Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: malewarebytes scan mit vielen funden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.05.2012, 15:45   #1
burke
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



Guten Tag

Ich habe heute mein system mit dem quickscan von malewarebytes gescanned, da ich durch tuneup ein autostartprogramm entdeckt hab was mir recht merkwürdig vorkam der name war userinit die exe hieß appconf32.exe.
das habe ich gegoogelt und ein user dieses forums hat empfohlen windows komplett neu zu installieren und nur dateien zu behalten die keine exe sind und alle passwörter danach zu ändern.
da ich keine windows cd beim kauf meines pcs bekommen hab, entschied ich mich erstmal mein malewarebytes log hier zu scannen und auf empfehlungen zu warten. achja was mir auch beim scan aufgefallen ist und mich ziemlich erschrocken hat war das malewarebytes eine meldung anzeigte das es die verbindung zu einer gefährlichen website geschlossen habe.

hier der log:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.03.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Boris :: BORIS-PC [Administrator]

Schutz: Aktiviert

03.05.2012 16:10:24
mbam-log-2012-05-03 (16-10-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235187
Laufzeit: 7 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 24
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FUNMOODS (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods|UninstallString (PUP.Funmoods) -> Daten: "C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 2
C:\Program Files\Funmoods\funmoods\1.5.11.16 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\bh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 9
C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Boris\Desktop\grplauncher0.6.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Boris\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Vielen Dank schonmal für eure Mühe und Hilfe

Grüße

Alt 03.05.2012, 18:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 03.05.2012, 20:45   #3
burke
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



So ich habe jetzt nochmal einen Vollständigen Scan durchgeführt, der hat aber nichts gefunden. Meinst du es ist wirklich notwendig noch diesen Online Scan durchzuführen? und sollte ich jetzt besser all meine pws ändern?
__________________

Alt 04.05.2012, 10:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



Zitat:
Meinst du es ist wirklich notwendig noch diesen Online Scan durchzuführen?
Ja das ist eine Routineprüfung und die steht nicht zur Dekoration da so rum
Passwörter änderst du am besten von einem anderen sauberen Rechner aus oder kannst du ganz genau wissen, dass dieser Rechner doch nicht befallen ist? Ohne genaueren Analysen kann das niemand sagen

Alt 04.05.2012, 16:08   #5
burke
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



so habe den eset scan durchgeführt. hier die ergebnisse:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=074c8a48a8d04d4faaaefd06dfe39768
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-04 02:42:11
# local_time=2012-05-04 04:42:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 5015161 5015161 0 0
# compatibility_mode=5892 16776573 100 100 3240 173669175 0 0
# compatibility_mode=8192 67108863 100 0 238 238 0 0
# scanned=346790
# found=10
# cleaned=10
# scan_time=6083
C:\Program Files\DVDVideoSoft\Free Audio CD Burner\icon1045.exe	Win32/Adware.ADON application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Program Files\ICQ7.5\upgrade\2dcd1d63cb45e6613582211c3d5f4b23	Win32/OpenCandy application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Program Files\ICQ7.5\upgrade\53e83dd5315bfb1f928441c9b4618b68	Win32/OpenCandy application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Program Files\ICQ7.6\install_dll\OCSetupHlp.dll	Win32/OpenCandy application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files\Perfect Uninstaller\PU.exe	a variant of Win32/PerfectUninstaller application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\ProgramData\TrackMania\Cache\883C9B377792A06FEBC59FA4CFF3C10C_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png	HTML/Iframe.B.Gen virus (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Boris\AppData\Roaming\11019\components\AcroFF019.dll	probably a variant of Win32/Spy.Banker.XOS trojan (cleaned by deleting (after the next restart) - quarantined)	00000000000000000000000000000000	C
C:\Users\Boris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows\System32\BReWErS.dll	a variant of Win32/GameHack.D application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         


Alt 04.05.2012, 18:56   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



So viel zum Thema, dass da ja nichts mehr sein kann

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> malewarebytes scan mit vielen funden

Alt 04.05.2012, 19:16   #7
burke
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



erstmal danke für die hilfe soweit

was genau meinst du mit normalem modus?

zu 1. also eigentlich läuft alles normal bei meinem pc mir sind keine veränderungen aufgefallen ausser das einige windows updates nich installiert werden konnten und im startmenü steht das symbol installiert updates und fährt herrunter im ausschalt feld. wenn ich das anklicke steht es beim nächsten start immer noch da ich hab auch eine meldung vor etwas längerer zeit bekommen das 33 windows updates nicht installeirt werden konnten.

zu 2. ist schwer zu sagen da ich im laufe der jahre allen möglichen kram installiert, deinstalliert oder einfach installationsordner gelöscht ohne deinstallation aber eigentlich kommt mir nichts irgendwie merkwürdig oder verändert vor und alle programme laufen korrekt.

was meinst du zu diesem spy.banker trojaner im log könnte das einer sein der private daten von mir ausspioniert hat?

Alt 04.05.2012, 19:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Alt 04.05.2012, 20:22   #9
burke
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



hier das otl log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.05.2012 20:33:49 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Boris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 66,90% Memory free
6,23 Gb Paging File | 5,19 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,09 Gb Total Space | 36,44 Gb Free Space | 12,83% Space Free | Partition Type: NTFS
 
Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.04 20:29:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.02.09 11:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) -- C:\Programme\Tunngle\TnglCtrl.exe
PRC - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2009.11.09 14:35:50 | 000,072,704 | ---- | M] (Autodesk) -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe
PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\System32\HidService.exe
PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.08 17:21:09 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.02.10 19:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.09 14:35:50 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.21 04:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2009.01.11 08:07:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\System32\HidService.exe -- (GenericHidService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.02.09 11:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.01.31 09:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 09:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.04.17 16:58:04 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.08.11 22:59:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.11.17 17:43:20 | 000,134,808 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2009.11.09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.11.07 12:50:22 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.11.07 12:50:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009.08.28 12:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2009.08.05 15:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009.08.05 13:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009.07.28 21:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.24 12:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.06.19 10:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 10:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 12:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.11.06 07:33:58 | 000,043,928 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\phmcd.sys -- (phmcd)
DRV - [2008.07.16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.08.28 23:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gan_adapter.sys -- (hamachi_oem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=0709&m=imedia_d3860_ge
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ironto
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes,DefaultScope = {62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE349&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{8719298B-F26E-449B-9698-4542A1E7CA4B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE349
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.04 14:37:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 01:04:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\extensions\mail@shopping-preise.de
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\extensions\firejump@firejump.net
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boris\AppData\Roaming\11019 [2012.04.25 14:18:15 | 000,000,000 | ---D | M]
 
[2009.10.16 18:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Extensions
[2012.04.04 15:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\j1lg8v7j.default\extensions
[2012.03.30 18:40:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\j1lg8v7j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.07 15:24:38 | 000,001,090 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\conduit.xml
[2012.03.09 08:25:10 | 000,001,292 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\funmoods.xml
[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-1.xml
[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-2.xml
[2012.03.09 08:25:10 | 000,000,901 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin.xml
[2012.04.05 14:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.10.16 19:46:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.04.05 14:28:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.01.26 00:38:26 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.04.25 14:18:15 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\BORIS\APPDATA\ROAMING\11019
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\mozilla firefox\plugins\NPOP7PlugIn.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.09 08:25:10 | 000,002,050 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-209655109-2756548685-674970729-1010..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36931A3B-291C-4867-B965-612740A42758}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F39D017-B652-4270-AB6F-6878927A7424}: DhcpNameServer = 193.22.254.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Boris\Pictures\Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Boris\Pictures\Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell - "" = AutoRun
O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell\AutoRun\command - "" = L:\loader.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\win32\autorun\m4ck.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.04 20:29:36 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
[2012.05.04 14:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.03 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Malwarebytes
[2012.05.03 16:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 16:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 16:08:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 16:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.03 09:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black and White
[2012.05.03 09:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Black & White
[2012.04.29 00:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dead Island
[2012.04.25 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11019
[2012.04.24 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11018
[2012.04.23 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11017
[2012.04.21 12:25:04 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2012.04.21 12:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2012.04.20 15:29:14 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11016
[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012.04.17 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11015
[2012.04.16 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11014
[2012.04.14 21:10:37 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.04.14 13:56:56 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.04.14 13:56:56 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.04.14 13:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.04.14 13:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.04.13 14:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012.04.13 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012.04.13 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11013
[2012.04.12 13:49:53 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11012
[2012.04.12 04:04:54 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\Almost Human
[2012.04.12 03:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Legend of Grimrock
[2012.04.11 23:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Interplay
[2012.04.11 23:14:42 | 000,052,224 | ---- | C] (Interplay Productions) -- C:\Windows\ipuninst.exe
[2012.04.11 23:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interplay
[2012.04.11 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\UAs
[2012.04.11 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11009
[2012.04.09 17:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlitzMax
[2012.04.08 23:18:36 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe
[2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2012.04.05 14:44:38 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2012.04.05 14:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2012.04.05 14:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Boris\AppData\Roaming\*.tmp files -> C:\Users\Boris\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.04 20:29:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe
[2012.05.04 20:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.04 19:12:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 19:12:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 18:11:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.05.04 17:19:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.04 17:12:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.05.04 17:12:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.04 17:10:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.04 17:10:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.05.04 13:53:59 | 000,321,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.03 16:08:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.03 16:01:57 | 000,218,600 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe113.dll
[2012.05.03 16:01:57 | 000,007,368 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe113.dll
[2012.05.03 16:01:53 | 000,000,016 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\blckdom.res
[2012.05.03 09:37:01 | 000,001,711 | ---- | M] () -- C:\Users\Boris\Desktop\Black and White.lnk
[2012.05.01 17:19:14 | 000,000,011 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\urhtps.dat
[2012.04.30 17:30:54 | 000,218,600 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe112.dll
[2012.04.30 17:30:54 | 000,007,368 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe112.dll
[2012.04.29 01:17:19 | 000,001,426 | ---- | M] () -- C:\Users\Boris\Desktop\Dead Island.lnk
[2012.04.20 15:28:18 | 000,012,288 | ---- | M] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.20 14:13:59 | 000,929,124 | ---- | M] () -- C:\Users\Boris\Documents\pinfect.zip
[2012.04.20 10:26:37 | 000,000,055 | ---- | M] () -- C:\Windows\Lic.xxx
[2012.04.20 10:08:19 | 000,001,356 | ---- | M] () -- C:\Users\Boris\AppData\Local\d3d9caps.dat
[2012.04.14 13:56:54 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.04.13 14:40:00 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk
[2012.04.11 23:42:44 | 000,052,224 | ---- | M] (Interplay Productions) -- C:\Windows\ipuninst.exe
[2012.04.10 16:27:08 | 000,330,195 | ---- | M] () -- C:\Users\Boris\.recently-used.xbel
[2012.04.05 15:27:04 | 000,001,075 | ---- | M] () -- C:\Users\Boris\Desktop\ArtRage Studio Pro.lnk
[2012.04.05 15:17:26 | 023,146,296 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2012.04.05 14:44:37 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Boris\AppData\Roaming\*.tmp files -> C:\Users\Boris\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.03 16:08:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.03 16:01:57 | 000,218,600 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe113.dll
[2012.05.03 16:01:57 | 000,007,368 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe113.dll
[2012.05.03 09:36:10 | 000,001,711 | ---- | C] () -- C:\Users\Boris\Desktop\Black and White.lnk
[2012.05.03 09:31:11 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2012.05.01 17:19:14 | 000,000,011 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\urhtps.dat
[2012.04.30 17:30:54 | 000,218,600 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe112.dll
[2012.04.30 17:30:54 | 000,007,368 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe112.dll
[2012.04.29 01:17:19 | 000,001,426 | ---- | C] () -- C:\Users\Boris\Desktop\Dead Island.lnk
[2012.04.20 10:07:56 | 000,929,124 | ---- | C] () -- C:\Users\Boris\Documents\pinfect.zip
[2012.04.14 13:56:54 | 000,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.04.14 13:56:54 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.04.13 14:40:00 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk
[2012.04.12 13:49:11 | 000,000,827 | ---- | C] () -- C:\Users\Boris\Desktop\LogMeIn Hamachi.lnk
[2012.04.10 16:27:08 | 000,330,195 | ---- | C] () -- C:\Users\Boris\.recently-used.xbel
[2012.04.05 15:27:04 | 000,001,075 | ---- | C] () -- C:\Users\Boris\Desktop\ArtRage Studio Pro.lnk
[2012.04.05 15:16:03 | 023,146,296 | ---- | C] () -- C:\Windows\REGBK00.ZIP
[2012.04.05 14:45:12 | 000,000,055 | ---- | C] () -- C:\Windows\Lic.xxx
[2012.04.03 22:32:49 | 000,000,016 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\blckdom.res
[2012.03.22 20:44:39 | 000,000,041 | ---- | C] () -- C:\Windows\MinGW.INI
[2012.03.07 15:24:40 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.12.01 16:21:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.10.23 12:36:59 | 000,000,000 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\EasyToolz.ini
[2011.09.17 23:56:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.08.05 14:22:43 | 000,000,075 | ---- | C] () -- C:\Windows\Flarium24.INI
[2011.06.27 13:38:06 | 000,000,240 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\wklnhst.dat
[2011.05.29 16:00:01 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll
[2011.05.29 16:00:01 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll
[2011.05.29 16:00:01 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll
[2011.05.29 16:00:01 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll
[2011.01.08 14:30:57 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.12.13 17:33:39 | 000,107,292 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.11.24 16:37:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.10.23 20:41:58 | 000,000,306 | ---- | C] () -- C:\Windows\W2W.ini
[2010.10.23 19:49:41 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2010.07.22 03:21:26 | 040,490,118 | -HS- | C] () -- C:\Windows\mb_warband_upgrade_1100_to_1113.exe
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.05.23 22:47:23 | 000,000,549 | ---- | C] () -- C:\Windows\eReg.dat
 
