA-8905-CC4ECA288F99}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{E701D24A-3D94-419A-B5A6-FFCF74E01C8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9A92223-0E73-47DE-97F0-EF8677D933D3}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{EE77F615-FD06-467C-AD45-7B1CF6CED0F5}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{F04E04D7-5B9D-428B-8503-D96897711EFD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FA0AE466-264D-4C90-8459-C198216F7CFC}" = lport=139 | protocol=6 | dir=in | app=system |
"{FEF6969A-DFF2-43DD-A0B3-38D739C54C33}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DE0583-4297-4138-BBA8-71B214473385}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{045BBE7C-8422-490A-994F-FC7D87EDBAA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{05FF2AB3-4724-488A-A325-EE933EEE1F27}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{0BC3232B-49C1-4ACB-BD04-389910DC7D88}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe |
"{0CD46D83-20CC-487D-B960-E4CEE2D218CE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0E3D17A6-B201-499B-8662-62A9D1096363}" = protocol=17 | dir=in | app=c:\users\boris\desktop\minecraft_server.exe |
"{0EA6539E-BA88-4175-8D37-C759C420402E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1318CF1E-BD35-4CC2-B2AB-74335E31B95A}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{144B9E9F-195E-4876-AB4D-B77E3EDFF8B5}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{19104522-D34F-4C4D-A344-3BF9B9A60131}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00a8cbd9\installer.exe |
"{1AAFFC13-6FB6-44AB-AFC2-23586053D13A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\runme.exe |
"{202F2C3B-ACFD-448B-9247-3E877D58B369}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{24F02A85-189D-441F-B10B-970C63D950DB}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{26843590-AFD0-4B86-8892-A0E420CA8AFB}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{273A8E26-7BFD-4BE8-98C8-C054847606E8}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{27CC98A7-D665-45D6-8A31-8EADB8530BCF}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{2CC17DBC-ADB2-4813-99F5-34A4194B8D2B}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{2CD57A8B-D713-4F6C-BCC2-236ADC196FD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33C2FC98-153D-4055-B825-135CEC08590E}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{33D4AD69-5C77-42C1-A6D1-C32F2345CAAD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{35373F66-E430-46D8-9185-D038987707A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ADEB337-C631-4D8D-ACDD-022C88EF9F25}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{3C2BA712-9576-4FBF-A532-A525D141EA37}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 07ee7f08\installer.exe |
"{3F757E7B-1C74-44E5-82C1-BEBA1B335B7B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{4081D61F-21B3-4C53-9E7E-7CB42B4644B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{44DF9EF6-E174-47DF-BDD4-F3BFE8B8C215}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{47591EB6-8387-4D1C-BFCF-E0EEA5299E85}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{478C2556-E1EF-4455-9D15-285B409D3970}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{4800BC03-56A9-4515-857C-55BBFCD91569}" = protocol=17 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe |
"{50258AE8-954A-4D18-9ABC-DD44309F91B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\runme.exe |
"{528EF6A9-600F-4425-8481-0B23B171639F}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 0484ad46\installer.exe |
"{5470820D-DE2F-49EB-B2F0-11BBDDE970F2}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{560B1F2B-DA32-4DE8-B534-B04040A89073}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 028bb0b5\installer.exe |
"{5756069D-62F5-43FD-B88E-FCF9AA1B4C17}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{580B9066-0F9E-4863-8EF9-5A97BF8DA476}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{58BE4677-E454-4CA2-B8F5-49C161444BDF}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{5D262F7D-6F72-40B5-8170-FC30AD2F0B8D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5EC7A198-EA69-41D1-A50E-21E00EFFCDEA}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{618B1286-66BA-479D-8107-8B426544CF21}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{62D264A3-D99B-4305-86B0-702007694967}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00ee262a\installer.exe |
"{669DF0F2-7594-464B-944F-5A39FCD2721F}" = protocol=6 | dir=in | app=c:\users\boris\desktop\minecraft_server.exe |
"{6D62E307-08C6-499E-989B-111F0A84BA27}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00a8cbd9\installer.exe |
"{7415F57B-BE65-4434-A45C-0C04FC5CCF09}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{778F9966-8CDC-4992-96BB-480ECB3BFF1C}" = protocol=17 | dir=in | app=c:\program files\codemasters\fuel\fuel.exe |
"{7A4DD3B8-561C-4933-AB39-B5DC1878171B}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{8032B261-753F-4B5C-9AFA-D61CD67721F3}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{809D45BE-F6E7-43B3-9508-BF86A9A40E48}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{81B9B241-0569-4878-B6E6-4203A051B9B5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8641BAFB-FF02-4C5E-9923-8D24723E1AB3}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{86E83DCC-B5DB-44C3-9806-0835551121B5}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{877A3AFF-1C57-4DB9-A6B7-6EC3BFE0291D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{883B9DB7-DBC8-41DC-ABD7-27F32E4CA91C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8A75486B-C67E-460D-9554-B52F6E536D0E}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe |
"{8AF652F9-B30D-4109-BCB9-795C72688A8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8C3B5638-BCBC-4795-99C6-4C28CE89F787}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{8CD551BB-8577-4FE3-B5C8-4378904B2CBF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{8F0DB90D-4434-4191-9516-FE3701927DD8}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{953B2F24-3D26-43D4-BB3A-AA024B370CB2}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{99427D11-070B-43CE-87A8-49DF18D07EC7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{9B8AA46C-2C6D-44D2-9D9A-0F304D2C5ADD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BC993B1-61FE-4D58-AB6F-1C49D89ED678}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{9CE210E5-141A-4544-A4AF-43AC91CAA564}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00ee262a\installer.exe |
"{9E7B8992-6B2A-4C90-846A-FB5F2727D3BC}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00024604\installer.exe |
"{9F6CAA77-FB1F-4130-8C53-CDB4A94CC447}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A25640AE-6F3B-47AC-8B3B-B567958BA3ED}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A450128C-032C-46DB-8C46-8FF6D72F025F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A45C83A6-B0DD-4533-A8B3-5AFA446713EC}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{A698B36C-4F48-4C0C-BFDF-46947F0621E7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{A7CE014C-832F-4332-938E-0DA66A042E08}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A9CF2A59-7A9B-4506-8861-8856A7F4EDAC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{AC90A8BE-D64B-411A-B990-1BC305503B0C}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00909c9f\installer.exe |
"{ADC9062B-3727-4A32-81E8-F8D919DEFBAD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B06B8EC0-5E7B-4077-AB45-8E9AF35F4076}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B2B955B7-E1A9-4F26-83BD-DE59BD695504}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B623593D-FAFC-4393-AE0B-A0A53614B386}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{B6E500B9-8D70-4295-9043-9B36D3661567}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BA704343-95FA-4296-B828-D4B27EBDD4A8}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 0484ad46\installer.exe |
"{BCC2A4F6-A28B-481D-8F6B-CEA07F494C57}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00024604\installer.exe |
"{BE7DD6A6-30E8-47AD-B02F-D1EDBE1AD73B}" = protocol=6 | dir=in | app=c:\program files\codemasters\fuel\fuel.exe |
"{C142CC44-EFF4-48BA-9926-ABAF85580FA5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C5BDE3E4-2050-4BA3-9C87-D904661D28D4}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 02de647b\installer.exe |
"{C6428EAA-0B5D-4FB9-B0AD-F6DA98121689}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CA3A0387-4A5F-4DA4-BBCB-4645D6E91C84}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CAD2F887-39C3-47FA-98FC-96D7C0ED85E1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{DA3278F4-AF77-477A-A6B0-545FF3CDC4CE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{DAD0CD48-8102-4275-BCA8-D24B572DF53C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{DBB6A3A7-1F9B-4752-94B2-D49C34EA0877}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{DE36D1B0-BF38-459D-B37E-755F5DCEE516}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 028bb0b5\installer.exe |
"{E43039F7-9D3A-4198-B2A7-B58CADA54497}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E6EDA77F-EF6B-4B1D-B769-667B5B3FB820}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E9FE5BB9-6643-4C22-B119-6B4CD7E0CBF0}" = protocol=6 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe |
"{EB52EB36-F719-40E3-A351-A2EAD81DC056}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{EBD07366-D943-42D4-87D0-483741E33D59}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00909c9f\installer.exe |
"{EC92F9BC-24E8-4F26-9FFE-80063FAB19C9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F1A0767C-A800-4A7C-8DA5-DF0DCF3E6D98}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 02de647b\installer.exe |
"{F54A5BE6-50FB-47EB-A87A-213036F3CEEE}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{FA18CB15-8798-4BCE-A756-C08724D32D80}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{FC0893EC-E4CA-45E3-82A9-1E1E3C649C61}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{FC3A99E2-13C4-461B-9B68-BA9FF30ADC9D}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 07ee7f08\installer.exe |
"{FF4C2E75-BBAB-4A81-8819-8C5B0AC02751}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"TCP Query User{022DE049-564C-4012-9E21-84F26C0F5C5F}C:\program files\night\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files\night\mass effect 2\binaries\masseffect2.exe |
"TCP Query User{02653C95-74CD-48EE-A07F-7BFE52BA063A}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{06767FDE-A731-4AAF-9826-6E8035AA6188}C:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe |
"TCP Query User{067ADF3E-9189-43A8-9E12-FA0936C78A00}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{0776E850-ED15-45C2-AC29-7156310C74A0}C:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe |
"TCP Query User{0B574A9B-7B82-46EB-8244-CC95A7A19FBD}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{1320678D-EA91-4D1F-A96A-CF56DE96AC5F}C:\program files\the babylon project\fs2_open_3_6_9.exe" = protocol=6 | dir=in | app=c:\program files\the babylon project\fs2_open_3_6_9.exe |
"TCP Query User{133C9B90-1081-48DB-9B88-886F1FD383F1}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"TCP Query User{14C08A75-51A3-4FF9-A051-39EEBB850645}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{1AF315BD-7EC8-4780-A9F2-75768F9E5B52}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{1F0D8FB3-5693-449E-9CD8-A8623CD04CB0}C:\program files\hypercube source\steamless.dll" = protocol=6 | dir=in | app=c:\program files\hypercube source\steamless.dll |