========== LOP Check ==========
 
[2012.05.03 21:36:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.minecraft
[2012.04.08 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.Nitrous
[2011.02.08 21:11:53 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.visualvm
[2012.04.03 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11006
[2012.04.11 22:30:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11009
[2012.04.12 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11012
[2012.04.13 13:41:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11013
[2012.04.16 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11014
[2012.04.17 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11015
[2012.04.20 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11016
[2012.04.23 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11017
[2012.04.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11018
[2012.04.25 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11019
[2010.04.18 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\acccore
[2010.08.18 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Acoustica
[2011.08.22 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ambient Design
[2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Avaq
[2009.10.16 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Blender Foundation
[2011.09.18 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Braid
[2010.05.22 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Bump Technologies, Inc
[2010.08.11 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Lite
[2011.04.17 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Pro
[2009.10.22 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Desktopicon
[2012.03.07 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DesktopIconForAmazon
[2012.03.06 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Dev-Cpp
[2012.01.22 18:07:26 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoft
[2011.04.11 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.20 00:10:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\EasyMangosHandler
[2010.01.06 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Engelmann Media
[2011.07.16 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FileHunter
[2011.05.22 14:13:50 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Firefly Studios
[2010.03.12 22:51:01 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FOG Downloader
[2010.01.22 13:01:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FreeFLVConverter
[2011.06.20 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FUEL
[2011.07.31 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GetRightToGo
[2011.01.26 01:14:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GrabPro
[2012.03.26 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\gtk-2.0
[2012.04.04 01:27:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Gutep
[2010.01.28 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Hunspell
[2012.05.04 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ
[2011.01.26 00:14:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Iggels
[2011.04.17 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ImgBurn
[2012.02.25 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\IrfanView
[2012.04.05 17:32:10 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Irit
[2010.11.24 17:11:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Jumping Bytes
[2012.03.17 17:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Kittomer Studios
[2012.04.03 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\kock
[2010.08.08 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LEGO Company
[2010.06.19 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient
[2010.12.05 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\mathegrafix
[2011.06.21 12:53:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MAXON
[2009.10.22 15:37:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MilkShape 3D 1.x.x
[2010.11.24 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mobile Master
[2010.05.26 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mount&Blade Warband
[2011.07.20 13:55:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NCH Swift Sound
[2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ocpode
[2012.03.07 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OCS
[2010.01.21 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org
[2011.03.30 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera
[2012.04.04 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Orbit
[2010.10.10 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PACE Anti-Piracy
[2011.01.26 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\phonostar GmbH
[2011.01.26 00:20:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ProgSense
[2011.01.26 01:18:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar
[2010.09.08 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Registry Mechanic
[2010.09.07 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sakura
[2009.12.21 15:19:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ScummVM
[2009.10.22 14:03:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\smc
[2009.10.22 01:18:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sony
[2010.04.25 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Spiral Graphics
[2010.09.20 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SPORE
[2010.08.18 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SynthMaker
[2009.10.16 17:48:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\T-Online
[2012.04.03 20:24:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2010.04.04 23:49:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Teeworlds
[2011.06.27 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Template
[2010.05.02 11:16:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Texture Maker
[2011.06.25 20:25:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Thinstall
[2010.12.03 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TS3Client
[2012.03.11 15:52:59 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TuneUp Software
[2011.10.09 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Tunngle
[2010.10.17 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Turbine
[2012.04.11 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\UAs
[2010.04.17 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ubisoft
[2011.04.06 14:59:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ultra Fractal 5
[2010.11.11 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Uniblue
[2011.03.30 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Unity
[2010.01.17 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utherverse
[2012.04.19 14:29:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\uTorrent
[2012.04.05 18:05:49 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utysik
[2012.04.05 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wafeo
[2010.09.06 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wildlife Park 2
[2012.04.11 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\xmldm
[2010.08.09 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\XRay Engine
[2011.02.10 18:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\YoWindow
[2012.04.20 16:42:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ziymqa
[2012.04.04 01:29:19 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Zoco
[2012.05.04 17:10:21 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.03 21:36:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.minecraft
[2012.04.08 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.Nitrous
[2011.02.08 21:11:53 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.visualvm
[2012.04.03 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11006
[2012.04.11 22:30:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11009
[2012.04.12 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11012
[2012.04.13 13:41:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11013
[2012.04.16 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11014
[2012.04.17 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11015
[2012.04.20 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11016
[2012.04.23 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11017
[2012.04.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11018
[2012.04.25 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11019
[2010.04.18 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\acccore
[2010.08.18 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Acoustica
[2012.02.25 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Adobe
[2011.08.22 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ambient Design
[2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Avaq
[2012.03.07 15:04:31 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Avira
[2009.10.16 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Blender Foundation
[2011.09.18 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Braid
[2010.05.22 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Bump Technologies, Inc
[2012.04.18 14:21:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\codeblocks
[2010.08.11 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Lite
[2011.04.17 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Pro
[2009.10.22 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Desktopicon
[2012.03.07 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DesktopIconForAmazon
[2012.03.06 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Dev-Cpp
[2010.12.05 04:15:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DivX
[2010.08.28 23:42:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\dvdcss
[2012.01.22 18:07:26 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoft
[2011.04.11 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.20 00:10:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\EasyMangosHandler
[2010.01.06 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Engelmann Media
[2011.07.16 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FileHunter
[2011.05.22 14:13:50 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Firefly Studios
[2010.03.12 22:51:01 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FOG Downloader
[2010.01.22 13:01:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FreeFLVConverter
[2011.06.20 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FUEL
[2011.07.31 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GetRightToGo
[2009.10.16 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Google
[2011.01.26 01:14:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GrabPro
[2012.03.26 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\gtk-2.0
[2012.04.04 01:27:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Gutep
[2012.04.03 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Help
[2010.01.28 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Hunspell
[2012.05.04 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ
[2012.04.03 20:28:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Identities
[2011.01.26 00:14:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Iggels
[2011.04.17 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ImgBurn
[2010.09.05 17:23:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\InstallShield
[2010.09.05 17:24:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\InstallShield Installation Information
[2012.02.25 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\IrfanView
[2012.04.05 17:32:10 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Irit
[2010.11.24 17:11:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Jumping Bytes
[2012.03.17 17:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Kittomer Studios
[2012.04.03 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\kock
[2010.08.08 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LEGO Company
[2010.06.19 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient
[2009.10.16 18:29:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Macromedia
[2012.05.03 16:08:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Malwarebytes
[2010.12.05 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\mathegrafix
[2011.06.21 12:53:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MAXON
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Media Center Programs
[2012.04.15 12:59:33 | 000,000,000 | --SD | M] -- C:\Users\Boris\AppData\Roaming\Microsoft
[2009.10.22 15:37:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MilkShape 3D 1.x.x
[2010.11.24 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mobile Master
[2010.05.26 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mount&Blade Warband
[2010.10.17 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mozilla
[2011.07.20 13:57:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NCH Software
[2011.07.20 13:55:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NCH Swift Sound
[2009.10.18 09:23:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Nero
[2012.02.04 12:47:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NVIDIA
[2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ocpode
[2012.03.07 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OCS
[2010.01.21 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org
[2011.03.30 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera
[2012.04.04 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Orbit
[2010.10.10 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PACE Anti-Piracy
[2011.01.26 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\phonostar GmbH
[2011.01.26 00:20:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ProgSense
[2011.01.26 01:18:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar
[2010.04.25 14:15:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Reallusion
[2010.09.08 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Registry Mechanic
[2010.09.07 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sakura
[2009.12.21 15:19:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ScummVM
[2010.01.31 05:22:56 | 000,000,000 | RH-D | M] -- C:\Users\Boris\AppData\Roaming\SecuROM
[2011.09.27 08:47:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Skype
[2011.09.27 08:47:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\skypePM
[2009.10.22 14:03:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\smc
[2009.10.22 01:18:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sony
[2010.04.25 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Spiral Graphics
[2010.09.20 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SPORE
[2010.08.18 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SynthMaker
[2009.10.16 17:48:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\T-Online
[2009.10.24 13:00:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\teamspeak2
[2012.04.03 20:24:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer
[2010.04.04 23:49:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Teeworlds
[2011.06.27 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Template
[2010.05.02 11:16:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Texture Maker
[2011.06.25 20:25:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Thinstall
[2010.12.03 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TS3Client
[2012.03.11 15:52:59 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TuneUp Software
[2011.10.09 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Tunngle
[2010.10.17 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Turbine
[2012.04.11 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\UAs
[2010.04.17 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ubisoft
[2011.04.06 14:59:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ultra Fractal 5
[2010.11.11 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Uniblue
[2011.03.30 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Unity
[2010.01.17 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utherverse
[2012.04.19 14:29:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\uTorrent
[2012.04.05 18:05:49 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utysik
[2012.04.04 10:24:52 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\vlc
[2012.04.05 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wafeo
[2010.09.06 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wildlife Park 2
[2012.03.06 16:04:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Winamp
[2009.10.18 09:41:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\WinRAR
[2011.02.02 23:23:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Xfire
[2012.04.11 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\xmldm
[2010.08.09 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\XRay Engine
[2011.02.10 18:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\YoWindow
[2012.04.20 16:42:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ziymqa
[2012.04.04 01:29:19 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Zoco
 
< %APPDATA%\*.exe /s >
[2009.10.22 21:43:13 | 000,031,836 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Desktopicon\uninst.exe
[2012.03.07 15:24:39 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Boris\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2006.05.24 19:10:42 | 000,455,600 | ---- | M] (Macrovision Corporation) -- C:\Users\Boris\AppData\Roaming\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe
[2010.06.19 17:01:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Boris\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.04.17 19:32:58 | 000,018,944 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{2158685C-E2B3-4026-B0A1-0FFE31837AFD}\Icon2158685C.exe
[2009.11.14 21:26:49 | 000,004,608 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}\Icon40FE74B5.exe
[2010.05.09 00:12:34 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2010.05.09 00:12:34 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2010.05.09 00:12:35 | 000,008,854 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2009.10.22 18:09:08 | 000,010,134 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2007.09.18 03:37:18 | 000,262,144 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\NCH Software\Components\flacdec2\flacdec2.exe
[2007.08.29 15:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
[2012.03.07 15:24:34 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Boris\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2012.03.07 15:24:34 | 000,040,960 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.01.26 00:38:24 | 000,704,248 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar\unins000.exe
[2010.03.03 15:58:22 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar\Update.exe
[2006.09.23 20:43:58 | 001,707,856 | ---- | M] (Microsoft Corporation) -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\instmsi.exe
[2006.09.23 20:44:22 | 001,821,008 | ---- | M] (Microsoft Corporation) -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\instmsiw.exe
[2006.10.25 10:04:20 | 003,608,576 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\mm.exe
[2006.09.15 09:45:20 | 006,955,008 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
[2006.09.23 20:44:34 | 000,054,784 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\SteamInstall_German.exe
[2006.09.23 20:44:30 | 000,111,419 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\steam_setup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73\IDE\WinVista\sata_ide\nvstor32.sys
[2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys
[2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys
[2007.10.31 05:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73\IDE\WinVista\sataraid\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.08.11 22:59:58 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB9818$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:64217CD0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---

[/Code]

Alt 04.05.2012, 20:24   #10
burke
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



ich doppelposte hier weils zu viele zeichen hatte

hier das extra file von otl

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.05.2012 20:33:49 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Boris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 66,90% Memory free
6,23 Gb Paging File | 5,19 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,09 Gb Total Space | 36,44 Gb Free Space | 12,83% Space Free | Partition Type: NTFS
 
Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16D405D8-F953-4DD2-8A5A-9D9EEE5E9D80}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{17B3D5C0-C61F-4A1D-AE96-DB4863AE9408}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1880B996-7A9C-4A57-8AF0-C9FE315632C8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{25EBCB20-10A0-4D7C-BC80-9E80ADD4D11C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2B664397-F9B2-4D16-8588-DD0B33C648CB}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher | 
"{2BF801DC-8D92-4297-BA60-6BE572437D4B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{31A13E34-FC45-4133-97CF-2B8AB2577377}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{38AE8D31-C9A9-4044-8FF0-4325890B1025}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher | 
"{38CE5D1D-57DE-4F2D-9F3E-4C1213C7B982}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher | 
"{3D1382CF-C86E-46D4-9BB6-D72D165B5D28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D3D50F1-FA05-4493-84F9-6851DDA703D4}" = lport=6923 | protocol=6 | dir=in | name=league of legends launcher | 
"{3DBB8EA1-638D-4481-AEE5-425EB4AABF94}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3F93DC00-70C9-45C7-9F33-1DC3487C1423}" = lport=25565 | protocol=6 | dir=in | name=minecraft | 
"{491DF767-ACFF-488D-B3E2-13B9D3ECE459}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher | 
"{4A0D7FB0-D95D-4265-B8EC-9524EAEEAFBA}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher | 
"{539B7996-E722-4F32-AA95-3CFFA52EBDA0}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher | 
"{636D8103-85B0-4D46-8869-41342380A226}" = rport=138 | protocol=17 | dir=out | app=system | 
"{769B59E4-4E71-43DD-9709-14F1AC9B29EE}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher | 
"{76FE37F4-FB8E-4694-AC00-E01B3C54F178}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7B1455CA-FB24-40D7-8ACE-5125AB45202D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7D781E32-3A4B-4044-97C5-A042C35ECF6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{7D7AEE22-AB39-4BFE-A4E4-EF230FBBE7A2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7D92076E-F5AB-4B69-8FDE-8A0BF3E52C08}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8609416A-58AB-4017-9958-5360EED02861}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9182E02F-DEA2-497B-9E62-D3CDAEB09D98}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher | 
"{91F4EDE9-1B58-4017-AC67-9DF41DC4D106}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher | 
"{923751DB-1BCC-4249-869D-0C955CF5B200}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher | 
"{926DD65B-F4F5-43B0-88CF-1E70CD878CC8}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher | 
"{943746CF-6B73-45EF-A298-6543F36AEC21}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{94522379-6B1D-40E0-AD44-EDA41167B7AD}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{99E79BB5-6A90-4C09-9A86-321B7D8C3C9C}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher | 
"{9FA029B4-32FA-4778-8AF7-F5947BFF6D46}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{B23104C8-BF71-4A5E-95A8-3C7181F13860}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher | 
"{B25F2FEC-25FD-4A45-92BB-151C86DE53EF}" = lport=6923 | protocol=17 | dir=in | name=league of legends launcher | 
"{B8396BF4-AA93-4945-9EFE-8003C7A6AE99}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C962D8B7-2BE9-42B4-977A-6CBEF83A56D8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{E37E8B01-AE88-45DA-8905-CC4ECA288F99}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{E701D24A-3D94-419A-B5A6-FFCF74E01C8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9A92223-0E73-47DE-97F0-EF8677D933D3}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher | 
"{EE77F615-FD06-467C-AD45-7B1CF6CED0F5}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{F04E04D7-5B9D-428B-8503-D96897711EFD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FA0AE466-264D-4C90-8459-C198216F7CFC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FEF6969A-DFF2-43DD-A0B3-38D739C54C33}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DE0583-4297-4138-BBA8-71B214473385}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{045BBE7C-8422-490A-994F-FC7D87EDBAA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{05FF2AB3-4724-488A-A325-EE933EEE1F27}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{0BC3232B-49C1-4ACB-BD04-389910DC7D88}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe | 
"{0CD46D83-20CC-487D-B960-E4CEE2D218CE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0E3D17A6-B201-499B-8662-62A9D1096363}" = protocol=17 | dir=in | app=c:\users\boris\desktop\minecraft_server.exe | 
"{0EA6539E-BA88-4175-8D37-C759C420402E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1318CF1E-BD35-4CC2-B2AB-74335E31B95A}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{144B9E9F-195E-4876-AB4D-B77E3EDFF8B5}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"{19104522-D34F-4C4D-A344-3BF9B9A60131}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00a8cbd9\installer.exe | 
"{1AAFFC13-6FB6-44AB-AFC2-23586053D13A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\runme.exe | 
"{202F2C3B-ACFD-448B-9247-3E877D58B369}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{24F02A85-189D-441F-B10B-970C63D950DB}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{26843590-AFD0-4B86-8892-A0E420CA8AFB}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{273A8E26-7BFD-4BE8-98C8-C054847606E8}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{27CC98A7-D665-45D6-8A31-8EADB8530BCF}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{2CC17DBC-ADB2-4813-99F5-34A4194B8D2B}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{2CD57A8B-D713-4F6C-BCC2-236ADC196FD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{33C2FC98-153D-4055-B825-135CEC08590E}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{33D4AD69-5C77-42C1-A6D1-C32F2345CAAD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{35373F66-E430-46D8-9185-D038987707A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3ADEB337-C631-4D8D-ACDD-022C88EF9F25}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{3C2BA712-9576-4FBF-A532-A525D141EA37}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 07ee7f08\installer.exe | 
"{3F757E7B-1C74-44E5-82C1-BEBA1B335B7B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{4081D61F-21B3-4C53-9E7E-7CB42B4644B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{44DF9EF6-E174-47DF-BDD4-F3BFE8B8C215}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{47591EB6-8387-4D1C-BFCF-E0EEA5299E85}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{478C2556-E1EF-4455-9D15-285B409D3970}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{4800BC03-56A9-4515-857C-55BBFCD91569}" = protocol=17 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe | 
"{50258AE8-954A-4D18-9ABC-DD44309F91B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\runme.exe | 
"{528EF6A9-600F-4425-8481-0B23B171639F}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 0484ad46\installer.exe | 
"{5470820D-DE2F-49EB-B2F0-11BBDDE970F2}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"{560B1F2B-DA32-4DE8-B534-B04040A89073}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 028bb0b5\installer.exe | 
"{5756069D-62F5-43FD-B88E-FCF9AA1B4C17}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{580B9066-0F9E-4863-8EF9-5A97BF8DA476}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{58BE4677-E454-4CA2-B8F5-49C161444BDF}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{5D262F7D-6F72-40B5-8170-FC30AD2F0B8D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5EC7A198-EA69-41D1-A50E-21E00EFFCDEA}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{618B1286-66BA-479D-8107-8B426544CF21}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{62D264A3-D99B-4305-86B0-702007694967}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00ee262a\installer.exe | 
"{669DF0F2-7594-464B-944F-5A39FCD2721F}" = protocol=6 | dir=in | app=c:\users\boris\desktop\minecraft_server.exe | 
"{6D62E307-08C6-499E-989B-111F0A84BA27}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00a8cbd9\installer.exe | 
"{7415F57B-BE65-4434-A45C-0C04FC5CCF09}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{778F9966-8CDC-4992-96BB-480ECB3BFF1C}" = protocol=17 | dir=in | app=c:\program files\codemasters\fuel\fuel.exe | 
"{7A4DD3B8-561C-4933-AB39-B5DC1878171B}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{8032B261-753F-4B5C-9AFA-D61CD67721F3}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{809D45BE-F6E7-43B3-9508-BF86A9A40E48}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{81B9B241-0569-4878-B6E6-4203A051B9B5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8641BAFB-FF02-4C5E-9923-8D24723E1AB3}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{86E83DCC-B5DB-44C3-9806-0835551121B5}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{877A3AFF-1C57-4DB9-A6B7-6EC3BFE0291D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{883B9DB7-DBC8-41DC-ABD7-27F32E4CA91C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{8A75486B-C67E-460D-9554-B52F6E536D0E}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe | 
"{8AF652F9-B30D-4109-BCB9-795C72688A8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8C3B5638-BCBC-4795-99C6-4C28CE89F787}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{8CD551BB-8577-4FE3-B5C8-4378904B2CBF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{8F0DB90D-4434-4191-9516-FE3701927DD8}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{953B2F24-3D26-43D4-BB3A-AA024B370CB2}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{99427D11-070B-43CE-87A8-49DF18D07EC7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{9B8AA46C-2C6D-44D2-9D9A-0F304D2C5ADD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9BC993B1-61FE-4D58-AB6F-1C49D89ED678}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{9CE210E5-141A-4544-A4AF-43AC91CAA564}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00ee262a\installer.exe | 
"{9E7B8992-6B2A-4C90-846A-FB5F2727D3BC}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00024604\installer.exe | 
"{9F6CAA77-FB1F-4130-8C53-CDB4A94CC447}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A25640AE-6F3B-47AC-8B3B-B567958BA3ED}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{A450128C-032C-46DB-8C46-8FF6D72F025F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{A45C83A6-B0DD-4533-A8B3-5AFA446713EC}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{A698B36C-4F48-4C0C-BFDF-46947F0621E7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{A7CE014C-832F-4332-938E-0DA66A042E08}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A9CF2A59-7A9B-4506-8861-8856A7F4EDAC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{AC90A8BE-D64B-411A-B990-1BC305503B0C}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00909c9f\installer.exe | 
"{ADC9062B-3727-4A32-81E8-F8D919DEFBAD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B06B8EC0-5E7B-4077-AB45-8E9AF35F4076}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{B2B955B7-E1A9-4F26-83BD-DE59BD695504}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B623593D-FAFC-4393-AE0B-A0A53614B386}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{B6E500B9-8D70-4295-9043-9B36D3661567}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BA704343-95FA-4296-B828-D4B27EBDD4A8}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 0484ad46\installer.exe | 
"{BCC2A4F6-A28B-481D-8F6B-CEA07F494C57}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00024604\installer.exe | 
"{BE7DD6A6-30E8-47AD-B02F-D1EDBE1AD73B}" = protocol=6 | dir=in | app=c:\program files\codemasters\fuel\fuel.exe | 
"{C142CC44-EFF4-48BA-9926-ABAF85580FA5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C5BDE3E4-2050-4BA3-9C87-D904661D28D4}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 02de647b\installer.exe | 
"{C6428EAA-0B5D-4FB9-B0AD-F6DA98121689}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{CA3A0387-4A5F-4DA4-BBCB-4645D6E91C84}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{CAD2F887-39C3-47FA-98FC-96D7C0ED85E1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{DA3278F4-AF77-477A-A6B0-545FF3CDC4CE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{DAD0CD48-8102-4275-BCA8-D24B572DF53C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{DBB6A3A7-1F9B-4752-94B2-D49C34EA0877}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{DE36D1B0-BF38-459D-B37E-755F5DCEE516}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 028bb0b5\installer.exe | 
"{E43039F7-9D3A-4198-B2A7-B58CADA54497}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E6EDA77F-EF6B-4B1D-B769-667B5B3FB820}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E9FE5BB9-6643-4C22-B119-6B4CD7E0CBF0}" = protocol=6 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe | 
"{EB52EB36-F719-40E3-A351-A2EAD81DC056}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{EBD07366-D943-42D4-87D0-483741E33D59}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00909c9f\installer.exe | 
"{EC92F9BC-24E8-4F26-9FFE-80063FAB19C9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F1A0767C-A800-4A7C-8DA5-DF0DCF3E6D98}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 02de647b\installer.exe | 
"{F54A5BE6-50FB-47EB-A87A-213036F3CEEE}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{FA18CB15-8798-4BCE-A756-C08724D32D80}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{FC0893EC-E4CA-45E3-82A9-1E1E3C649C61}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{FC3A99E2-13C4-461B-9B68-BA9FF30ADC9D}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 07ee7f08\installer.exe | 
"{FF4C2E75-BBAB-4A81-8819-8C5B0AC02751}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"TCP Query User{022DE049-564C-4012-9E21-84F26C0F5C5F}C:\program files\night\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files\night\mass effect 2\binaries\masseffect2.exe | 
"TCP Query User{02653C95-74CD-48EE-A07F-7BFE52BA063A}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{06767FDE-A731-4AAF-9826-6E8035AA6188}C:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe | 
"TCP Query User{067ADF3E-9189-43A8-9E12-FA0936C78A00}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{0776E850-ED15-45C2-AC29-7156310C74A0}C:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe | 
"TCP Query User{0B574A9B-7B82-46EB-8244-CC95A7A19FBD}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{1320678D-EA91-4D1F-A96A-CF56DE96AC5F}C:\program files\the babylon project\fs2_open_3_6_9.exe" = protocol=6 | dir=in | app=c:\program files\the babylon project\fs2_open_3_6_9.exe | 
"TCP Query User{133C9B90-1081-48DB-9B88-886F1FD383F1}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 
"TCP Query User{14C08A75-51A3-4FF9-A051-39EEBB850645}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{1AF315BD-7EC8-4780-A9F2-75768F9E5B52}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"TCP Query User{1F0D8FB3-5693-449E-9CD8-A8623CD04CB0}C:\program files\hypercube source\steamless.dll" = protocol=6 | dir=in | app=c:\program files\hypercube source\steamless.dll | 
"TCP Query User{21341BA7-E7E6-4C31-94DD-CE0B1D1D2451}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{2577BE9C-0BFB-42A0-BAA3-7BF19BBB4FCB}C:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe | 
"TCP Query User{26838C21-2A82-424B-9E62-AA74CA11CC33}C:\program files\blitz3d\bin\blitzcc.exe" = protocol=6 | dir=in | app=c:\program files\blitz3d\bin\blitzcc.exe | 
"TCP Query User{2E141BD9-170E-4BDA-A654-98136BE96505}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2E83B60D-E898-4E0B-A527-018FBD3C6ACB}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe | 
"TCP Query User{2FEB44FB-8D53-4451-99CA-7C3845E699FE}C:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe | 
"TCP Query User{30D3A633-6A5C-4986-A6C8-3D427FF4D02A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{33955399-04FC-44C4-8622-89C01A0D99F9}C:\users\boris\downloads\core\cwcore.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\cwcore.exe | 
"TCP Query User{3937FB58-5A42-4630-8E2F-8B76A902E172}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{3E1538A2-BBCA-4AFC-8D17-01A1CA3A9A6D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{3EAEA7ED-8E83-4758-9929-CD7DD43FA294}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{3F173495-1841-4ECC-8886-713C05C700A2}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{413F770A-B9FD-4E2A-9E4E-4868610259BA}C:\users\boris\downloads\core\cwrealm.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\cwrealm.exe | 
"TCP Query User{42594201-F037-437B-8141-AF3F60C8A400}C:\program files\valve\hltv.exe" = protocol=6 | dir=in | app=c:\program files\valve\hltv.exe | 
"TCP Query User{429FBD7D-2C5E-4EE1-A709-3823D27C0EAE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{43CBB8C4-6615-4EFF-9AB6-1DDC469477E4}C:\udk\udk-2011-04\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udk.exe | 
"TCP Query User{457DB43B-35E6-480D-A24D-56E95B3DE700}C:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe | 
"TCP Query User{45AEC5EA-1184-4A48-9428-A6D48662D4A2}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=6 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe | 
"TCP Query User{47C77EFE-5920-495A-86C9-5710503A2861}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{516AA790-0B6F-4ACC-BF27-C124B33A5033}C:\program files\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\stronghold3.exe | 
"TCP Query User{544A51CE-016A-4E35-BBDF-A32209DC9B76}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{54DB338E-FEC2-44DD-A0C0-19BC8D9AD1D9}C:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 
"TCP Query User{58A72013-7EA2-48B3-A2C4-BF82ED3896AF}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{5A2A1118-0A97-4C8E-B5A1-2D97A9AB0193}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{5D3ACD67-FFB0-4CE9-BEE6-B834E6795F2B}C:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe | 
"TCP Query User{68FA5DB8-96BD-47B2-B1AE-943861EB7947}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"TCP Query User{6BD09A77-62EC-48BE-B272-EF6D7160F61E}C:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe | 
"TCP Query User{6D084A94-CD54-498F-9524-53788E9DD209}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{6E21FDCB-D240-4FCC-8074-BC7540FD5841}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe | 
"TCP Query User{72216BAF-B0C5-4E7A-AB46-764831D04F3A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{77CBC97C-A2B3-472C-BD60-D0D3F23935E3}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe | 
"TCP Query User{7815EB27-6698-431C-A79A-9F5DB5AFA91D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{7B061044-AB54-46A8-AEB7-251F4640B801}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{8416F972-0AA8-4828-ACA7-B59A28840426}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{867159E4-F1A7-4358-B351-3B993BE3905F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{86A26453-2FA3-4398-8B86-0907E00A2FF1}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"TCP Query User{8AC941BE-3E5A-4CE0-9CA4-CE9BD84CF085}C:\udk\udk-2011-04\binaries\win32\udkmobile.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udkmobile.exe | 