"TCP Query User{21341BA7-E7E6-4C31-94DD-CE0B1D1D2451}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{2577BE9C-0BFB-42A0-BAA3-7BF19BBB4FCB}C:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe |
"TCP Query User{26838C21-2A82-424B-9E62-AA74CA11CC33}C:\program files\blitz3d\bin\blitzcc.exe" = protocol=6 | dir=in | app=c:\program files\blitz3d\bin\blitzcc.exe |
"TCP Query User{2E141BD9-170E-4BDA-A654-98136BE96505}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2E83B60D-E898-4E0B-A527-018FBD3C6ACB}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe |
"TCP Query User{2FEB44FB-8D53-4451-99CA-7C3845E699FE}C:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe |
"TCP Query User{30D3A633-6A5C-4986-A6C8-3D427FF4D02A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{33955399-04FC-44C4-8622-89C01A0D99F9}C:\users\boris\downloads\core\cwcore.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\cwcore.exe |
"TCP Query User{3937FB58-5A42-4630-8E2F-8B76A902E172}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{3E1538A2-BBCA-4AFC-8D17-01A1CA3A9A6D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{3EAEA7ED-8E83-4758-9929-CD7DD43FA294}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3F173495-1841-4ECC-8886-713C05C700A2}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{413F770A-B9FD-4E2A-9E4E-4868610259BA}C:\users\boris\downloads\core\cwrealm.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\cwrealm.exe |
"TCP Query User{42594201-F037-437B-8141-AF3F60C8A400}C:\program files\valve\hltv.exe" = protocol=6 | dir=in | app=c:\program files\valve\hltv.exe |
"TCP Query User{429FBD7D-2C5E-4EE1-A709-3823D27C0EAE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{43CBB8C4-6615-4EFF-9AB6-1DDC469477E4}C:\udk\udk-2011-04\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udk.exe |
"TCP Query User{457DB43B-35E6-480D-A24D-56E95B3DE700}C:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe |
"TCP Query User{45AEC5EA-1184-4A48-9428-A6D48662D4A2}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=6 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe |
"TCP Query User{47C77EFE-5920-495A-86C9-5710503A2861}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{516AA790-0B6F-4ACC-BF27-C124B33A5033}C:\program files\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\stronghold3.exe |
"TCP Query User{544A51CE-016A-4E35-BBDF-A32209DC9B76}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{54DB338E-FEC2-44DD-A0C0-19BC8D9AD1D9}C:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"TCP Query User{58A72013-7EA2-48B3-A2C4-BF82ED3896AF}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{5A2A1118-0A97-4C8E-B5A1-2D97A9AB0193}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5D3ACD67-FFB0-4CE9-BEE6-B834E6795F2B}C:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe |
"TCP Query User{68FA5DB8-96BD-47B2-B1AE-943861EB7947}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"TCP Query User{6BD09A77-62EC-48BE-B272-EF6D7160F61E}C:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe |
"TCP Query User{6D084A94-CD54-498F-9524-53788E9DD209}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{6E21FDCB-D240-4FCC-8074-BC7540FD5841}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe |
"TCP Query User{72216BAF-B0C5-4E7A-AB46-764831D04F3A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{77CBC97C-A2B3-472C-BD60-D0D3F23935E3}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe |
"TCP Query User{7815EB27-6698-431C-A79A-9F5DB5AFA91D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{7B061044-AB54-46A8-AEB7-251F4640B801}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{8416F972-0AA8-4828-ACA7-B59A28840426}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{867159E4-F1A7-4358-B351-3B993BE3905F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{86A26453-2FA3-4398-8B86-0907E00A2FF1}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{8AC941BE-3E5A-4CE0-9CA4-CE9BD84CF085}C:\udk\udk-2011-04\binaries\win32\udkmobile.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udkmobile.exe |
"TCP Query User{8D86B87B-EE5F-4316-8DB0-C3CCDB222CDF}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe |
"TCP Query User{929027B2-4AB4-4806-A21E-8F9957B87A2E}C:\program files\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\black & white\runblack.exe |
"TCP Query User{940FBC74-7DE1-4830-A760-929750893F81}C:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe |
"TCP Query User{97472822-0439-444B-B6F6-DB9FE87C27D3}C:\program files\java\jdk1.6.0_23\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_23\bin\java.exe |
"TCP Query User{9DAA6599-8DC1-4EAC-AB5E-932F27A299A4}C:\program files\stronghold 3\bin\win32_release\mapeditor.exe" = protocol=6 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\mapeditor.exe |
"TCP Query User{9E8C12BD-3867-4CFD-9F49-673EE9689267}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"TCP Query User{9EF206B9-C9FF-4957-9B38-F0761AF7B397}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{9F65A574-101D-4350-AC39-4BA569D93FF9}C:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe |
"TCP Query User{A002C11C-6AD8-4FF1-AC8D-C022706A0F46}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A3C5F585-18ED-4664-B0E4-987E8F116B8D}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=6 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe |
"TCP Query User{A464C402-FB90-4043-ACEE-989161E3D64F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{ACF1B1CC-CD0F-42DC-BEE0-C1FB1ABC9AA4}C:\users\boris\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\roaming\filehunter\pumpa.exe |
"TCP Query User{B1932715-2E2A-4EF1-9874-4F621EA5149F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{B2766438-A46C-4660-9505-0D08268F728F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{B4770EE8-708C-4556-9315-0A48D36E26E5}C:\udk\hazard - journey of life demo\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\hazard - journey of life demo\binaries\win32\udk.exe |
"TCP Query User{BAD96D52-FB5D-4205-B198-3967FC1B1251}C:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe |
"TCP Query User{BD38BC71-CC01-4975-A684-23B3BFE72ADD}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{C1F52990-E4A0-432B-ABDA-C47BA891B323}C:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe |
"TCP Query User{C310592F-B9F4-446C-919F-7A3C8FE5D4DC}C:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe |
"TCP Query User{C659805D-4B14-488E-9DAD-C685F343DD80}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe |
"TCP Query User{D35280C2-7DEC-4B0E-8D83-AB4384399506}C:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{D49D1BFF-7D9C-42F5-8232-3E67C5F79222}C:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{D5833881-93E7-411C-A3F7-0FC720DAF948}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{D6F78663-8FE2-45C7-93D3-D332D5DCB8DA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DE7AA29E-7E83-47B7-BE79-B0AC2BFF926A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{DED412C4-7181-49B0-A221-FDD21224D80A}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{E382B687-C828-48AF-B52D-34A882A1FBB3}C:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe |
"TCP Query User{E442A0B0-F572-4D24-B310-C33DF40C9FEC}C:\users\boris\appdata\local\temp\dsoclient\app.n3app" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\dsoclient\app.n3app |
"TCP Query User{EC134832-63E8-42AF-BB30-52B0C3A491A8}C:\users\boris\desktop\spiele\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\counter-strike source\hl2.exe |
"TCP Query User{EC34E1DA-D02E-4D86-B508-54B1CAFC91D6}C:\program files\xnormal\3.16.13\x86\coordinator.exe" = protocol=6 | dir=in | app=c:\program files\xnormal\3.16.13\x86\coordinator.exe |
"TCP Query User{EDB0961D-A6F7-4EBD-B17B-C1B6AB4FF95E}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe |
"TCP Query User{EF79D92C-5D28-4FD3-93EA-5090F30F926F}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{F0D97232-1EC7-4EB8-8984-BD06644BE0D3}C:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe |
"TCP Query User{F33AC4F1-4EBA-4981-9EB0-571512F86547}C:\udk\udk-2011-04\binaries\swarmagent.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-04\binaries\swarmagent.exe |
"TCP Query User{F3821BB0-9DFD-4787-9493-ADE16099DC02}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{F492F37C-849A-4FC3-87D4-B7698AF3669D}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{F92E44C5-7643-4D91-894C-44BCCF7A0FCD}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{FE6F0035-6221-4401-A4BE-1E9D401B684F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{FF8A7B8E-DFDF-44DA-94CB-89992778F85F}C:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{0151A2BF-32A7-4D76-B340-B33D97597F08}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{045D52F1-2CD8-49C4-809C-3B390AE4D4E8}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{05127824-4C81-445F-9D67-F61D280734BF}C:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{052990CF-4B5C-4D29-B93C-CD0EEE8A5D9D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{083D5889-9C48-42CD-808E-4D10047D2391}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{0A68D327-6070-44D1-A8A2-321AA2585586}C:\program files\java\jdk1.6.0_23\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_23\bin\java.exe |
"UDP Query User{0B1A0E88-18C0-4131-BBE5-8807E99D48BB}C:\users\boris\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\roaming\filehunter\pumpa.exe |
"UDP Query User{0B6095D2-1697-4C43-9C82-95FFFC533801}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{14022CA9-47BE-465A-BCEA-8B880AACB16D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{152468BB-E02E-4C0F-8823-8F1A18308E7D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{1E14CAF8-89E3-4B10-9E16-E265D82A5DC0}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"UDP Query User{1E41A05A-AD35-4C29-9B59-6F02FA0468B5}C:\program files\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\black & white\runblack.exe |
"UDP Query User{2292C245-7B10-4890-9467-DACC7842DB25}C:\udk\udk-2011-04\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udk.exe |
"UDP Query User{24FD5A2C-88EF-409A-B3A3-116417E95E22}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2ADE7731-AE6C-498B-ADF3-78116F08A21F}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe |
"UDP Query User{2B8FCBDB-9FEC-4D32-B8F6-AB52F9EFCE36}C:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe |
"UDP Query User{2D685F94-FD87-4B0F-BA42-5C4517C28970}C:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe |
"UDP Query User{2D97AD20-6B5D-49F2-87AF-C2756FA26369}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{2FDE7C13-0469-4092-B282-7042CA6AF82F}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=17 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe |
"UDP Query User{33FCFA65-0776-407E-A0F9-16F48F2628A9}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{349CF789-108E-4FBF-9F99-8FBEF6995928}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{3621C7CF-DA20-48FA-B661-4504DE9CC5A9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3862D31C-8EB1-42EB-BCC7-B56DDA97FC47}C:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe |
"UDP Query User{398B9CAE-4661-4B89-BAA1-14F97F15E88D}C:\program files\blitz3d\bin\blitzcc.exe" = protocol=17 | dir=in | app=c:\program files\blitz3d\bin\blitzcc.exe |