"TCP Query User{8D86B87B-EE5F-4316-8DB0-C3CCDB222CDF}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe | 
"TCP Query User{929027B2-4AB4-4806-A21E-8F9957B87A2E}C:\program files\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\black & white\runblack.exe | 
"TCP Query User{940FBC74-7DE1-4830-A760-929750893F81}C:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe | 
"TCP Query User{97472822-0439-444B-B6F6-DB9FE87C27D3}C:\program files\java\jdk1.6.0_23\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_23\bin\java.exe | 
"TCP Query User{9DAA6599-8DC1-4EAC-AB5E-932F27A299A4}C:\program files\stronghold 3\bin\win32_release\mapeditor.exe" = protocol=6 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\mapeditor.exe | 
"TCP Query User{9E8C12BD-3867-4CFD-9F49-673EE9689267}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{9EF206B9-C9FF-4957-9B38-F0761AF7B397}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{9F65A574-101D-4350-AC39-4BA569D93FF9}C:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe | 
"TCP Query User{A002C11C-6AD8-4FF1-AC8D-C022706A0F46}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{A3C5F585-18ED-4664-B0E4-987E8F116B8D}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=6 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe | 
"TCP Query User{A464C402-FB90-4043-ACEE-989161E3D64F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{ACF1B1CC-CD0F-42DC-BEE0-C1FB1ABC9AA4}C:\users\boris\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\roaming\filehunter\pumpa.exe | 
"TCP Query User{B1932715-2E2A-4EF1-9874-4F621EA5149F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{B2766438-A46C-4660-9505-0D08268F728F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{B4770EE8-708C-4556-9315-0A48D36E26E5}C:\udk\hazard - journey of life demo\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\hazard - journey of life demo\binaries\win32\udk.exe | 
"TCP Query User{BAD96D52-FB5D-4205-B198-3967FC1B1251}C:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe | 
"TCP Query User{BD38BC71-CC01-4975-A684-23B3BFE72ADD}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{C1F52990-E4A0-432B-ABDA-C47BA891B323}C:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe | 
"TCP Query User{C310592F-B9F4-446C-919F-7A3C8FE5D4DC}C:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe | 
"TCP Query User{C659805D-4B14-488E-9DAD-C685F343DD80}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe | 
"TCP Query User{D35280C2-7DEC-4B0E-8D83-AB4384399506}C:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"TCP Query User{D49D1BFF-7D9C-42F5-8232-3E67C5F79222}C:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{D5833881-93E7-411C-A3F7-0FC720DAF948}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{D6F78663-8FE2-45C7-93D3-D332D5DCB8DA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{DE7AA29E-7E83-47B7-BE79-B0AC2BFF926A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{DED412C4-7181-49B0-A221-FDD21224D80A}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{E382B687-C828-48AF-B52D-34A882A1FBB3}C:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe | 
"TCP Query User{E442A0B0-F572-4D24-B310-C33DF40C9FEC}C:\users\boris\appdata\local\temp\dsoclient\app.n3app" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\dsoclient\app.n3app | 
"TCP Query User{EC134832-63E8-42AF-BB30-52B0C3A491A8}C:\users\boris\desktop\spiele\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\counter-strike source\hl2.exe | 
"TCP Query User{EC34E1DA-D02E-4D86-B508-54B1CAFC91D6}C:\program files\xnormal\3.16.13\x86\coordinator.exe" = protocol=6 | dir=in | app=c:\program files\xnormal\3.16.13\x86\coordinator.exe | 
"TCP Query User{EDB0961D-A6F7-4EBD-B17B-C1B6AB4FF95E}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe | 
"TCP Query User{EF79D92C-5D28-4FD3-93EA-5090F30F926F}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{F0D97232-1EC7-4EB8-8984-BD06644BE0D3}C:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe | 
"TCP Query User{F33AC4F1-4EBA-4981-9EB0-571512F86547}C:\udk\udk-2011-04\binaries\swarmagent.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-04\binaries\swarmagent.exe | 
"TCP Query User{F3821BB0-9DFD-4787-9493-ADE16099DC02}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{F492F37C-849A-4FC3-87D4-B7698AF3669D}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{F92E44C5-7643-4D91-894C-44BCCF7A0FCD}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{FE6F0035-6221-4401-A4BE-1E9D401B684F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{FF8A7B8E-DFDF-44DA-94CB-89992778F85F}C:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{0151A2BF-32A7-4D76-B340-B33D97597F08}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{045D52F1-2CD8-49C4-809C-3B390AE4D4E8}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{05127824-4C81-445F-9D67-F61D280734BF}C:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{052990CF-4B5C-4D29-B93C-CD0EEE8A5D9D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{083D5889-9C48-42CD-808E-4D10047D2391}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{0A68D327-6070-44D1-A8A2-321AA2585586}C:\program files\java\jdk1.6.0_23\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_23\bin\java.exe | 
"UDP Query User{0B1A0E88-18C0-4131-BBE5-8807E99D48BB}C:\users\boris\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\roaming\filehunter\pumpa.exe | 
"UDP Query User{0B6095D2-1697-4C43-9C82-95FFFC533801}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{14022CA9-47BE-465A-BCEA-8B880AACB16D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{152468BB-E02E-4C0F-8823-8F1A18308E7D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{1E14CAF8-89E3-4B10-9E16-E265D82A5DC0}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 
"UDP Query User{1E41A05A-AD35-4C29-9B59-6F02FA0468B5}C:\program files\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\black & white\runblack.exe | 
"UDP Query User{2292C245-7B10-4890-9467-DACC7842DB25}C:\udk\udk-2011-04\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udk.exe | 
"UDP Query User{24FD5A2C-88EF-409A-B3A3-116417E95E22}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{2ADE7731-AE6C-498B-ADF3-78116F08A21F}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe | 
"UDP Query User{2B8FCBDB-9FEC-4D32-B8F6-AB52F9EFCE36}C:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe | 
"UDP Query User{2D685F94-FD87-4B0F-BA42-5C4517C28970}C:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe | 
"UDP Query User{2D97AD20-6B5D-49F2-87AF-C2756FA26369}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{2FDE7C13-0469-4092-B282-7042CA6AF82F}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=17 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe | 
"UDP Query User{33FCFA65-0776-407E-A0F9-16F48F2628A9}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{349CF789-108E-4FBF-9F99-8FBEF6995928}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{3621C7CF-DA20-48FA-B661-4504DE9CC5A9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{3862D31C-8EB1-42EB-BCC7-B56DDA97FC47}C:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe | 
"UDP Query User{398B9CAE-4661-4B89-BAA1-14F97F15E88D}C:\program files\blitz3d\bin\blitzcc.exe" = protocol=17 | dir=in | app=c:\program files\blitz3d\bin\blitzcc.exe | 
"UDP Query User{3DAB5E4A-6429-4A73-8D1D-64ECB6F7B6B5}C:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 
"UDP Query User{43FBA8BB-2ADA-48AE-A653-2D38868F7CC4}C:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{46E867DC-F92E-4C9A-A99E-E65032FA8BF8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{4A29D028-1875-4DE2-A54D-B159AC8AD726}C:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe | 
"UDP Query User{508DAA28-B9F1-4F38-93E2-5A918C449495}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"UDP Query User{52EAAD1E-6A44-42AD-BE47-2C9AA8282D98}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{53CC166D-9A6B-440C-AE97-FDC018E1F52F}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{5CA333C3-2393-4CB6-8C43-A2458B5E07A7}C:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{5D0B9ABB-80FF-47F0-B3CF-E59F7402CDFD}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{5EEDDFF6-BC0B-4809-AE85-6B5BF1FB3070}C:\program files\xnormal\3.16.13\x86\coordinator.exe" = protocol=17 | dir=in | app=c:\program files\xnormal\3.16.13\x86\coordinator.exe | 
"UDP Query User{61C08820-608B-4076-8D49-58623299AD36}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe | 
"UDP Query User{67A078B9-E937-48EE-82AC-B8846624509C}C:\program files\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\stronghold3.exe | 
"UDP Query User{6A8E5217-84A7-4D48-A63B-E4917345BACE}C:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe | 
"UDP Query User{6C85AB3D-163C-4AA0-8027-27BBE7E20381}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{6D06211C-137B-4729-B798-EA1E410A8D79}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{6DDFF840-5DC5-4ADA-BBF7-DAF3E7BCB032}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{6F0CE591-5714-4178-B213-46C502D53E13}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{703379DA-58C7-4FCA-A716-D327B8FEF1CA}C:\users\boris\downloads\core\cwrealm.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\cwrealm.exe | 
"UDP Query User{71D373C7-B443-4D7E-A118-3E80CC2EDB52}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{7205C025-131E-4B6F-8BC8-D812399487B4}C:\udk\udk-2011-04\binaries\swarmagent.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-04\binaries\swarmagent.exe | 
"UDP Query User{746048C6-E4E1-4C78-9AC8-9B159AE3C3AA}C:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe | 
"UDP Query User{7C1D3DD9-E1EA-412A-BDCF-AC1FE4271B61}C:\program files\stronghold 3\bin\win32_release\mapeditor.exe" = protocol=17 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\mapeditor.exe | 
"UDP Query User{8167A71D-0BAE-4DC0-BFBE-BDD8BD1111A6}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"UDP Query User{874E3D56-F598-4BD0-9B85-4F80A84EF9B8}C:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe | 
"UDP Query User{89DECFF4-E9DE-4184-AC85-80A89BB4D76C}C:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe | 
"UDP Query User{8F6471CD-8FBC-4862-A1F8-C8E6390B82B6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{8FBF5A62-94BB-46AD-ADBF-DB29E840EE7B}C:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe | 
"UDP Query User{914DFAFF-7B1B-44F2-8396-7634B751203E}C:\program files\night\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files\night\mass effect 2\binaries\masseffect2.exe | 
"UDP Query User{94A899CB-EC83-4F38-8C8A-44863F8630BE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{9712ABBC-9B35-4682-9DDC-8C690436CD98}C:\users\boris\downloads\core\cwcore.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\cwcore.exe | 
"UDP Query User{9FE09C73-45E9-423C-91C9-8DFB594B9077}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{A77071BE-40C1-4C54-B1F1-096BB1CA08D4}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{A9B824AE-9249-46D0-B640-829B5E154B12}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{AA829504-18FF-47CF-9322-7B9CE00C2772}C:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe | 
"UDP Query User{AAE51A5C-85AA-4AB5-930D-60E9D7BBC91E}C:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe | 
"UDP Query User{AD8AE2BA-BFCD-44D8-A8EA-B8DCC17C5121}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{B005D980-3FE5-4EE4-80D1-915267186ECA}C:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe | 
"UDP Query User{B5CD05D8-46EC-4F47-B4C3-41B1EC5D106C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{B810E388-E2EC-4F27-B301-5760F4FA460D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{B8CE9875-37FB-42F1-BFCB-822771DF46A3}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{C0F135BF-03FA-4034-84FA-07A802C6654A}C:\users\boris\appdata\local\temp\dsoclient\app.n3app" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\dsoclient\app.n3app | 
"UDP Query User{C7EAD287-6C8F-4292-967A-8B77F3C15C16}C:\program files\hypercube source\steamless.dll" = protocol=17 | dir=in | app=c:\program files\hypercube source\steamless.dll | 
"UDP Query User{C9A53DFD-8B51-4333-BF1C-E8851100AF8A}C:\udk\udk-2011-04\binaries\win32\udkmobile.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udkmobile.exe | 
"UDP Query User{D3861E9B-8083-4F6F-83E8-01270D5C675F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{D7863355-18B3-4A6B-86B0-AC650856A0DC}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe | 
"UDP Query User{D9E63ED6-7875-4245-A910-448E904C00BC}C:\udk\hazard - journey of life demo\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\hazard - journey of life demo\binaries\win32\udk.exe | 
"UDP Query User{E0782E38-CE26-4FB8-AE73-99E2DCEE0B94}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe | 
"UDP Query User{E17D6295-5BB8-4C4D-92CB-619E339C3C3C}C:\program files\valve\hltv.exe" = protocol=17 | dir=in | app=c:\program files\valve\hltv.exe | 
"UDP Query User{E1FF2836-73B3-48D6-AEA2-2D956561404D}C:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe | 
"UDP Query User{E5E34105-1D7A-448D-B94D-63EC04DE25B8}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{E6830D94-2238-4A77-B506-5AAA59CAEBD6}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=17 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe | 
"UDP Query User{E9114C9C-F50B-4442-860E-FD6094C760F2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EAB75652-C838-4E61-9183-07B4F0EE7CC9}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{EC65006E-E787-4445-BD6B-4E7D75ADC562}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe | 
"UDP Query User{EC74F221-ED84-486F-B802-93F5E403CB5A}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{ECACC013-C621-43B5-806F-E7959230BBA4}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{EDF9C4FF-CC08-4AB3-A8A5-F4822C7825B7}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{F0FF9C74-DE15-4F66-91D5-0B4FC7B1955C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F2060172-1131-45ED-9558-8BD0791DD2F6}C:\program files\the babylon project\fs2_open_3_6_9.exe" = protocol=17 | dir=in | app=c:\program files\the babylon project\fs2_open_3_6_9.exe | 
"UDP Query User{F2A04A35-7274-48C1-985F-59981291F50A}C:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe | 
"UDP Query User{F2E5146B-3225-4922-8D3E-D4ED88CB0CBF}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe | 
"UDP Query User{FAF060B8-B4C2-43C0-AFFF-9C8C66E32669}C:\users\boris\desktop\spiele\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\counter-strike source\hl2.exe | 
"UDP Query User{FB0C1D01-B124-4877-8B2C-DB5AF6375502}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B9CCE86-8E60-4CE5-AE03-26F79D4D8FA9}" = Item-mall
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2158685C-E2B3-4026-B0A1-0FFE31837AFD}" = PlayLinc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}" = Gothic 2 Gold
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{573576B6-2112-4679-BF42-C8D9CE2E4A29}" = Ace of Spades
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5C358088-A837-44EC-91D0-9FD06FF40896}" = Mobile Master
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C15DC29-040C-433F-B1AE-783D37E9C08B}" = Python 2.6 pygame-1.9.1
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{6EF7803B-4ADC-41F1-AFE7-E5A7931E5C4A}" = ArtRage Studio Pro
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{765E50AF-5550-4F7E-84F4-524D1BF2C49D}" = MSM2MSI_gstudio
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8DE8C34-7F51-4cc8-B326-C425793EE741}" = THE CHRONICLES OF RIDDICK: ESCAPE FROM BUTCHER BAY 
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B7DDE586-D6F1-4CC7-8A2F-FCFF59F77D7D}" = OutcastDVD
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BD87B950-D3E0-11D3-BE74-0000E20392C2}" = Outcast
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C53F001E-5912-4E76-AC49-9AC20B36B1A2}" = MSM2MSI_gstudio
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.8
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blender" = Blender
"BlitzMax_is1" = BlitzMax1.36
"CyberGhost VPN_is1" = CyberGhost VPN
"DAEMON Tools Pro" = DAEMON Tools Pro
"DesktopIconAmazon" = Desktop Icon für Amazon
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Die Rückkehr zur Geheimnisvollen Insel 2_is1" = Die Rückkehr zur Geheimnisvollen Insel 2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EarthSculptor_is1" = EarthSculptor 1.05
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"eBay Icon" = eBay Icon
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fallout" = Fallout
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.3.920
"Free Audio Converter_is1" = Free Audio Converter version 2.3.815
"Free FLV Converter_is1" = Free FLV Converter V 6.7.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.4.1228
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GT Interactive - Driver" = GT Interactive - Driver
"Hardcore" = Hardcore
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"Legend of Grimrock_is1" = Legend of Grimrock
"LHTTSDUN" = L&H TTS3000 Nederlands
"LHTTSFRF" = L&H TTS3000 Français
"LHTTSGED" = L&H TTS3000 Deutsch
"LHTTSJPJ" = L&H TTS3000 Japanese
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MaPZone2.Free" = Allegorithmic MaPZone2.Free
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MinGW" = MinGW 5.1.3
"Mobile Master" = Mobile Master 7.7.4
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MySSID_is1" = Vtune 7.21
"Native Instruments Massive" = Native Instruments Massive
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office2007" = Microsoft Office Home and Student
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"PyQt GPL v4.6.2 for Python v2.6" = PyQt GPL v4.6.2 for Python v2.6
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Return to Mysterious Island" = Return to Mysterious Island
"Sawer" = Sawer
"ScapeMaker" = ScapeMaker
"ScummVM_is1" = ScummVM 1.2.1
"ST6UNST #1" = HeightmapCreator
"ST6UNST #2" = HeightmapCreator (C:\Program Files\HeightmapCreator\)
"Steam App 2130" = Dark Messiah Might and Magic Multi-Player
"Steam App 39500" = Gothic 3
"Steam App 41680" = Death and the Fly
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 91310" = Dead Island
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Theme Park World" = Theme Park World
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Tunngle beta_is1" = Tunngle beta
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works9se" = Microsoft Works 9.0 SE
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah 
"CodeBlocks" = CodeBlocks
"Dachon 4k" = Dachon 4k
"I-Doser v4" = I-Doser v4
"Miners4k" = Miners4k
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.05.2012 15:40:29 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.05.2012 16:02:16 | Computer Name = Boris-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 04.05.2012 07:54:44 | Computer Name = Boris-PC | Source = MSSQL$SQLEXPRESS | ID = 8317
Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'
 zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind
 deaktiviert.
 
Error - 04.05.2012 07:55:41 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.05.2012 08:51:36 | Computer Name = Boris-PC | Source = MSSQL$SQLEXPRESS | ID = 8317
Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'
 zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind
 deaktiviert.
 
Error - 04.05.2012 08:52:07 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.05.2012 11:12:38 | Computer Name = Boris-PC | Source = MSSQL$SQLEXPRESS | ID = 8317
Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'
 zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind
 deaktiviert.
 
Error - 04.05.2012 11:13:27 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.05.2012 11:39:36 | Computer Name = Boris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.05.2012 11:39:37 | Computer Name = Boris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 04.05.2012 08:52:07 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.05.2012 08:52:07 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2012 11:09:57 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 04.05.2012 11:10:00 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 04.05.2012 11:09:58 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 04.05.2012 11:10:00 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 04.05.2012 11:10:04 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 04.05.2012 11:10:04 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 04.05.2012 11:13:28 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.05.2012 11:13:28 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---

[/Code]

Alt 04.05.2012, 21:11   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironto
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes,DefaultScope = {62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="
[2012.03.07 15:24:38 | 000,001,090 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\conduit.xml
[2012.03.09 08:25:10 | 000,001,292 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\funmoods.xml
[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-1.xml
[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-2.xml
[2012.03.09 08:25:10 | 000,000,901 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin.xml
[2009.10.16 19:46:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.09 08:25:10 | 000,002,050 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}: DhcpNameServer = 7.254.254.254
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell - "" = AutoRun
O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell\AutoRun\command - "" = L:\loader.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\win32\autorun\m4ck.exe
[2012.04.25 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11019
[2012.04.24 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11018
[2012.04.23 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11017
[2012.04.20 15:29:14 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11016
[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012.04.17 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11015
[2012.04.16 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11014
[2012.04.13 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11013
[2012.04.12 13:49:53 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11012
[2012.04.11 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\UAs
[2012.04.11 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11009
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:64217CD0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Files
C:\Windows\$NtUninstallKB9818$
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alt 08.05.2012, 13:02   #12
burke
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



Heute kam eine Meldung von Avira "C:\Users\Boris\Appdata\Roaming\BAcroIEHelpe122.dll" das soll ein RKIT/Agent.czcu sein ist das was bedenkliches? soll ich vllt nochmal den eset scan durchführen?
edit:
Sorry ich habe deine neuste antwort gar nicht bemerkt, da sie auf der zweiten seite war .erst jetzt fällt es mir auf als ich noch was geschrieben hab.
avira hat mir noch kurz drauf 5 weitere meldungen gegeben TR/spy.banker.age13
so ich mach jetzt mal diesen otl fix. was bewirkt dieser fix?

hier is das log das nach dem fixen kam:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}\ not found.
Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" removed from keyword.URL
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\conduit.xml moved successfully.
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\funmoods.xml moved successfully.
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
C:\Programme\icq\Internet Explorer\icq.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a91e5259-c309-11de-88be-0025113402db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a91e5259-c309-11de-88be-0025113402db}\ not found.
File L:\loader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\win32\autorun\m4ck.exe not found.
C:\Users\Boris\AppData\Roaming\11019\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11019 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11018\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11018 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11017\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11017 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11016\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11016 folder moved successfully.
C:\Windows\rundll16.exe folder moved successfully.
C:\Windows\logo1_.exe folder moved successfully.
C:\Users\Boris\AppData\Roaming\11015\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11015 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11014\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11014 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11013\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11013 folder moved successfully.
C:\Users\Boris\AppData\Roaming\11012\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11012 folder moved successfully.
C:\Users\Boris\AppData\Roaming\UAs folder moved successfully.
C:\Users\Boris\AppData\Roaming\11009\components folder moved successfully.
C:\Users\Boris\AppData\Roaming\11009 folder moved successfully.
ADS C:\ProgramData\TEMP:64217CD0 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
Folder move failed. C:\Windows\$NtUninstallKB9818$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\Vorlagen folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Videos folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Startmenü folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Searches folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Saved Games folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Recent folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Pictures\Slide Shows folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Pictures folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Netzwerkumgebung folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Music\Playlists folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Music folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Lokale Einstellungen folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Links folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Favorites folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Eigene Dateien folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Druckumgebung folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Downloads folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Documents\Eigene Videos folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Documents\Eigene Musik folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Documents\Eigene Bilder folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Documents folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Desktop folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\Contacts folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2011\Backups folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2011 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Templates folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programme folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Recent folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Speech\Files folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Speech folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\NK9TARKA folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Verlauf folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Sidebar\Gadgets folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Sidebar folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery\Original Images folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5NKMPNM folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUGUF235 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDHZW5F5 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YX8NGXU folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012050820120509 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\GameExplorer folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Burn folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Google\Custom Buttons folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Google\CrashReports folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Google folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Anwendungsdaten folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\Anwendungsdaten folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$ scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Boris
->Temp folder emptied: 50477492 bytes
->Temporary Internet Files folder emptied: 14573876 bytes
->Java cache emptied: 7289 bytes
->FireFox cache emptied: 821149206 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 66089 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2021561 bytes
RecycleBin emptied: 19902461 bytes
 
Total Files Cleaned = 866,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Boris
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05082012_143219

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB9818$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully.
C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB9818$ scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000000ABBB1933184CDD6FF not found!

Registry entries deleted on Reboot...
         