"UDP Query User{3DAB5E4A-6429-4A73-8D1D-64ECB6F7B6B5}C:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"UDP Query User{43FBA8BB-2ADA-48AE-A653-2D38868F7CC4}C:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{46E867DC-F92E-4C9A-A99E-E65032FA8BF8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4A29D028-1875-4DE2-A54D-B159AC8AD726}C:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe |
"UDP Query User{508DAA28-B9F1-4F38-93E2-5A918C449495}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{52EAAD1E-6A44-42AD-BE47-2C9AA8282D98}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{53CC166D-9A6B-440C-AE97-FDC018E1F52F}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{5CA333C3-2393-4CB6-8C43-A2458B5E07A7}C:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{5D0B9ABB-80FF-47F0-B3CF-E59F7402CDFD}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{5EEDDFF6-BC0B-4809-AE85-6B5BF1FB3070}C:\program files\xnormal\3.16.13\x86\coordinator.exe" = protocol=17 | dir=in | app=c:\program files\xnormal\3.16.13\x86\coordinator.exe |
"UDP Query User{61C08820-608B-4076-8D49-58623299AD36}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe |
"UDP Query User{67A078B9-E937-48EE-82AC-B8846624509C}C:\program files\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\stronghold3.exe |
"UDP Query User{6A8E5217-84A7-4D48-A63B-E4917345BACE}C:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe |
"UDP Query User{6C85AB3D-163C-4AA0-8027-27BBE7E20381}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{6D06211C-137B-4729-B798-EA1E410A8D79}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{6DDFF840-5DC5-4ADA-BBF7-DAF3E7BCB032}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{6F0CE591-5714-4178-B213-46C502D53E13}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{703379DA-58C7-4FCA-A716-D327B8FEF1CA}C:\users\boris\downloads\core\cwrealm.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\cwrealm.exe |
"UDP Query User{71D373C7-B443-4D7E-A118-3E80CC2EDB52}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7205C025-131E-4B6F-8BC8-D812399487B4}C:\udk\udk-2011-04\binaries\swarmagent.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-04\binaries\swarmagent.exe |
"UDP Query User{746048C6-E4E1-4C78-9AC8-9B159AE3C3AA}C:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe |
"UDP Query User{7C1D3DD9-E1EA-412A-BDCF-AC1FE4271B61}C:\program files\stronghold 3\bin\win32_release\mapeditor.exe" = protocol=17 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\mapeditor.exe |
"UDP Query User{8167A71D-0BAE-4DC0-BFBE-BDD8BD1111A6}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{874E3D56-F598-4BD0-9B85-4F80A84EF9B8}C:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe |
"UDP Query User{89DECFF4-E9DE-4184-AC85-80A89BB4D76C}C:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe |
"UDP Query User{8F6471CD-8FBC-4862-A1F8-C8E6390B82B6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8FBF5A62-94BB-46AD-ADBF-DB29E840EE7B}C:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe |
"UDP Query User{914DFAFF-7B1B-44F2-8396-7634B751203E}C:\program files\night\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files\night\mass effect 2\binaries\masseffect2.exe |
"UDP Query User{94A899CB-EC83-4F38-8C8A-44863F8630BE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{9712ABBC-9B35-4682-9DDC-8C690436CD98}C:\users\boris\downloads\core\cwcore.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\cwcore.exe |
"UDP Query User{9FE09C73-45E9-423C-91C9-8DFB594B9077}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{A77071BE-40C1-4C54-B1F1-096BB1CA08D4}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{A9B824AE-9249-46D0-B640-829B5E154B12}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{AA829504-18FF-47CF-9322-7B9CE00C2772}C:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe |
"UDP Query User{AAE51A5C-85AA-4AB5-930D-60E9D7BBC91E}C:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe |
"UDP Query User{AD8AE2BA-BFCD-44D8-A8EA-B8DCC17C5121}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{B005D980-3FE5-4EE4-80D1-915267186ECA}C:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe |
"UDP Query User{B5CD05D8-46EC-4F47-B4C3-41B1EC5D106C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{B810E388-E2EC-4F27-B301-5760F4FA460D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{B8CE9875-37FB-42F1-BFCB-822771DF46A3}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C0F135BF-03FA-4034-84FA-07A802C6654A}C:\users\boris\appdata\local\temp\dsoclient\app.n3app" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\dsoclient\app.n3app |
"UDP Query User{C7EAD287-6C8F-4292-967A-8B77F3C15C16}C:\program files\hypercube source\steamless.dll" = protocol=17 | dir=in | app=c:\program files\hypercube source\steamless.dll |
"UDP Query User{C9A53DFD-8B51-4333-BF1C-E8851100AF8A}C:\udk\udk-2011-04\binaries\win32\udkmobile.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udkmobile.exe |
"UDP Query User{D3861E9B-8083-4F6F-83E8-01270D5C675F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{D7863355-18B3-4A6B-86B0-AC650856A0DC}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe |
"UDP Query User{D9E63ED6-7875-4245-A910-448E904C00BC}C:\udk\hazard - journey of life demo\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\hazard - journey of life demo\binaries\win32\udk.exe |
"UDP Query User{E0782E38-CE26-4FB8-AE73-99E2DCEE0B94}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe |
"UDP Query User{E17D6295-5BB8-4C4D-92CB-619E339C3C3C}C:\program files\valve\hltv.exe" = protocol=17 | dir=in | app=c:\program files\valve\hltv.exe |
"UDP Query User{E1FF2836-73B3-48D6-AEA2-2D956561404D}C:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe |
"UDP Query User{E5E34105-1D7A-448D-B94D-63EC04DE25B8}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{E6830D94-2238-4A77-B506-5AAA59CAEBD6}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=17 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe |
"UDP Query User{E9114C9C-F50B-4442-860E-FD6094C760F2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{EAB75652-C838-4E61-9183-07B4F0EE7CC9}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{EC65006E-E787-4445-BD6B-4E7D75ADC562}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe |
"UDP Query User{EC74F221-ED84-486F-B802-93F5E403CB5A}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{ECACC013-C621-43B5-806F-E7959230BBA4}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"UDP Query User{EDF9C4FF-CC08-4AB3-A8A5-F4822C7825B7}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F0FF9C74-DE15-4F66-91D5-0B4FC7B1955C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F2060172-1131-45ED-9558-8BD0791DD2F6}C:\program files\the babylon project\fs2_open_3_6_9.exe" = protocol=17 | dir=in | app=c:\program files\the babylon project\fs2_open_3_6_9.exe |
"UDP Query User{F2A04A35-7274-48C1-985F-59981291F50A}C:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe |
"UDP Query User{F2E5146B-3225-4922-8D3E-D4ED88CB0CBF}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe |
"UDP Query User{FAF060B8-B4C2-43C0-AFFF-9C8C66E32669}C:\users\boris\desktop\spiele\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\counter-strike source\hl2.exe |
"UDP Query User{FB0C1D01-B124-4877-8B2C-DB5AF6375502}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B9CCE86-8E60-4CE5-AE03-26F79D4D8FA9}" = Item-mall
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2158685C-E2B3-4026-B0A1-0FFE31837AFD}" = PlayLinc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}" = Gothic 2 Gold
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{573576B6-2112-4679-BF42-C8D9CE2E4A29}" = Ace of Spades
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5C358088-A837-44EC-91D0-9FD06FF40896}" = Mobile Master
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C15DC29-040C-433F-B1AE-783D37E9C08B}" = Python 2.6 pygame-1.9.1
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{6EF7803B-4ADC-41F1-AFE7-E5A7931E5C4A}" = ArtRage Studio Pro
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{765E50AF-5550-4F7E-84F4-524D1BF2C49D}" = MSM2MSI_gstudio
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8DE8C34-7F51-4cc8-B326-C425793EE741}" = THE CHRONICLES OF RIDDICK: ESCAPE FROM BUTCHER BAY
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B7DDE586-D6F1-4CC7-8A2F-FCFF59F77D7D}" = OutcastDVD
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BD87B950-D3E0-11D3-BE74-0000E20392C2}" = Outcast
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C53F001E-5912-4E76-AC49-9AC20B36B1A2}" = MSM2MSI_gstudio
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.8
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blender" = Blender
"BlitzMax_is1" = BlitzMax1.36
"CyberGhost VPN_is1" = CyberGhost VPN
"DAEMON Tools Pro" = DAEMON Tools Pro
"DesktopIconAmazon" = Desktop Icon für Amazon
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Die Rückkehr zur Geheimnisvollen Insel 2_is1" = Die Rückkehr zur Geheimnisvollen Insel 2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EarthSculptor_is1" = EarthSculptor 1.05
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"eBay Icon" = eBay Icon
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fallout" = Fallout
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.3.920
"Free Audio Converter_is1" = Free Audio Converter version 2.3.815
"Free FLV Converter_is1" = Free FLV Converter V 6.7.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.4.1228
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GT Interactive - Driver" = GT Interactive - Driver
"Hardcore" = Hardcore
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"Legend of Grimrock_is1" = Legend of Grimrock
"LHTTSDUN" = L&H TTS3000 Nederlands
"LHTTSFRF" = L&H TTS3000 Français
"LHTTSGED" = L&H TTS3000 Deutsch
"LHTTSJPJ" = L&H TTS3000 Japanese
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MaPZone2.Free" = Allegorithmic MaPZone2.Free
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MinGW" = MinGW 5.1.3
"Mobile Master" = Mobile Master 7.7.4
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MySSID_is1" = Vtune 7.21
"Native Instruments Massive" = Native Instruments Massive
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office2007" = Microsoft Office Home and Student
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"PyQt GPL v4.6.2 for Python v2.6" = PyQt GPL v4.6.2 for Python v2.6
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Return to Mysterious Island" = Return to Mysterious Island
"Sawer" = Sawer
"ScapeMaker" = ScapeMaker
"ScummVM_is1" = ScummVM 1.2.1
"ST6UNST #1" = HeightmapCreator
"ST6UNST #2" = HeightmapCreator (C:\Program Files\HeightmapCreator\)
"Steam App 2130" = Dark Messiah Might and Magic Multi-Player
"Steam App 39500" = Gothic 3
"Steam App 41680" = Death and the Fly
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 91310" = Dead Island
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Theme Park World" = Theme Park World
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Tunngle beta_is1" = Tunngle beta
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"CodeBlocks" = CodeBlocks
"Dachon 4k" = Dachon 4k
"I-Doser v4" = I-Doser v4
"Miners4k" = Miners4k
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.05.2012 15:40:29 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2012 16:02:16 | Computer Name = Boris-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 04.05.2012 07:54:44 | Computer Name = Boris-PC | Source = MSSQL$SQLEXPRESS | ID = 8317
Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'
zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind
deaktiviert.
Error - 04.05.2012 07:55:41 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.05.2012 08:51:36 | Computer Name = Boris-PC | Source = MSSQL$SQLEXPRESS | ID = 8317
Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'
zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind
deaktiviert.
Error - 04.05.2012 08:52:07 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.05.2012 11:12:38 | Computer Name = Boris-PC | Source = MSSQL$SQLEXPRESS | ID = 8317
Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'
zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind
deaktiviert.
Error - 04.05.2012 11:13:27 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.05.2012 11:39:36 | Computer Name = Boris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.05.2012 11:39:37 | Computer Name = Boris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 04.05.2012 08:52:07 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.05.2012 08:52:07 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 04.05.2012 11:09:57 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 04.05.2012 11:10:00 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 04.05.2012 11:09:58 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 04.05.2012 11:10:00 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 04.05.2012 11:10:04 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 04.05.2012 11:10:04 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 04.05.2012 11:13:28 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.05.2012 11:13:28 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
[/Code] |
|
04.05.2012, 21:11
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malewarebytes scan mit vielen funden Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironto
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes,DefaultScope = {62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="
[2012.03.07 15:24:38 | 000,001,090 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\conduit.xml
[2012.03.09 08:25:10 | 000,001,292 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\funmoods.xml
[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-1.xml
[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-2.xml
[2012.03.09 08:25:10 | 000,000,901 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin.xml
[2009.10.16 19:46:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.09 08:25:10 | 000,002,050 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}: DhcpNameServer = 7.254.254.254
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell - "" = AutoRun
O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell\AutoRun\command - "" = L:\loader.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\win32\autorun\m4ck.exe
[2012.04.25 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11019
[2012.04.24 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11018
[2012.04.23 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11017
[2012.04.20 15:29:14 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11016
[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012.04.17 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11015
[2012.04.16 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11014
[2012.04.13 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11013
[2012.04.12 13:49:53 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11012
[2012.04.11 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\UAs
[2012.04.11 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11009
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:64217CD0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Files
C:\Windows\$NtUninstallKB9818$
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2012, 13:02
| #12 |
| | malewarebytes scan mit vielen funden Heute kam eine Meldung von Avira "C:\Users\Boris\Appdata\Roaming\BAcroIEHelpe122.dll" das soll ein RKIT/Agent.czcu sein ist das was bedenkliches? soll ich vllt nochmal den eset scan durchführen? edit: Sorry ich habe deine neuste antwort gar nicht bemerkt, da sie auf der zweiten seite war .erst jetzt fällt es mir auf als ich noch was geschrieben hab. avira hat mir noch kurz drauf 5 weitere meldungen gegeben TR/spy.banker.age13 so ich mach jetzt mal diesen otl fix. was bewirkt dieser fix? hier is das log das nach dem fixen kam: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}\ not found.
Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" removed from keyword.URL
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\conduit.xml moved successfully.
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\funmoods.xml moved successfully.
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
C:\Programme\icq\Internet Explorer\icq.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a91e5259-c309-11de-88be-0025113402db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a91e5259-c309-11de-88be-0025113402db}\ not found.
File L:\loader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\win32\autorun\m4ck.exe not found.
C:\Users\Boris\AppData\Roaming\11019\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11019 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11018\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11018 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11017\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11017 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11016\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11016 folder moved successfully.
C:\Windows\rundll16.exe folder moved successfully.
C:\Windows\logo1_.exe folder moved successfully.
C:\Users\Boris\AppData\Roaming\11015\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11015 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11014\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11014 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11013\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11013 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11012\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11012 folder moved successfully.
C:\Users\Boris\AppData\Roaming\UAs folder moved successfully.
C:\Users\Boris\AppData\Roaming\11009\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11009 folder moved successfully.
ADS C:\ProgramData\TEMP:64217CD0 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
Folder move failed. C:\Windows\$NtUninstallKB9818$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\Vorlagen folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Videos folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Startmenü folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Searches folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Saved Games folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Recent folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Pictures\Slide Shows folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Pictures folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Netzwerkumgebung folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Music\Playlists folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Music folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Lokale Einstellungen folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Links folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Favorites folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Eigene Dateien folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Druckumgebung folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Downloads folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Documents\Eigene Videos folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Documents\Eigene Musik folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Documents\Eigene Bilder folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Documents folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Desktop folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Contacts folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2011\Backups folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2011 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Templates folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programme folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Recent folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Speech\Files folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Speech folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\NK9TARKA folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Verlauf folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Sidebar\Gadgets folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Sidebar folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery\Original Images folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5NKMPNM folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUGUF235 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDHZW5F5 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YX8NGXU folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012050820120509 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\GameExplorer folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Burn folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Google\Custom Buttons folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Google\CrashReports folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Google folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Anwendungsdaten folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\Anwendungsdaten folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$ scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Boris
->Temp folder emptied: 50477492 bytes
->Temporary Internet Files folder emptied: 14573876 bytes
->Java cache emptied: 7289 bytes
->FireFox cache emptied: 821149206 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 66089 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2021561 bytes
RecycleBin emptied: 19902461 bytes
Total Files Cleaned = 866,00 mb
[EMPTYFLASH]
User: All Users
User: Boris
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.2 log created on 05082012_143219
Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB9818$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$ scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000000ABBB1933184CDD6FF not found!
Registry entries deleted on Reboot...