Geändert von burke (08.05.2012 um 13:45 Uhr)

Alt 08.05.2012, 16:04   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


Alt 08.05.2012, 16:17   #14
burke
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



hab den scan druchgeführt. kannst du denn jetzt schon genaueres sagen womit ichs vielleicht zu tun habe? wär nett wenn du die frage beantwortest

Code:
ATTFilter
17:08:15.0010 4740	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
17:08:16.0960 4740	============================================================
17:08:16.0960 4740	Current date / time: 2012/05/08 17:08:16.0960
17:08:16.0960 4740	SystemInfo:
17:08:16.0960 4740	
17:08:16.0960 4740	OS Version: 6.0.6002 ServicePack: 2.0
17:08:16.0960 4740	Product type: Workstation
17:08:16.0960 4740	ComputerName: BORIS-PC
17:08:16.0960 4740	UserName: Boris
17:08:16.0960 4740	Windows directory: C:\Windows
17:08:16.0960 4740	System windows directory: C:\Windows
17:08:16.0960 4740	Processor architecture: Intel x86
17:08:16.0960 4740	Number of processors: 2
17:08:16.0960 4740	Page size: 0x1000
17:08:16.0960 4740	Boot type: Normal boot
17:08:16.0960 4740	============================================================
17:08:17.0319 4740	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:08:17.0381 4740	============================================================
17:08:17.0381 4740	\Device\Harddisk0\DR0:
17:08:17.0381 4740	MBR partitions:
17:08:17.0381 4740	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x2382DAB0
17:08:17.0381 4740	============================================================
17:08:17.0490 4740	C: <-> \Device\Harddisk0\DR0\Partition0
17:08:17.0490 4740	============================================================
17:08:17.0490 4740	Initialize success
17:08:17.0490 4740	============================================================
17:08:42.0669 4860	============================================================
17:08:42.0669 4860	Scan started
17:08:42.0669 4860	Mode: Manual; SigCheck; TDLFS; 
17:08:42.0669 4860	============================================================
17:08:43.0277 4860	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:08:43.0355 4860	ACPI - ok
17:08:43.0433 4860	AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
17:08:43.0433 4860	AdobeActiveFileMonitor6.0 - ok
17:08:43.0480 4860	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:08:43.0511 4860	adp94xx - ok
17:08:43.0542 4860	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:08:43.0558 4860	adpahci - ok
17:08:43.0605 4860	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:08:43.0620 4860	adpu160m - ok
17:08:43.0636 4860	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:08:43.0651 4860	adpu320 - ok
17:08:43.0698 4860	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:08:43.0761 4860	AeLookupSvc - ok
17:08:43.0807 4860	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:08:43.0854 4860	AFD - ok
17:08:43.0885 4860	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:08:43.0901 4860	agp440 - ok
17:08:43.0917 4860	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:08:43.0932 4860	aic78xx - ok
17:08:44.0057 4860	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:08:44.0151 4860	ALG - ok
17:08:44.0166 4860	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:08:44.0182 4860	aliide - ok
17:08:44.0213 4860	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:08:44.0213 4860	amdagp - ok
17:08:44.0229 4860	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:08:44.0244 4860	amdide - ok
17:08:44.0260 4860	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:08:44.0291 4860	AmdK7 - ok
17:08:44.0291 4860	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:08:44.0322 4860	AmdK8 - ok
17:08:44.0385 4860	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:08:44.0400 4860	AntiVirSchedulerService - ok
17:08:44.0431 4860	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:08:44.0447 4860	AntiVirService - ok
17:08:44.0494 4860	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:08:44.0525 4860	Appinfo - ok
17:08:44.0556 4860	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:08:44.0556 4860	arc - ok
17:08:44.0603 4860	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:08:44.0603 4860	arcsas - ok
17:08:44.0962 4860	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:08:44.0977 4860	aspnet_state - ok
17:08:45.0009 4860	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:08:45.0055 4860	AsyncMac - ok
17:08:45.0071 4860	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:08:45.0087 4860	atapi - ok
17:08:45.0118 4860	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
17:08:45.0149 4860	atksgt - ok
17:08:45.0196 4860	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:08:45.0227 4860	AudioEndpointBuilder - ok
17:08:45.0227 4860	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:08:45.0243 4860	Audiosrv - ok
17:08:45.0321 4860	Autodesk Licensing Service (17681266e789ba928cbed70dd58ee4b1) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
17:08:45.0321 4860	Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:08:45.0321 4860	Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:08:45.0352 4860	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
17:08:45.0367 4860	avgntflt - ok
17:08:45.0383 4860	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
17:08:45.0399 4860	avipbb - ok
17:08:45.0414 4860	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
17:08:45.0414 4860	avkmgr - ok
17:08:45.0477 4860	BazisVirtualCDBus (85939efff66a851c59a9c25d62e9e24c) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
17:08:45.0492 4860	BazisVirtualCDBus ( UnsignedFile.Multi.Generic ) - warning
17:08:45.0492 4860	BazisVirtualCDBus - detected UnsignedFile.Multi.Generic (1)
17:08:45.0508 4860	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:08:45.0555 4860	Beep - ok
17:08:45.0586 4860	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:08:45.0617 4860	BFE - ok
17:08:45.0664 4860	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:08:45.0742 4860	BITS - ok
17:08:45.0757 4860	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:08:45.0789 4860	blbdrive - ok
17:08:45.0804 4860	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:08:45.0835 4860	bowser - ok
17:08:45.0867 4860	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:08:45.0882 4860	BrFiltLo - ok
17:08:45.0898 4860	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:08:45.0945 4860	BrFiltUp - ok
17:08:45.0960 4860	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:08:45.0991 4860	Browser - ok
17:08:46.0038 4860	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:08:46.0147 4860	Brserid - ok
17:08:46.0194 4860	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:08:46.0241 4860	BrSerWdm - ok
17:08:46.0272 4860	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:08:46.0303 4860	BrUsbMdm - ok
17:08:46.0319 4860	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:08:46.0366 4860	BrUsbSer - ok
17:08:46.0413 4860	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
17:08:46.0444 4860	BthEnum - ok
17:08:46.0475 4860	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:08:46.0506 4860	BTHMODEM - ok
17:08:46.0537 4860	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:08:46.0569 4860	BthPan - ok
17:08:46.0647 4860	BTHPORT         (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
17:08:46.0678 4860	BTHPORT - ok
17:08:46.0725 4860	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
17:08:46.0756 4860	BthServ - ok
17:08:46.0771 4860	BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
17:08:46.0803 4860	BTHUSB - ok
17:08:46.0818 4860	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:08:46.0865 4860	cdfs - ok
17:08:46.0881 4860	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:08:46.0912 4860	cdrom - ok
17:08:46.0943 4860	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:08:46.0974 4860	CertPropSvc - ok
17:08:47.0115 4860	CGVPNCliSrvc    (13cee66949534cc98a7125174a6e502f) C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
17:08:47.0239 4860	CGVPNCliSrvc - ok
17:08:47.0364 4860	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:08:47.0395 4860	circlass - ok
17:08:47.0427 4860	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:08:47.0442 4860	CLFS - ok
17:08:47.0473 4860	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:47.0489 4860	clr_optimization_v2.0.50727_32 - ok
17:08:47.0536 4860	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:08:47.0551 4860	clr_optimization_v4.0.30319_32 - ok
17:08:47.0583 4860	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:08:47.0583 4860	cmdide - ok
17:08:47.0598 4860	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
17:08:47.0614 4860	Compbatt - ok
17:08:47.0614 4860	COMSysApp - ok
17:08:47.0629 4860	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:08:47.0645 4860	crcdisk - ok
17:08:47.0645 4860	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:08:47.0692 4860	Crusoe - ok
17:08:47.0723 4860	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:08:47.0739 4860	CryptSvc - ok
17:08:47.0785 4860	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:08:47.0832 4860	DcomLaunch - ok
17:08:47.0879 4860	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:08:47.0910 4860	DfsC - ok
17:08:48.0019 4860	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:08:48.0238 4860	DFSR - ok
17:08:48.0347 4860	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:08:48.0378 4860	Dhcp - ok
17:08:48.0425 4860	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:08:48.0441 4860	disk - ok
17:08:48.0472 4860	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:08:48.0519 4860	Dnscache - ok
17:08:48.0550 4860	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:08:48.0565 4860	dot3svc - ok
17:08:48.0597 4860	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:08:48.0628 4860	DPS - ok
17:08:48.0675 4860	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:08:48.0690 4860	drmkaud - ok
17:08:48.0737 4860	dtsoftbus01     (16c5891c6d1fa0b5d9014f85a482eb20) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:08:48.0753 4860	dtsoftbus01 - ok
17:08:48.0799 4860	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:08:48.0815 4860	DXGKrnl - ok
17:08:48.0862 4860	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:08:48.0893 4860	E1G60 - ok
17:08:48.0909 4860	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:08:48.0940 4860	EapHost - ok
17:08:48.0987 4860	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:08:48.0987 4860	Ecache - ok
17:08:49.0049 4860	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:08:49.0065 4860	ehRecvr - ok
17:08:49.0096 4860	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:08:49.0127 4860	ehSched - ok
17:08:49.0143 4860	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:08:49.0158 4860	ehstart - ok
17:08:49.0205 4860	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:08:49.0236 4860	elxstor - ok
17:08:49.0283 4860	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:08:49.0345 4860	EMDMgmt - ok
17:08:49.0392 4860	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:08:49.0423 4860	ErrDev - ok
17:08:49.0517 4860	ETService       (23112102bc2a8fe44b8ac44a05bdf4c3) C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
17:08:49.0517 4860	ETService ( UnsignedFile.Multi.Generic ) - warning
17:08:49.0517 4860	ETService - detected UnsignedFile.Multi.Generic (1)
17:08:49.0548 4860	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:08:49.0579 4860	EventSystem - ok
17:08:49.0626 4860	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:08:49.0673 4860	exfat - ok
17:08:49.0720 4860	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:08:49.0767 4860	fastfat - ok
17:08:49.0845 4860	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:08:49.0860 4860	fdc - ok
17:08:49.0891 4860	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:08:49.0907 4860	fdPHost - ok
17:08:49.0923 4860	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:08:49.0969 4860	FDResPub - ok
17:08:49.0985 4860	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:08:49.0985 4860	FileInfo - ok
17:08:50.0001 4860	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:08:50.0032 4860	Filetrace - ok
17:08:50.0110 4860	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:08:50.0157 4860	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:08:50.0157 4860	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:08:50.0172 4860	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:08:50.0219 4860	flpydisk - ok
17:08:50.0250 4860	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:08:50.0266 4860	FltMgr - ok
17:08:50.0328 4860	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:08:50.0422 4860	FontCache - ok
17:08:50.0469 4860	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:08:50.0469 4860	FontCache3.0.0.0 - ok
17:08:50.0500 4860	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:08:50.0531 4860	Fs_Rec - ok
17:08:50.0562 4860	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:08:50.0562 4860	gagp30kx - ok
17:08:50.0656 4860	GenericHidService - ok
17:08:50.0718 4860	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:08:50.0749 4860	gpsvc - ok
17:08:50.0859 4860	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:50.0859 4860	gupdate - ok
17:08:50.0874 4860	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:08:50.0874 4860	gupdatem - ok
17:08:50.0921 4860	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:08:50.0937 4860	gusvc - ok
17:08:50.0968 4860	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
17:08:50.0983 4860	hamachi - ok
17:08:51.0061 4860	Hamachi2Svc     (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
17:08:51.0108 4860	Hamachi2Svc - ok
17:08:51.0217 4860	hamachi_oem     (c25c70fd4d49391091d9eb8c747f19e6) C:\Windows\system32\DRIVERS\gan_adapter.sys
17:08:51.0233 4860	hamachi_oem ( UnsignedFile.Multi.Generic ) - warning
17:08:51.0233 4860	hamachi_oem - detected UnsignedFile.Multi.Generic (1)
17:08:51.0280 4860	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:08:51.0342 4860	HdAudAddService - ok
17:08:51.0389 4860	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:08:51.0451 4860	HDAudBus - ok
17:08:51.0467 4860	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:08:51.0514 4860	HidBth - ok
17:08:51.0545 4860	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:08:51.0592 4860	HidIr - ok
17:08:51.0623 4860	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:08:51.0623 4860	hidserv - ok
17:08:51.0654 4860	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:08:51.0685 4860	HidUsb - ok
17:08:51.0701 4860	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:08:51.0732 4860	hkmsvc - ok
17:08:51.0748 4860	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:08:51.0763 4860	HpCISSs - ok
17:08:51.0795 4860	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:08:51.0841 4860	HTTP - ok
17:08:51.0919 4860	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:08:51.0919 4860	i2omp - ok
17:08:51.0966 4860	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:08:51.0997 4860	i8042prt - ok
17:08:52.0029 4860	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:08:52.0029 4860	iaStorV - ok
17:08:52.0263 4860	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:08:52.0263 4860	IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:08:52.0263 4860	IDriverT - detected UnsignedFile.Multi.Generic (1)
17:08:52.0590 4860	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:08:52.0621 4860	idsvc - ok
17:08:52.0746 4860	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:08:52.0746 4860	iirsp - ok
17:08:52.0777 4860	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:08:52.0809 4860	IKEEXT - ok
17:08:52.0855 4860	int15           (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
17:08:52.0855 4860	int15 - ok
17:08:52.0965 4860	IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
17:08:53.0121 4860	IntcAzAudAddService - ok
17:08:53.0261 4860	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:08:53.0261 4860	intelide - ok
17:08:53.0292 4860	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:08:53.0323 4860	intelppm - ok
17:08:53.0355 4860	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:08:53.0370 4860	IPBusEnum - ok
17:08:53.0448 4860	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:08:53.0479 4860	IpFilterDriver - ok
17:08:53.0511 4860	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:08:53.0542 4860	iphlpsvc - ok
17:08:53.0557 4860	IpInIp - ok
17:08:53.0620 4860	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:08:53.0651 4860	IPMIDRV - ok