Geändert von burke (08.05.2012 um 13:45 Uhr) |
|
08.05.2012, 16:04
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malewarebytes scan mit vielen funden Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2012, 16:17
| #14 |
| | malewarebytes scan mit vielen funden hab den scan druchgeführt. kannst du denn jetzt schon genaueres sagen womit ichs vielleicht zu tun habe? wär nett wenn du die frage beantwortest Code:
ATTFilter 17:08:15.0010 4740 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:08:16.0960 4740 ============================================================
17:08:16.0960 4740 Current date / time: 2012/05/08 17:08:16.0960
17:08:16.0960 4740 SystemInfo:
17:08:16.0960 4740
17:08:16.0960 4740 OS Version: 6.0.6002 ServicePack: 2.0
17:08:16.0960 4740 Product type: Workstation
17:08:16.0960 4740 ComputerName: BORIS-PC
17:08:16.0960 4740 UserName: Boris
17:08:16.0960 4740 Windows directory: C:\Windows
17:08:16.0960 4740 System windows directory: C:\Windows
17:08:16.0960 4740 Processor architecture: Intel x86
17:08:16.0960 4740 Number of processors: 2
17:08:16.0960 4740 Page size: 0x1000
17:08:16.0960 4740 Boot type: Normal boot
17:08:16.0960 4740 ============================================================
17:08:17.0319 4740 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:08:17.0381 4740 ============================================================
17:08:17.0381 4740 \Device\Harddisk0\DR0:
17:08:17.0381 4740 MBR partitions:
17:08:17.0381 4740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x2382DAB0
17:08:17.0381 4740 ============================================================
17:08:17.0490 4740 C: <-> \Device\Harddisk0\DR0\Partition0
17:08:17.0490 4740 ============================================================
17:08:17.0490 4740 Initialize success
17:08:17.0490 4740 ============================================================
17:08:42.0669 4860 ============================================================
17:08:42.0669 4860 Scan started
17:08:42.0669 4860 Mode: Manual; SigCheck; TDLFS;
17:08:42.0669 4860 ============================================================
17:08:43.0277 4860 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:08:43.0355 4860 ACPI - ok
17:08:43.0433 4860 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
17:08:43.0433 4860 AdobeActiveFileMonitor6.0 - ok
17:08:43.0480 4860 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:08:43.0511 4860 adp94xx - ok
17:08:43.0542 4860 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:08:43.0558 4860 adpahci - ok
17:08:43.0605 4860 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:08:43.0620 4860 adpu160m - ok
17:08:43.0636 4860 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:08:43.0651 4860 adpu320 - ok
17:08:43.0698 4860 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:08:43.0761 4860 AeLookupSvc - ok
17:08:43.0807 4860 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:08:43.0854 4860 AFD - ok
17:08:43.0885 4860 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:08:43.0901 4860 agp440 - ok
17:08:43.0917 4860 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:08:43.0932 4860 aic78xx - ok
17:08:44.0057 4860 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:08:44.0151 4860 ALG - ok
17:08:44.0166 4860 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:08:44.0182 4860 aliide - ok
17:08:44.0213 4860 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:08:44.0213 4860 amdagp - ok
17:08:44.0229 4860 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:08:44.0244 4860 amdide - ok
17:08:44.0260 4860 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:08:44.0291 4860 AmdK7 - ok
17:08:44.0291 4860 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:08:44.0322 4860 AmdK8 - ok
17:08:44.0385 4860 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:08:44.0400 4860 AntiVirSchedulerService - ok
17:08:44.0431 4860 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:08:44.0447 4860 AntiVirService - ok
17:08:44.0494 4860 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:08:44.0525 4860 Appinfo - ok
17:08:44.0556 4860 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:08:44.0556 4860 arc - ok
17:08:44.0603 4860 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:08:44.0603 4860 arcsas - ok
17:08:44.0962 4860 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:08:44.0977 4860 aspnet_state - ok
17:08:45.0009 4860 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:08:45.0055 4860 AsyncMac - ok
17:08:45.0071 4860 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:08:45.0087 4860 atapi - ok
17:08:45.0118 4860 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
17:08:45.0149 4860 atksgt - ok
17:08:45.0196 4860 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:08:45.0227 4860 AudioEndpointBuilder - ok
17:08:45.0227 4860 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:08:45.0243 4860 Audiosrv - ok
17:08:45.0321 4860 Autodesk Licensing Service (17681266e789ba928cbed70dd58ee4b1) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
17:08:45.0321 4860 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:08:45.0321 4860 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:08:45.0352 4860 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
17:08:45.0367 4860 avgntflt - ok
17:08:45.0383 4860 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
17:08:45.0399 4860 avipbb - ok
17:08:45.0414 4860 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
17:08:45.0414 4860 avkmgr - ok
17:08:45.0477 4860 BazisVirtualCDBus (85939efff66a851c59a9c25d62e9e24c) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
17:08:45.0492 4860 BazisVirtualCDBus ( UnsignedFile.Multi.Generic ) - warning
17:08:45.0492 4860 BazisVirtualCDBus - detected UnsignedFile.Multi.Generic (1)
17:08:45.0508 4860 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:08:45.0555 4860 Beep - ok
17:08:45.0586 4860 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:08:45.0617 4860 BFE - ok
17:08:45.0664 4860 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:08:45.0742 4860 BITS - ok
17:08:45.0757 4860 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:08:45.0789 4860 blbdrive - ok
17:08:45.0804 4860 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:08:45.0835 4860 bowser - ok
17:08:45.0867 4860 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:08:45.0882 4860 BrFiltLo - ok
17:08:45.0898 4860 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:08:45.0945 4860 BrFiltUp - ok
17:08:45.0960 4860 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:08:45.0991 4860 Browser - ok
17:08:46.0038 4860 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:08:46.0147 4860 Brserid - ok
17:08:46.0194 4860 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:08:46.0241 4860 BrSerWdm - ok
17:08:46.0272 4860 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:08:46.0303 4860 BrUsbMdm - ok
17:08:46.0319 4860 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:08:46.0366 4860 BrUsbSer - ok
17:08:46.0413 4860 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
17:08:46.0444 4860 BthEnum - ok
17:08:46.0475 4860 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:08:46.0506 4860 BTHMODEM - ok
17:08:46.0537 4860 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:08:46.0569 4860 BthPan - ok
17:08:46.0647 4860 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
17:08:46.0678 4860 BTHPORT - ok
17:08:46.0725 4860 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
17:08:46.0756 4860 BthServ - ok
17:08:46.0771 4860 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
17:08:46.0803 4860 BTHUSB - ok
17:08:46.0818 4860 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:08:46.0865 4860 cdfs - ok
17:08:46.0881 4860 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:08:46.0912 4860 cdrom - ok
17:08:46.0943 4860 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:08:46.0974 4860 CertPropSvc - ok
17:08:47.0115 4860 CGVPNCliSrvc (13cee66949534cc98a7125174a6e502f) C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
17:08:47.0239 4860 CGVPNCliSrvc - ok
17:08:47.0364 4860 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:08:47.0395 4860 circlass - ok
17:08:47.0427 4860 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:08:47.0442 4860 CLFS - ok
17:08:47.0473 4860 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:47.0489 4860 clr_optimization_v2.0.50727_32 - ok
17:08:47.0536 4860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:08:47.0551 4860 clr_optimization_v4.0.30319_32 - ok
17:08:47.0583 4860 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:08:47.0583 4860 cmdide - ok
17:08:47.0598 4860 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
17:08:47.0614 4860 Compbatt - ok
17:08:47.0614 4860 COMSysApp - ok
17:08:47.0629 4860 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:08:47.0645 4860 crcdisk - ok
17:08:47.0645 4860 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:08:47.0692 4860 Crusoe - ok
17:08:47.0723 4860 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:08:47.0739 4860 CryptSvc - ok
17:08:47.0785 4860 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:08:47.0832 4860 DcomLaunch - ok
17:08:47.0879 4860 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:08:47.0910 4860 DfsC - ok
17:08:48.0019 4860 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:08:48.0238 4860 DFSR - ok
17:08:48.0347 4860 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:08:48.0378 4860 Dhcp - ok
17:08:48.0425 4860 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:08:48.0441 4860 disk - ok
17:08:48.0472 4860 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:08:48.0519 4860 Dnscache - ok
17:08:48.0550 4860 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:08:48.0565 4860 dot3svc - ok
17:08:48.0597 4860 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:08:48.0628 4860 DPS - ok
17:08:48.0675 4860 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:08:48.0690 4860 drmkaud - ok
17:08:48.0737 4860 dtsoftbus01 (16c5891c6d1fa0b5d9014f85a482eb20) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:08:48.0753 4860 dtsoftbus01 - ok
17:08:48.0799 4860 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:08:48.0815 4860 DXGKrnl - ok
17:08:48.0862 4860 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:08:48.0893 4860 E1G60 - ok
17:08:48.0909 4860 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:08:48.0940 4860 EapHost - ok
17:08:48.0987 4860 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:08:48.0987 4860 Ecache - ok
17:08:49.0049 4860 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:08:49.0065 4860 ehRecvr - ok
17:08:49.0096 4860 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:08:49.0127 4860 ehSched - ok
17:08:49.0143 4860 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:08:49.0158 4860 ehstart - ok
17:08:49.0205 4860 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:08:49.0236 4860 elxstor - ok
17:08:49.0283 4860 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:08:49.0345 4860 EMDMgmt - ok
17:08:49.0392 4860 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:08:49.0423 4860 ErrDev - ok
17:08:49.0517 4860 ETService (23112102bc2a8fe44b8ac44a05bdf4c3) C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
17:08:49.0517 4860 ETService ( UnsignedFile.Multi.Generic ) - warning
17:08:49.0517 4860 ETService - detected UnsignedFile.Multi.Generic (1)
17:08:49.0548 4860 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:08:49.0579 4860 EventSystem - ok
17:08:49.0626 4860 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:08:49.0673 4860 exfat - ok
17:08:49.0720 4860 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:08:49.0767 4860 fastfat - ok
17:08:49.0845 4860 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:08:49.0860 4860 fdc - ok
17:08:49.0891 4860 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:08:49.0907 4860 fdPHost - ok
17:08:49.0923 4860 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:08:49.0969 4860 FDResPub - ok
17:08:49.0985 4860 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:08:49.0985 4860 FileInfo - ok
17:08:50.0001 4860 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:08:50.0032 4860 Filetrace - ok
17:08:50.0110 4860 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:08:50.0157 4860 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:08:50.0157 4860 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:08:50.0172 4860 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:08:50.0219 4860 flpydisk - ok
17:08:50.0250 4860 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:08:50.0266 4860 FltMgr - ok
17:08:50.0328 4860 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:08:50.0422 4860 FontCache - ok
17:08:50.0469 4860 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:08:50.0469 4860 FontCache3.0.0.0 - ok
17:08:50.0500 4860 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:08:50.0531 4860 Fs_Rec - ok
17:08:50.0562 4860 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:08:50.0562 4860 gagp30kx - ok
17:08:50.0656 4860 GenericHidService - ok
17:08:50.0718 4860 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:08:50.0749 4860 gpsvc - ok
17:08:50.0859 4860 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:50.0859 4860 gupdate - ok
17:08:50.0874 4860 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:50.0874 4860 gupdatem - ok
17:08:50.0921 4860 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:08:50.0937 4860 gusvc - ok
17:08:50.0968 4860 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
17:08:50.0983 4860 hamachi - ok
17:08:51.0061 4860 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
17:08:51.0108 4860 Hamachi2Svc - ok
17:08:51.0217 4860 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\Windows\system32\DRIVERS\gan_adapter.sys
17:08:51.0233 4860 hamachi_oem ( UnsignedFile.Multi.Generic ) - warning
17:08:51.0233 4860 hamachi_oem - detected UnsignedFile.Multi.Generic (1)
17:08:51.0280 4860 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:08:51.0342 4860 HdAudAddService - ok
17:08:51.0389 4860 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:08:51.0451 4860 HDAudBus - ok
17:08:51.0467 4860 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:08:51.0514 4860 HidBth - ok
17:08:51.0545 4860 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:08:51.0592 4860 HidIr - ok
17:08:51.0623 4860 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:08:51.0623 4860 hidserv - ok
17:08:51.0654 4860 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:08:51.0685 4860 HidUsb - ok
17:08:51.0701 4860 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:08:51.0732 4860 hkmsvc - ok
17:08:51.0748 4860 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:08:51.0763 4860 HpCISSs - ok
17:08:51.0795 4860 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:08:51.0841 4860 HTTP - ok
17:08:51.0919 4860 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:08:51.0919 4860 i2omp - ok
17:08:51.0966 4860 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:08:51.0997 4860 i8042prt - ok
17:08:52.0029 4860 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:08:52.0029 4860 iaStorV - ok
17:08:52.0263 4860 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:08:52.0263 4860 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:08:52.0263 4860 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:08:52.0590 4860 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:08:52.0621 4860 idsvc - ok
17:08:52.0746 4860 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:08:52.0746 4860 iirsp - ok
17:08:52.0777 4860 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:08:52.0809 4860 IKEEXT - ok
17:08:52.0855 4860 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
17:08:52.0855 4860 int15 - ok
17:08:52.0965 4860 IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
17:08:53.0121 4860 IntcAzAudAddService - ok
17:08:53.0261 4860 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:08:53.0261 4860 intelide - ok
17:08:53.0292 4860 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:08:53.0323 4860 intelppm - ok
17:08:53.0355 4860 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:08:53.0370 4860 IPBusEnum - ok
17:08:53.0448 4860 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:08:53.0479 4860 IpFilterDriver - ok
17:08:53.0511 4860 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:08:53.0542 4860 iphlpsvc - ok
17:08:53.0557 4860 IpInIp - ok
17:08:53.0620 4860 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:08:53.0651 4860 IPMIDRV - ok
17:08:53.0667 4860 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:08:53.0698 4860 IPNAT - ok
17:08:53.0745 4860 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:08:53.0776 4860 IRENUM - ok
17:08:53.0807 4860 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:08:53.0823 4860 isapnp - ok
17:08:53.0869 4860 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:08:53.0885 4860 iScsiPrt - ok
17:08:53.0901 4860 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:08:53.0916 4860 iteatapi - ok
17:08:53.0916 4860 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:08:53.0932 4860 iteraid - ok
17:08:53.0947 4860 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:08:53.0963 4860 kbdclass - ok
17:08:53.0963 4860 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:08:53.0994 4860 kbdhid - ok
17:08:54.0025 4860 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
17:08:54.0041 4860 KeyIso - ok
17:08:54.0072 4860 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:08:54.0088 4860 KSecDD - ok
17:08:54.0150 4860 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:08:54.0213 4860 KtmRm - ok
17:08:54.0322 4860 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:08:54.0337 4860 LanmanServer - ok
17:08:54.0400 4860 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:08:54.0431 4860 LanmanWorkstation - ok
17:08:54.0478 4860 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
17:08:54.0478 4860 lirsgt - ok
17:08:54.0509 4860 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:08:54.0540 4860 lltdio - ok
17:08:54.0603 4860 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:08:54.0634 4860 lltdsvc - ok
17:08:54.0681 4860 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:08:54.0727 4860 lmhosts - ok
17:08:54.0759 4860 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:08:54.0759 4860 LSI_FC - ok
17:08:54.0774 4860 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:08:54.0790 4860 LSI_SAS - ok
17:08:54.0837 4860 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:08:54.0837 4860 LSI_SCSI - ok
17:08:54.0868 4860 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:08:54.0883 4860 luafv - ok
17:08:54.0930 4860 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:08:54.0930 4860 MBAMProtector - ok
17:08:55.0024 4860 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:08:55.0071 4860 MBAMService - ok
17:08:55.0102 4860 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
17:08:55.0117 4860 mcdbus ( UnsignedFile.Multi.Generic ) - warning
17:08:55.0117 4860 mcdbus - detected UnsignedFile.Multi.Generic (1)
17:08:55.0133 4860 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:08:55.0149 4860 Mcx2Svc - ok
17:08:55.0180 4860 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:08:55.0195 4860 megasas - ok
17:08:55.0227 4860 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:08:55.0258 4860 MegaSR - ok
17:08:55.0305 4860 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:08:55.0336 4860 MMCSS - ok
17:08:55.0383 4860 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:08:55.0429 4860 Modem - ok
17:08:55.0461 4860 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:08:55.0476 4860 monitor - ok
17:08:55.0554 4860 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:08:55.0570 4860 mouclass - ok
17:08:55.0585 4860 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:08:55.0617 4860 mouhid - ok
17:08:55.0632 4860 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:08:55.0632 4860 MountMgr - ok
17:08:55.0663 4860 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:08:55.0679 4860 mpio - ok
17:08:55.0695 4860 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:08:55.0710 4860 mpsdrv - ok
17:08:55.0741 4860 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:08:55.0773 4860 MpsSvc - ok
17:08:55.0804 4860 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:08:55.0804 4860 Mraid35x - ok
17:08:55.0835 4860 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:08:55.0882 4860 MRxDAV - ok
17:08:55.0913 4860 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:08:55.0944 4860 mrxsmb - ok
17:08:55.0975 4860 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:08:55.0991 4860 mrxsmb10 - ok
17:08:55.0991 4860 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:08:56.0022 4860 mrxsmb20 - ok
17:08:56.0038 4860 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:08:56.0053 4860 msahci - ok
17:08:56.0069 4860 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:08:56.0085 4860 msdsm - ok
17:08:56.0116 4860 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:08:56.0163 4860 MSDTC - ok
17:08:56.0194 4860 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:08:56.0225 4860 Msfs - ok
17:08:56.0256 4860 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:08:56.0256 4860 msisadrv - ok
17:08:56.0303 4860 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:08:56.0319 4860 MSiSCSI - ok
17:08:56.0334 4860 msiserver - ok
17:08:56.0365 4860 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:08:56.0397 4860 MSKSSRV - ok
17:08:56.0412 4860 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:08:56.0443 4860 MSPCLOCK - ok
17:08:56.0459 4860 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:08:56.0490 4860 MSPQM - ok
17:08:56.0521 4860 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:08:56.0537 4860 MsRPC - ok
17:08:56.0537 4860 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:08:56.0553 4860 mssmbios - ok
17:08:56.0599 4860 MSSQL$SQLEXPRESS - ok
17:08:56.0631 4860 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:08:56.0646 4860 MSSQLServerADHelper100 - ok
17:08:56.0662 4860 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:08:56.0693 4860 MSTEE - ok
17:08:56.0740 4860 MTOnlPktAlyX (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
17:08:56.0740 4860 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
17:08:56.0740 4860 MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
17:08:56.0771 4860 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:08:56.0787 4860 Mup - ok
17:08:56.0802 4860 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:08:56.0833 4860 napagent - ok
17:08:56.0865 4860 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:08:56.0880 4860 NativeWifiP - ok
17:08:56.0927 4860 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:08:56.0958 4860 NDIS - ok
17:08:57.0005 4860 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:08:57.0036 4860 NdisTapi - ok
17:08:57.0067 4860 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:08:57.0083 4860 Ndisuio - ok
17:08:57.0114 4860 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:08:57.0130 4860 NdisWan - ok
17:08:57.0145 4860 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:08:57.0161 4860 NDProxy - ok
17:08:57.0286 4860 Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:08:57.0317 4860 Nero BackItUp Scheduler 3 - ok
17:08:57.0379 4860 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:08:57.0426 4860 NetBIOS - ok
17:08:57.0442 4860 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:08:57.0473 4860 netbt - ok
17:08:57.0489 4860 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
17:08:57.0504 4860 Netlogon - ok
17:08:57.0535 4860 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:08:57.0567 4860 Netman - ok
17:08:57.0645 4860 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:57.0645 4860 NetMsmqActivator - ok
17:08:57.0660 4860 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:57.0660 4860 NetPipeActivator - ok
17:08:57.0691 4860 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:08:57.0723 4860 netprofm - ok
17:08:57.0723 4860 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:57.0738 4860 NetTcpActivator - ok
17:08:57.0738 4860 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:57.0754 4860 NetTcpPortSharing - ok
17:08:57.0785 4860 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:08:57.0785 4860 nfrd960 - ok