17:08:53.0667 4860	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:08:53.0698 4860	IPNAT - ok
17:08:53.0745 4860	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:08:53.0776 4860	IRENUM - ok
17:08:53.0807 4860	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:08:53.0823 4860	isapnp - ok
17:08:53.0869 4860	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:08:53.0885 4860	iScsiPrt - ok
17:08:53.0901 4860	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:08:53.0916 4860	iteatapi - ok
17:08:53.0916 4860	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:08:53.0932 4860	iteraid - ok
17:08:53.0947 4860	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:08:53.0963 4860	kbdclass - ok
17:08:53.0963 4860	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:08:53.0994 4860	kbdhid - ok
17:08:54.0025 4860	KeyIso          (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
17:08:54.0041 4860	KeyIso - ok
17:08:54.0072 4860	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:08:54.0088 4860	KSecDD - ok
17:08:54.0150 4860	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:08:54.0213 4860	KtmRm - ok
17:08:54.0322 4860	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:08:54.0337 4860	LanmanServer - ok
17:08:54.0400 4860	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:08:54.0431 4860	LanmanWorkstation - ok
17:08:54.0478 4860	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
17:08:54.0478 4860	lirsgt - ok
17:08:54.0509 4860	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:08:54.0540 4860	lltdio - ok
17:08:54.0603 4860	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:08:54.0634 4860	lltdsvc - ok
17:08:54.0681 4860	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:08:54.0727 4860	lmhosts - ok
17:08:54.0759 4860	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:08:54.0759 4860	LSI_FC - ok
17:08:54.0774 4860	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:08:54.0790 4860	LSI_SAS - ok
17:08:54.0837 4860	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:08:54.0837 4860	LSI_SCSI - ok
17:08:54.0868 4860	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:08:54.0883 4860	luafv - ok
17:08:54.0930 4860	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:08:54.0930 4860	MBAMProtector - ok
17:08:55.0024 4860	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:08:55.0071 4860	MBAMService - ok
17:08:55.0102 4860	mcdbus          (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
17:08:55.0117 4860	mcdbus ( UnsignedFile.Multi.Generic ) - warning
17:08:55.0117 4860	mcdbus - detected UnsignedFile.Multi.Generic (1)
17:08:55.0133 4860	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:08:55.0149 4860	Mcx2Svc - ok
17:08:55.0180 4860	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:08:55.0195 4860	megasas - ok
17:08:55.0227 4860	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:08:55.0258 4860	MegaSR - ok
17:08:55.0305 4860	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:08:55.0336 4860	MMCSS - ok
17:08:55.0383 4860	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:08:55.0429 4860	Modem - ok
17:08:55.0461 4860	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:08:55.0476 4860	monitor - ok
17:08:55.0554 4860	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:08:55.0570 4860	mouclass - ok
17:08:55.0585 4860	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:08:55.0617 4860	mouhid - ok
17:08:55.0632 4860	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:08:55.0632 4860	MountMgr - ok
17:08:55.0663 4860	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:08:55.0679 4860	mpio - ok
17:08:55.0695 4860	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:08:55.0710 4860	mpsdrv - ok
17:08:55.0741 4860	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:08:55.0773 4860	MpsSvc - ok
17:08:55.0804 4860	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:08:55.0804 4860	Mraid35x - ok
17:08:55.0835 4860	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:08:55.0882 4860	MRxDAV - ok
17:08:55.0913 4860	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:08:55.0944 4860	mrxsmb - ok
17:08:55.0975 4860	mrxsmb10        (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:08:55.0991 4860	mrxsmb10 - ok
17:08:55.0991 4860	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:08:56.0022 4860	mrxsmb20 - ok
17:08:56.0038 4860	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:08:56.0053 4860	msahci - ok
17:08:56.0069 4860	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:08:56.0085 4860	msdsm - ok
17:08:56.0116 4860	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:08:56.0163 4860	MSDTC - ok
17:08:56.0194 4860	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:08:56.0225 4860	Msfs - ok
17:08:56.0256 4860	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:08:56.0256 4860	msisadrv - ok
17:08:56.0303 4860	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:08:56.0319 4860	MSiSCSI - ok
17:08:56.0334 4860	msiserver - ok
17:08:56.0365 4860	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:08:56.0397 4860	MSKSSRV - ok
17:08:56.0412 4860	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:08:56.0443 4860	MSPCLOCK - ok
17:08:56.0459 4860	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:08:56.0490 4860	MSPQM - ok
17:08:56.0521 4860	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:08:56.0537 4860	MsRPC - ok
17:08:56.0537 4860	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:08:56.0553 4860	mssmbios - ok
17:08:56.0599 4860	MSSQL$SQLEXPRESS - ok
17:08:56.0631 4860	MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:08:56.0646 4860	MSSQLServerADHelper100 - ok
17:08:56.0662 4860	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:08:56.0693 4860	MSTEE - ok
17:08:56.0740 4860	MTOnlPktAlyX    (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
17:08:56.0740 4860	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
17:08:56.0740 4860	MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
17:08:56.0771 4860	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:08:56.0787 4860	Mup - ok
17:08:56.0802 4860	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:08:56.0833 4860	napagent - ok
17:08:56.0865 4860	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:08:56.0880 4860	NativeWifiP - ok
17:08:56.0927 4860	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:08:56.0958 4860	NDIS - ok
17:08:57.0005 4860	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:08:57.0036 4860	NdisTapi - ok
17:08:57.0067 4860	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:08:57.0083 4860	Ndisuio - ok
17:08:57.0114 4860	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:08:57.0130 4860	NdisWan - ok
17:08:57.0145 4860	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:08:57.0161 4860	NDProxy - ok
17:08:57.0286 4860	Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:08:57.0317 4860	Nero BackItUp Scheduler 3 - ok
17:08:57.0379 4860	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:08:57.0426 4860	NetBIOS - ok
17:08:57.0442 4860	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:08:57.0473 4860	netbt - ok
17:08:57.0489 4860	Netlogon        (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
17:08:57.0504 4860	Netlogon - ok
17:08:57.0535 4860	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:08:57.0567 4860	Netman - ok
17:08:57.0645 4860	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:57.0645 4860	NetMsmqActivator - ok
17:08:57.0660 4860	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:57.0660 4860	NetPipeActivator - ok
17:08:57.0691 4860	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:08:57.0723 4860	netprofm - ok
17:08:57.0723 4860	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:57.0738 4860	NetTcpActivator - ok
17:08:57.0738 4860	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:08:57.0754 4860	NetTcpPortSharing - ok
17:08:57.0785 4860	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:08:57.0785 4860	nfrd960 - ok
17:08:57.0816 4860	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:08:57.0847 4860	NlaSvc - ok
17:08:57.0957 4860	NMIndexingService (cd4326bc339f98de21aa07b208a305ae) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:08:57.0988 4860	NMIndexingService - ok
17:08:58.0019 4860	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:08:58.0035 4860	Npfs - ok
17:08:58.0050 4860	npggsvc - ok
17:08:58.0066 4860	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:08:58.0097 4860	nsi - ok
17:08:58.0144 4860	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:08:58.0159 4860	nsiproxy - ok
17:08:58.0237 4860	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:08:58.0284 4860	Ntfs - ok
17:08:58.0315 4860	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:08:58.0347 4860	ntrigdigi - ok
17:08:58.0378 4860	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:08:58.0409 4860	Null - ok
17:08:58.0471 4860	NVHDA           (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
17:08:58.0471 4860	NVHDA - ok
17:08:58.0815 4860	nvlddmkm        (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:08:59.0064 4860	nvlddmkm - ok
17:08:59.0158 4860	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:08:59.0173 4860	nvraid - ok
17:08:59.0189 4860	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:08:59.0205 4860	nvstor - ok
17:08:59.0220 4860	nvstor32        (4876e7c3184bdf50ede043fef616b867) C:\Windows\system32\DRIVERS\nvstor32.sys
17:08:59.0236 4860	nvstor32 - ok
17:08:59.0283 4860	nvsvc           (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
17:08:59.0298 4860	nvsvc - ok
17:08:59.0454 4860	nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:08:59.0595 4860	nvUpdatusService - ok
17:08:59.0751 4860	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:08:59.0766 4860	nv_agp - ok
17:08:59.0766 4860	NwlnkFlt - ok
17:08:59.0782 4860	NwlnkFwd - ok
17:08:59.0860 4860	odserv          (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:08:59.0891 4860	odserv - ok
17:08:59.0938 4860	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:08:59.0985 4860	ohci1394 - ok
17:09:00.0031 4860	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:09:00.0047 4860	ose - ok
17:09:00.0094 4860	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:00.0156 4860	p2pimsvc - ok
17:09:00.0172 4860	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:00.0265 4860	p2psvc - ok
17:09:00.0297 4860	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:09:00.0343 4860	Parport - ok
17:09:00.0375 4860	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:09:00.0375 4860	partmgr - ok
17:09:00.0390 4860	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:09:00.0437 4860	Parvdm - ok
17:09:00.0453 4860	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:09:00.0484 4860	PcaSvc - ok
17:09:00.0515 4860	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:09:00.0515 4860	pci - ok
17:09:00.0546 4860	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:09:00.0546 4860	pciide - ok
17:09:00.0577 4860	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:09:00.0593 4860	pcmcia - ok
17:09:00.0640 4860	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:09:00.0702 4860	PEAUTH - ok
17:09:00.0749 4860	phmcd           (635b51b680014b22df8030e57a4ea2c0) C:\Windows\system32\DRIVERS\phmcd.sys
17:09:00.0765 4860	phmcd - ok
17:09:00.0811 4860	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:09:00.0905 4860	pla - ok
17:09:00.0999 4860	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
17:09:01.0014 4860	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
17:09:01.0014 4860	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
17:09:01.0045 4860	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:09:01.0077 4860	PlugPlay - ok
17:09:01.0108 4860	PnkBstrA        (a1dd33d16f277ce34124ee52ab2c0f14) C:\Windows\system32\PnkBstrA.exe
17:09:01.0108 4860	PnkBstrA - ok
17:09:01.0139 4860	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:01.0201 4860	PNRPAutoReg - ok
17:09:01.0201 4860	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:09:01.0248 4860	PNRPsvc - ok
17:09:01.0295 4860	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:09:01.0342 4860	PolicyAgent - ok
17:09:01.0373 4860	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:09:01.0404 4860	PptpMiniport - ok
17:09:01.0451 4860	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:09:01.0467 4860	Processor - ok
17:09:01.0498 4860	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:09:01.0529 4860	ProfSvc - ok
17:09:01.0529 4860	ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
17:09:01.0545 4860	ProtectedStorage - ok
17:09:01.0576 4860	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:09:01.0607 4860	PSched - ok
17:09:01.0623 4860	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
17:09:01.0623 4860	PxHelp20 - ok
17:09:01.0685 4860	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:09:01.0732 4860	ql2300 - ok
17:09:01.0763 4860	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:09:01.0779 4860	ql40xx - ok
17:09:01.0810 4860	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:09:01.0825 4860	QWAVE - ok
17:09:01.0841 4860	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:09:01.0857 4860	QWAVEdrv - ok
17:09:01.0857 4860	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:09:01.0903 4860	RasAcd - ok
17:09:01.0966 4860	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:09:01.0997 4860	RasAuto - ok
17:09:01.0997 4860	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:09:02.0044 4860	Rasl2tp - ok
17:09:02.0059 4860	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:09:02.0075 4860	RasMan - ok
17:09:02.0106 4860	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:09:02.0122 4860	RasPppoe - ok
17:09:02.0137 4860	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:09:02.0137 4860	RasSstp - ok
17:09:02.0200 4860	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:09:02.0231 4860	rdbss - ok
17:09:02.0247 4860	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:09:02.0278 4860	RDPCDD - ok
17:09:02.0325 4860	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:09:02.0356 4860	rdpdr - ok
17:09:02.0356 4860	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:09:02.0371 4860	RDPENCDD - ok
17:09:02.0403 4860	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:09:02.0434 4860	RDPWD - ok
17:09:02.0481 4860	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:09:02.0496 4860	RemoteAccess - ok
17:09:02.0512 4860	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:09:02.0527 4860	RemoteRegistry - ok
17:09:02.0574 4860	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
17:09:02.0590 4860	RFCOMM - ok
17:09:02.0637 4860	ROOTMODEM       (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
17:09:02.0668 4860	ROOTMODEM - ok
17:09:02.0699 4860	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:09:02.0730 4860	RpcLocator - ok
17:09:02.0777 4860	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:09:02.0824 4860	RpcSs - ok
17:09:02.0886 4860	RsFx0103        (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
17:09:02.0886 4860	RsFx0103 - ok
17:09:02.0917 4860	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:09:02.0964 4860	rspndr - ok
17:09:02.0980 4860	RTL8169         (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
17:09:03.0027 4860	RTL8169 - ok
17:09:03.0042 4860	SamSs           (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
17:09:03.0058 4860	SamSs - ok
17:09:03.0073 4860	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:09:03.0089 4860	sbp2port - ok
17:09:03.0120 4860	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:09:03.0136 4860	SCardSvr - ok
17:09:03.0167 4860	SCDEmu          (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
17:09:03.0183 4860	SCDEmu ( UnsignedFile.Multi.Generic ) - warning
17:09:03.0183 4860	SCDEmu - detected UnsignedFile.Multi.Generic (1)
17:09:03.0229 4860	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:09:03.0292 4860	Schedule - ok
17:09:03.0307 4860	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:09:03.0323 4860	SCPolicySvc - ok
17:09:03.0354 4860	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:09:03.0370 4860	SDRSVC - ok
17:09:03.0401 4860	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:09:03.0432 4860	secdrv - ok
17:09:03.0479 4860	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:09:03.0510 4860	seclogon - ok
17:09:03.0541 4860	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:09:03.0588 4860	SENS - ok
17:09:03.0635 4860	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:09:03.0666 4860	Serenum - ok