17:08:57.0816 4860 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:08:57.0847 4860 NlaSvc - ok
17:08:57.0957 4860 NMIndexingService (cd4326bc339f98de21aa07b208a305ae) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:08:57.0988 4860 NMIndexingService - ok
17:08:58.0019 4860 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:08:58.0035 4860 Npfs - ok
17:08:58.0050 4860 npggsvc - ok
17:08:58.0066 4860 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:08:58.0097 4860 nsi - ok
17:08:58.0144 4860 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:08:58.0159 4860 nsiproxy - ok
17:08:58.0237 4860 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:08:58.0284 4860 Ntfs - ok
17:08:58.0315 4860 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:08:58.0347 4860 ntrigdigi - ok
17:08:58.0378 4860 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:08:58.0409 4860 Null - ok
17:08:58.0471 4860 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
17:08:58.0471 4860 NVHDA - ok
17:08:58.0815 4860 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:08:59.0064 4860 nvlddmkm - ok
17:08:59.0158 4860 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:08:59.0173 4860 nvraid - ok
17:08:59.0189 4860 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:08:59.0205 4860 nvstor - ok
17:08:59.0220 4860 nvstor32 (4876e7c3184bdf50ede043fef616b867) C:\Windows\system32\DRIVERS\nvstor32.sys
17:08:59.0236 4860 nvstor32 - ok
17:08:59.0283 4860 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
17:08:59.0298 4860 nvsvc - ok
17:08:59.0454 4860 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:08:59.0595 4860 nvUpdatusService - ok
17:08:59.0751 4860 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:08:59.0766 4860 nv_agp - ok
17:08:59.0766 4860 NwlnkFlt - ok
17:08:59.0782 4860 NwlnkFwd - ok
17:08:59.0860 4860 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:08:59.0891 4860 odserv - ok
17:08:59.0938 4860 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:08:59.0985 4860 ohci1394 - ok
17:09:00.0031 4860 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:09:00.0047 4860 ose - ok
17:09:00.0094 4860 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:00.0156 4860 p2pimsvc - ok
17:09:00.0172 4860 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:00.0265 4860 p2psvc - ok
17:09:00.0297 4860 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:09:00.0343 4860 Parport - ok
17:09:00.0375 4860 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:09:00.0375 4860 partmgr - ok
17:09:00.0390 4860 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:09:00.0437 4860 Parvdm - ok
17:09:00.0453 4860 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:09:00.0484 4860 PcaSvc - ok
17:09:00.0515 4860 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:09:00.0515 4860 pci - ok
17:09:00.0546 4860 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:09:00.0546 4860 pciide - ok
17:09:00.0577 4860 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:09:00.0593 4860 pcmcia - ok
17:09:00.0640 4860 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:09:00.0702 4860 PEAUTH - ok
17:09:00.0749 4860 phmcd (635b51b680014b22df8030e57a4ea2c0) C:\Windows\system32\DRIVERS\phmcd.sys
17:09:00.0765 4860 phmcd - ok
17:09:00.0811 4860 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:09:00.0905 4860 pla - ok
17:09:00.0999 4860 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
17:09:01.0014 4860 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
17:09:01.0014 4860 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
17:09:01.0045 4860 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:09:01.0077 4860 PlugPlay - ok
17:09:01.0108 4860 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\Windows\system32\PnkBstrA.exe
17:09:01.0108 4860 PnkBstrA - ok
17:09:01.0139 4860 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:01.0201 4860 PNRPAutoReg - ok
17:09:01.0201 4860 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:01.0248 4860 PNRPsvc - ok
17:09:01.0295 4860 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:09:01.0342 4860 PolicyAgent - ok
17:09:01.0373 4860 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:09:01.0404 4860 PptpMiniport - ok
17:09:01.0451 4860 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:09:01.0467 4860 Processor - ok
17:09:01.0498 4860 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:09:01.0529 4860 ProfSvc - ok
17:09:01.0529 4860 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
17:09:01.0545 4860 ProtectedStorage - ok
17:09:01.0576 4860 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:09:01.0607 4860 PSched - ok
17:09:01.0623 4860 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
17:09:01.0623 4860 PxHelp20 - ok
17:09:01.0685 4860 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:09:01.0732 4860 ql2300 - ok
17:09:01.0763 4860 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:09:01.0779 4860 ql40xx - ok
17:09:01.0810 4860 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:09:01.0825 4860 QWAVE - ok
17:09:01.0841 4860 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:09:01.0857 4860 QWAVEdrv - ok
17:09:01.0857 4860 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:09:01.0903 4860 RasAcd - ok
17:09:01.0966 4860 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:09:01.0997 4860 RasAuto - ok
17:09:01.0997 4860 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:09:02.0044 4860 Rasl2tp - ok
17:09:02.0059 4860 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:09:02.0075 4860 RasMan - ok
17:09:02.0106 4860 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:09:02.0122 4860 RasPppoe - ok
17:09:02.0137 4860 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:09:02.0137 4860 RasSstp - ok
17:09:02.0200 4860 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:09:02.0231 4860 rdbss - ok
17:09:02.0247 4860 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:09:02.0278 4860 RDPCDD - ok
17:09:02.0325 4860 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:09:02.0356 4860 rdpdr - ok
17:09:02.0356 4860 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:09:02.0371 4860 RDPENCDD - ok
17:09:02.0403 4860 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:09:02.0434 4860 RDPWD - ok
17:09:02.0481 4860 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:09:02.0496 4860 RemoteAccess - ok
17:09:02.0512 4860 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:09:02.0527 4860 RemoteRegistry - ok
17:09:02.0574 4860 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
17:09:02.0590 4860 RFCOMM - ok
17:09:02.0637 4860 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
17:09:02.0668 4860 ROOTMODEM - ok
17:09:02.0699 4860 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:09:02.0730 4860 RpcLocator - ok
17:09:02.0777 4860 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:09:02.0824 4860 RpcSs - ok
17:09:02.0886 4860 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
17:09:02.0886 4860 RsFx0103 - ok
17:09:02.0917 4860 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:09:02.0964 4860 rspndr - ok
17:09:02.0980 4860 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
17:09:03.0027 4860 RTL8169 - ok
17:09:03.0042 4860 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
17:09:03.0058 4860 SamSs - ok
17:09:03.0073 4860 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:09:03.0089 4860 sbp2port - ok
17:09:03.0120 4860 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:09:03.0136 4860 SCardSvr - ok
17:09:03.0167 4860 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
17:09:03.0183 4860 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
17:09:03.0183 4860 SCDEmu - detected UnsignedFile.Multi.Generic (1)
17:09:03.0229 4860 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:09:03.0292 4860 Schedule - ok
17:09:03.0307 4860 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:09:03.0323 4860 SCPolicySvc - ok
17:09:03.0354 4860 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:09:03.0370 4860 SDRSVC - ok
17:09:03.0401 4860 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:09:03.0432 4860 secdrv - ok
17:09:03.0479 4860 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:09:03.0510 4860 seclogon - ok
17:09:03.0541 4860 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:09:03.0588 4860 SENS - ok
17:09:03.0635 4860 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:09:03.0666 4860 Serenum - ok
17:09:03.0697 4860 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:09:03.0729 4860 Serial - ok
17:09:03.0760 4860 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:09:03.0775 4860 sermouse - ok
17:09:03.0807 4860 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:09:03.0838 4860 SessionEnv - ok
17:09:03.0853 4860 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:09:03.0869 4860 sffdisk - ok
17:09:03.0885 4860 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:09:03.0916 4860 sffp_mmc - ok
17:09:03.0931 4860 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:09:03.0947 4860 sffp_sd - ok
17:09:03.0963 4860 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:09:03.0994 4860 sfloppy - ok
17:09:04.0025 4860 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:09:04.0072 4860 SharedAccess - ok
17:09:04.0087 4860 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:09:04.0134 4860 ShellHWDetection - ok
17:09:04.0150 4860 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:09:04.0165 4860 sisagp - ok
17:09:04.0181 4860 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:09:04.0197 4860 SiSRaid2 - ok
17:09:04.0212 4860 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:09:04.0228 4860 SiSRaid4 - ok
17:09:04.0337 4860 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:09:04.0446 4860 slsvc - ok
17:09:04.0571 4860 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:09:04.0602 4860 SLUINotify - ok
17:09:04.0649 4860 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:09:04.0665 4860 Smb - ok
17:09:04.0680 4860 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:09:04.0696 4860 SNMPTRAP - ok
17:09:04.0711 4860 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:09:04.0727 4860 spldr - ok
17:09:04.0743 4860 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:09:04.0774 4860 Spooler - ok
17:09:04.0836 4860 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
17:09:04.0836 4860 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
17:09:04.0836 4860 sptd ( LockedFile.Multi.Generic ) - warning
17:09:04.0836 4860 sptd - detected LockedFile.Multi.Generic (1)
17:09:04.0914 4860 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
17:09:04.0945 4860 SQLAgent$SQLEXPRESS - ok
17:09:04.0977 4860 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:09:04.0977 4860 SQLBrowser - ok
17:09:05.0008 4860 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:09:05.0008 4860 SQLWriter - ok
17:09:05.0101 4860 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:09:05.0179 4860 srv - ok
17:09:05.0211 4860 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:09:05.0257 4860 srv2 - ok
17:09:05.0304 4860 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:09:05.0304 4860 srvnet - ok
17:09:05.0335 4860 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:09:05.0367 4860 SSDPSRV - ok
17:09:05.0398 4860 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:09:05.0413 4860 ssmdrv - ok
17:09:05.0445 4860 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:09:05.0460 4860 SstpSvc - ok
17:09:05.0491 4860 Steam Client Service - ok
17:09:05.0523 4860 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:09:05.0538 4860 Stereo Service - ok
17:09:05.0585 4860 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:09:05.0616 4860 stisvc - ok
17:09:05.0632 4860 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:09:05.0632 4860 swenum - ok
17:09:05.0663 4860 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:09:05.0679 4860 swprv - ok
17:09:05.0710 4860 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:09:05.0710 4860 Symc8xx - ok
17:09:05.0741 4860 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:09:05.0741 4860 Sym_hi - ok
17:09:05.0757 4860 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:09:05.0757 4860 Sym_u3 - ok
17:09:05.0803 4860 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:09:05.0850 4860 SysMain - ok
17:09:05.0881 4860 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:09:05.0897 4860 TabletInputService - ok
17:09:05.0913 4860 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
17:09:05.0944 4860 tap0901 - ok
17:09:05.0959 4860 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys
17:09:05.0975 4860 tap0901t - ok
17:09:06.0022 4860 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:09:06.0053 4860 TapiSrv - ok
17:09:06.0084 4860 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys
17:09:06.0084 4860 TBPanel - ok
17:09:06.0115 4860 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:09:06.0147 4860 TBS - ok
17:09:06.0193 4860 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
17:09:06.0225 4860 Tcpip - ok
17:09:06.0240 4860 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
17:09:06.0271 4860 Tcpip6 - ok
17:09:06.0318 4860 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:09:06.0365 4860 tcpipreg - ok
17:09:06.0396 4860 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:09:06.0427 4860 TDPIPE - ok
17:09:06.0474 4860 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:09:06.0505 4860 TDTCP - ok
17:09:06.0521 4860 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:09:06.0552 4860 tdx - ok
17:09:06.0568 4860 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:09:06.0568 4860 TermDD - ok
17:09:06.0615 4860 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:09:06.0630 4860 TermService - ok
17:09:06.0677 4860 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:09:06.0693 4860 Themes - ok
17:09:06.0708 4860 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:09:06.0739 4860 THREADORDER - ok
17:09:06.0817 4860 TOSHIBA Bluetooth Service (ac88d258f20909eeb91796f490cfbb73) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:09:06.0833 4860 TOSHIBA Bluetooth Service - ok
17:09:06.0849 4860 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys
17:09:06.0864 4860 tosporte - ok
17:09:06.0895 4860 Tosrfbd (00371ce4da09b68ba0ff953e61820981) C:\Windows\system32\DRIVERS\tosrfbd.sys
17:09:06.0895 4860 Tosrfbd - ok
17:09:06.0927 4860 tosrfbnp (74392bab3f0d4810da8436ec79d6955d) C:\Windows\system32\Drivers\tosrfbnp.sys
17:09:06.0927 4860 tosrfbnp - ok
17:09:06.0958 4860 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys
17:09:06.0958 4860 Tosrfcom - ok
17:09:06.0973 4860 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys
17:09:06.0989 4860 Tosrfhid - ok
17:09:07.0020 4860 tosrfnds (b2a1a6538245fd69578224bbf2fd4677) C:\Windows\system32\DRIVERS\tosrfnds.sys
17:09:07.0020 4860 tosrfnds - ok
17:09:07.0051 4860 TosRfSnd (f1ca74cca8241d8b8a024aecc643c547) C:\Windows\system32\drivers\tosrfsnd.sys
17:09:07.0067 4860 TosRfSnd - ok
17:09:07.0083 4860 Tosrfusb (f400fb9616261a1b66e6d2e04b6c3538) C:\Windows\system32\DRIVERS\tosrfusb.sys
17:09:07.0083 4860 Tosrfusb - ok
17:09:07.0129 4860 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:09:07.0161 4860 TrkWks - ok
17:09:07.0192 4860 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:09:07.0207 4860 TrustedInstaller - ok
17:09:07.0239 4860 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:09:07.0254 4860 tssecsrv - ok
17:09:07.0348 4860 TuneUp.UtilitiesSvc (06569e1e2f7eb137abcebf753ceaac20) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
17:09:07.0395 4860 TuneUp.UtilitiesSvc - ok
17:09:07.0473 4860 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
17:09:07.0473 4860 TuneUpUtilitiesDrv - ok
17:09:07.0566 4860 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:09:07.0613 4860 tunmp - ok
17:09:07.0629 4860 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:09:07.0644 4860 tunnel - ok
17:09:07.0722 4860 TunngleService (4a531079746d39026d975d3b02f7e452) C:\Program Files\Tunngle\TnglCtrl.exe
17:09:07.0738 4860 TunngleService - ok
17:09:07.0785 4860 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:09:07.0800 4860 uagp35 - ok
17:09:07.0816 4860 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:09:07.0847 4860 udfs - ok
17:09:07.0878 4860 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:09:07.0894 4860 UI0Detect - ok
17:09:07.0909 4860 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:09:07.0909 4860 uliagpkx - ok
17:09:07.0956 4860 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:09:07.0956 4860 uliahci - ok
17:09:07.0987 4860 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:09:08.0003 4860 UlSata - ok
17:09:08.0019 4860 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:09:08.0034 4860 ulsata2 - ok
17:09:08.0050 4860 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:09:08.0081 4860 umbus - ok
17:09:08.0097 4860 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:09:08.0143 4860 upnphost - ok
17:09:08.0175 4860 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
17:09:08.0190 4860 usbaudio - ok
17:09:08.0206 4860 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:09:08.0237 4860 usbccgp - ok
17:09:08.0253 4860 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:09:08.0284 4860 usbcir - ok
17:09:08.0331 4860 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:09:08.0346 4860 usbehci - ok
17:09:08.0377 4860 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:09:08.0409 4860 usbhub - ok
17:09:08.0440 4860 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:09:08.0455 4860 usbohci - ok
17:09:08.0471 4860 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
17:09:08.0518 4860 usbprint - ok
17:09:08.0533 4860 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:09:08.0549 4860 USBSTOR - ok
17:09:08.0565 4860 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:09:08.0596 4860 usbuhci - ok
17:09:08.0611 4860 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:09:08.0627 4860 UxSms - ok
17:09:08.0658 4860 UxTuneUp (c400fee3b8c966685c6f6865a25a85a1) C:\Windows\System32\uxtuneup.dll
17:09:08.0674 4860 UxTuneUp - ok
17:09:08.0689 4860 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
17:09:08.0721 4860 VClone - ok
17:09:08.0736 4860 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:09:08.0799 4860 vds - ok
17:09:08.0830 4860 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:09:08.0861 4860 vga - ok
17:09:08.0877 4860 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:09:08.0908 4860 VgaSave - ok
17:09:08.0970 4860 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:09:08.0986 4860 viaagp - ok
17:09:09.0001 4860 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:09:09.0017 4860 ViaC7 - ok
17:09:09.0033 4860 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:09:09.0048 4860 viaide - ok
17:09:09.0064 4860 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:09:09.0064 4860 volmgr - ok
17:09:09.0095 4860 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:09:09.0111 4860 volmgrx - ok
17:09:09.0142 4860 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:09:09.0142 4860 volsnap - ok
17:09:09.0189 4860 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:09:09.0204 4860 vsmraid - ok
17:09:09.0267 4860 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:09:09.0345 4860 VSS - ok
17:09:09.0360 4860 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:09:09.0391 4860 W32Time - ok
17:09:09.0438 4860 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:09:09.0485 4860 WacomPen - ok
17:09:09.0501 4860 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:09.0516 4860 Wanarp - ok
17:09:09.0532 4860 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:09.0547 4860 Wanarpv6 - ok
17:09:09.0563 4860 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:09:09.0625 4860 wcncsvc - ok
17:09:09.0688 4860 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:09:09.0719 4860 WcsPlugInService - ok
17:09:09.0766 4860 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:09:09.0766 4860 Wd - ok
17:09:09.0797 4860 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:09:09.0813 4860 Wdf01000 - ok
17:09:09.0844 4860 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:09:09.0875 4860 WdiServiceHost - ok
17:09:09.0875 4860 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:09:09.0906 4860 WdiSystemHost - ok
17:09:09.0953 4860 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:09:09.0969 4860 WebClient - ok
17:09:09.0984 4860 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:09:10.0015 4860 Wecsvc - ok
17:09:10.0047 4860 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:09:10.0078 4860 wercplsupport - ok
17:09:10.0109 4860 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:09:10.0125 4860 WerSvc - ok
17:09:10.0187 4860 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:09:10.0203 4860 WinDefend - ok
17:09:10.0218 4860 WinHttpAutoProxySvc - ok
17:09:10.0265 4860 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:09:10.0296 4860 Winmgmt - ok
17:09:10.0343 4860 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:09:10.0405 4860 WinRM - ok
17:09:10.0468 4860 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:09:10.0515 4860 Wlansvc - ok
17:09:10.0577 4860 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:09:10.0593 4860 WmiAcpi - ok
17:09:10.0639 4860 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:09:10.0655 4860 wmiApSrv - ok
17:09:10.0749 4860 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:09:10.0811 4860 WMPNetworkSvc - ok
17:09:10.0827 4860 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:09:10.0858 4860 WPCSvc - ok
17:09:10.0889 4860 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:09:10.0936 4860 WPDBusEnum - ok
17:09:11.0076 4860 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:09:11.0154 4860 WPFFontCache_v0400 - ok
17:09:11.0217 4860 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:09:11.0263 4860 ws2ifsl - ok
17:09:11.0295 4860 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:09:11.0310 4860 wscsvc - ok
17:09:11.0310 4860 WSearch - ok
17:09:11.0404 4860 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:09:11.0497 4860 wuauserv - ok
17:09:11.0607 4860 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:09:11.0638 4860 WUDFRd - ok
17:09:11.0669 4860 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:09:11.0716 4860 wudfsvc - ok
17:09:11.0794 4860 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:09:11.0965 4860 \Device\Harddisk0\DR0 - ok
17:09:11.0965 4860 Boot (0x1200) (be59a3d3ddb7b3e33df394f5ce29595e) \Device\Harddisk0\DR0\Partition0
17:09:11.0965 4860 \Device\Harddisk0\DR0\Partition0 - ok
17:09:11.0965 4860 ============================================================
17:09:11.0965 4860 Scan finished
17:09:11.0965 4860 ============================================================
17:09:11.0981 1484 Detected object count: 11
17:09:11.0981 1484 Actual detected object count: 11
17:10:11.0479 1484 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0479 1484 BazisVirtualCDBus ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484 BazisVirtualCDBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0479 1484 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0479 1484 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0479 1484 hamachi_oem ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484 hamachi_oem ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0495 1484 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0495 1484 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0495 1484 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0495 1484 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0495 1484 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:10:11.0495 1484 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
08.05.2012, 17:53
| #15 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | malewarebytes scan mit vielen fundenZitat:
 Ich kann sagen was los sein könnte, aber das macht eine Aussage nicht genau Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu malewarebytes scan mit vielen funden |
| administrator, anti-malware, appdata, broken.opencommand, browser, dateien, dateisystem, desktop, explorer, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, install.exe, log, merkwürdig, microsoft, pup.funmoods, roaming, scan, system, trojan.agent, verbindung, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