17:09:03.0697 4860	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:09:03.0729 4860	Serial - ok
17:09:03.0760 4860	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:09:03.0775 4860	sermouse - ok
17:09:03.0807 4860	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:09:03.0838 4860	SessionEnv - ok
17:09:03.0853 4860	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:09:03.0869 4860	sffdisk - ok
17:09:03.0885 4860	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:09:03.0916 4860	sffp_mmc - ok
17:09:03.0931 4860	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:09:03.0947 4860	sffp_sd - ok
17:09:03.0963 4860	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:09:03.0994 4860	sfloppy - ok
17:09:04.0025 4860	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:09:04.0072 4860	SharedAccess - ok
17:09:04.0087 4860	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:09:04.0134 4860	ShellHWDetection - ok
17:09:04.0150 4860	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:09:04.0165 4860	sisagp - ok
17:09:04.0181 4860	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:09:04.0197 4860	SiSRaid2 - ok
17:09:04.0212 4860	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:09:04.0228 4860	SiSRaid4 - ok
17:09:04.0337 4860	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:09:04.0446 4860	slsvc - ok
17:09:04.0571 4860	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:09:04.0602 4860	SLUINotify - ok
17:09:04.0649 4860	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:09:04.0665 4860	Smb - ok
17:09:04.0680 4860	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:09:04.0696 4860	SNMPTRAP - ok
17:09:04.0711 4860	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:09:04.0727 4860	spldr - ok
17:09:04.0743 4860	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:09:04.0774 4860	Spooler - ok
17:09:04.0836 4860	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
17:09:04.0836 4860	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
17:09:04.0836 4860	sptd ( LockedFile.Multi.Generic ) - warning
17:09:04.0836 4860	sptd - detected LockedFile.Multi.Generic (1)
17:09:04.0914 4860	SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
17:09:04.0945 4860	SQLAgent$SQLEXPRESS - ok
17:09:04.0977 4860	SQLBrowser      (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:09:04.0977 4860	SQLBrowser - ok
17:09:05.0008 4860	SQLWriter       (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:09:05.0008 4860	SQLWriter - ok
17:09:05.0101 4860	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:09:05.0179 4860	srv - ok
17:09:05.0211 4860	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:09:05.0257 4860	srv2 - ok
17:09:05.0304 4860	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:09:05.0304 4860	srvnet - ok
17:09:05.0335 4860	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:09:05.0367 4860	SSDPSRV - ok
17:09:05.0398 4860	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:09:05.0413 4860	ssmdrv - ok
17:09:05.0445 4860	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:09:05.0460 4860	SstpSvc - ok
17:09:05.0491 4860	Steam Client Service - ok
17:09:05.0523 4860	Stereo Service  (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:09:05.0538 4860	Stereo Service - ok
17:09:05.0585 4860	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:09:05.0616 4860	stisvc - ok
17:09:05.0632 4860	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:09:05.0632 4860	swenum - ok
17:09:05.0663 4860	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:09:05.0679 4860	swprv - ok
17:09:05.0710 4860	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:09:05.0710 4860	Symc8xx - ok
17:09:05.0741 4860	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:09:05.0741 4860	Sym_hi - ok
17:09:05.0757 4860	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:09:05.0757 4860	Sym_u3 - ok
17:09:05.0803 4860	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:09:05.0850 4860	SysMain - ok
17:09:05.0881 4860	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:09:05.0897 4860	TabletInputService - ok
17:09:05.0913 4860	tap0901         (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
17:09:05.0944 4860	tap0901 - ok
17:09:05.0959 4860	tap0901t        (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys
17:09:05.0975 4860	tap0901t - ok
17:09:06.0022 4860	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:09:06.0053 4860	TapiSrv - ok
17:09:06.0084 4860	TBPanel         (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys
17:09:06.0084 4860	TBPanel - ok
17:09:06.0115 4860	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:09:06.0147 4860	TBS - ok
17:09:06.0193 4860	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
17:09:06.0225 4860	Tcpip - ok
17:09:06.0240 4860	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
17:09:06.0271 4860	Tcpip6 - ok
17:09:06.0318 4860	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:09:06.0365 4860	tcpipreg - ok
17:09:06.0396 4860	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:09:06.0427 4860	TDPIPE - ok
17:09:06.0474 4860	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:09:06.0505 4860	TDTCP - ok
17:09:06.0521 4860	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:09:06.0552 4860	tdx - ok
17:09:06.0568 4860	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:09:06.0568 4860	TermDD - ok
17:09:06.0615 4860	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:09:06.0630 4860	TermService - ok
17:09:06.0677 4860	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:09:06.0693 4860	Themes - ok
17:09:06.0708 4860	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:09:06.0739 4860	THREADORDER - ok
17:09:06.0817 4860	TOSHIBA Bluetooth Service (ac88d258f20909eeb91796f490cfbb73) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:09:06.0833 4860	TOSHIBA Bluetooth Service - ok
17:09:06.0849 4860	tosporte        (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys
17:09:06.0864 4860	tosporte - ok
17:09:06.0895 4860	Tosrfbd         (00371ce4da09b68ba0ff953e61820981) C:\Windows\system32\DRIVERS\tosrfbd.sys
17:09:06.0895 4860	Tosrfbd - ok
17:09:06.0927 4860	tosrfbnp        (74392bab3f0d4810da8436ec79d6955d) C:\Windows\system32\Drivers\tosrfbnp.sys
17:09:06.0927 4860	tosrfbnp - ok
17:09:06.0958 4860	Tosrfcom        (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys
17:09:06.0958 4860	Tosrfcom - ok
17:09:06.0973 4860	Tosrfhid        (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys
17:09:06.0989 4860	Tosrfhid - ok
17:09:07.0020 4860	tosrfnds        (b2a1a6538245fd69578224bbf2fd4677) C:\Windows\system32\DRIVERS\tosrfnds.sys
17:09:07.0020 4860	tosrfnds - ok
17:09:07.0051 4860	TosRfSnd        (f1ca74cca8241d8b8a024aecc643c547) C:\Windows\system32\drivers\tosrfsnd.sys
17:09:07.0067 4860	TosRfSnd - ok
17:09:07.0083 4860	Tosrfusb        (f400fb9616261a1b66e6d2e04b6c3538) C:\Windows\system32\DRIVERS\tosrfusb.sys
17:09:07.0083 4860	Tosrfusb - ok
17:09:07.0129 4860	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:09:07.0161 4860	TrkWks - ok
17:09:07.0192 4860	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:09:07.0207 4860	TrustedInstaller - ok
17:09:07.0239 4860	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:09:07.0254 4860	tssecsrv - ok
17:09:07.0348 4860	TuneUp.UtilitiesSvc (06569e1e2f7eb137abcebf753ceaac20) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
17:09:07.0395 4860	TuneUp.UtilitiesSvc - ok
17:09:07.0473 4860	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
17:09:07.0473 4860	TuneUpUtilitiesDrv - ok
17:09:07.0566 4860	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:09:07.0613 4860	tunmp - ok
17:09:07.0629 4860	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:09:07.0644 4860	tunnel - ok
17:09:07.0722 4860	TunngleService  (4a531079746d39026d975d3b02f7e452) C:\Program Files\Tunngle\TnglCtrl.exe
17:09:07.0738 4860	TunngleService - ok
17:09:07.0785 4860	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:09:07.0800 4860	uagp35 - ok
17:09:07.0816 4860	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:09:07.0847 4860	udfs - ok
17:09:07.0878 4860	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:09:07.0894 4860	UI0Detect - ok
17:09:07.0909 4860	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:09:07.0909 4860	uliagpkx - ok
17:09:07.0956 4860	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:09:07.0956 4860	uliahci - ok
17:09:07.0987 4860	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:09:08.0003 4860	UlSata - ok
17:09:08.0019 4860	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:09:08.0034 4860	ulsata2 - ok
17:09:08.0050 4860	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:09:08.0081 4860	umbus - ok
17:09:08.0097 4860	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:09:08.0143 4860	upnphost - ok
17:09:08.0175 4860	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
17:09:08.0190 4860	usbaudio - ok
17:09:08.0206 4860	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:09:08.0237 4860	usbccgp - ok
17:09:08.0253 4860	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:09:08.0284 4860	usbcir - ok
17:09:08.0331 4860	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:09:08.0346 4860	usbehci - ok
17:09:08.0377 4860	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:09:08.0409 4860	usbhub - ok
17:09:08.0440 4860	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:09:08.0455 4860	usbohci - ok
17:09:08.0471 4860	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
17:09:08.0518 4860	usbprint - ok
17:09:08.0533 4860	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:09:08.0549 4860	USBSTOR - ok
17:09:08.0565 4860	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:09:08.0596 4860	usbuhci - ok
17:09:08.0611 4860	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:09:08.0627 4860	UxSms - ok
17:09:08.0658 4860	UxTuneUp        (c400fee3b8c966685c6f6865a25a85a1) C:\Windows\System32\uxtuneup.dll
17:09:08.0674 4860	UxTuneUp - ok
17:09:08.0689 4860	VClone          (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
17:09:08.0721 4860	VClone - ok
17:09:08.0736 4860	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:09:08.0799 4860	vds - ok
17:09:08.0830 4860	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:09:08.0861 4860	vga - ok
17:09:08.0877 4860	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:09:08.0908 4860	VgaSave - ok
17:09:08.0970 4860	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:09:08.0986 4860	viaagp - ok
17:09:09.0001 4860	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:09:09.0017 4860	ViaC7 - ok
17:09:09.0033 4860	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:09:09.0048 4860	viaide - ok
17:09:09.0064 4860	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:09:09.0064 4860	volmgr - ok
17:09:09.0095 4860	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:09:09.0111 4860	volmgrx - ok
17:09:09.0142 4860	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:09:09.0142 4860	volsnap - ok
17:09:09.0189 4860	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:09:09.0204 4860	vsmraid - ok
17:09:09.0267 4860	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:09:09.0345 4860	VSS - ok
17:09:09.0360 4860	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:09:09.0391 4860	W32Time - ok
17:09:09.0438 4860	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:09:09.0485 4860	WacomPen - ok
17:09:09.0501 4860	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:09.0516 4860	Wanarp - ok
17:09:09.0532 4860	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:09:09.0547 4860	Wanarpv6 - ok
17:09:09.0563 4860	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:09:09.0625 4860	wcncsvc - ok
17:09:09.0688 4860	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:09:09.0719 4860	WcsPlugInService - ok
17:09:09.0766 4860	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:09:09.0766 4860	Wd - ok
17:09:09.0797 4860	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:09:09.0813 4860	Wdf01000 - ok
17:09:09.0844 4860	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:09:09.0875 4860	WdiServiceHost - ok
17:09:09.0875 4860	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:09:09.0906 4860	WdiSystemHost - ok
17:09:09.0953 4860	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:09:09.0969 4860	WebClient - ok
17:09:09.0984 4860	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:09:10.0015 4860	Wecsvc - ok
17:09:10.0047 4860	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:09:10.0078 4860	wercplsupport - ok
17:09:10.0109 4860	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:09:10.0125 4860	WerSvc - ok
17:09:10.0187 4860	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:09:10.0203 4860	WinDefend - ok
17:09:10.0218 4860	WinHttpAutoProxySvc - ok
17:09:10.0265 4860	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:09:10.0296 4860	Winmgmt - ok
17:09:10.0343 4860	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:09:10.0405 4860	WinRM - ok
17:09:10.0468 4860	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:09:10.0515 4860	Wlansvc - ok
17:09:10.0577 4860	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:09:10.0593 4860	WmiAcpi - ok
17:09:10.0639 4860	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:09:10.0655 4860	wmiApSrv - ok
17:09:10.0749 4860	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:09:10.0811 4860	WMPNetworkSvc - ok
17:09:10.0827 4860	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:09:10.0858 4860	WPCSvc - ok
17:09:10.0889 4860	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:09:10.0936 4860	WPDBusEnum - ok
17:09:11.0076 4860	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:09:11.0154 4860	WPFFontCache_v0400 - ok
17:09:11.0217 4860	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:09:11.0263 4860	ws2ifsl - ok
17:09:11.0295 4860	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:09:11.0310 4860	wscsvc - ok
17:09:11.0310 4860	WSearch - ok
17:09:11.0404 4860	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:09:11.0497 4860	wuauserv - ok
17:09:11.0607 4860	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:09:11.0638 4860	WUDFRd - ok
17:09:11.0669 4860	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:09:11.0716 4860	wudfsvc - ok
17:09:11.0794 4860	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:09:11.0965 4860	\Device\Harddisk0\DR0 - ok
17:09:11.0965 4860	Boot (0x1200)   (be59a3d3ddb7b3e33df394f5ce29595e) \Device\Harddisk0\DR0\Partition0
17:09:11.0965 4860	\Device\Harddisk0\DR0\Partition0 - ok
17:09:11.0965 4860	============================================================
17:09:11.0965 4860	Scan finished
17:09:11.0965 4860	============================================================
17:09:11.0981 1484	Detected object count: 11
17:09:11.0981 1484	Actual detected object count: 11
17:10:11.0479 1484	Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484	Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0479 1484	BazisVirtualCDBus ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484	BazisVirtualCDBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0479 1484	ETService ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484	ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0479 1484	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0479 1484	hamachi_oem ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0479 1484	hamachi_oem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0495 1484	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0495 1484	mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484	mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0495 1484	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0495 1484	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0495 1484	SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484	SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:10:11.0495 1484	sptd ( LockedFile.Multi.Generic ) - skipped by user
17:10:11.0495 1484	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 08.05.2012, 17:53   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
malewarebytes scan mit vielen funden - Standard

malewarebytes scan mit vielen funden



Zitat:
kannst du denn jetzt schon genaueres sagen womit ichs vielleicht zu tun habe? wär nett wenn du die frage beantwortest
Genau sagen was vielleicht los sein könnte? Sry das macht so keinen Sinn
Ich kann sagen was los sein könnte, aber das macht eine Aussage nicht genau


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Antwort

Themen zu malewarebytes scan mit vielen funden
administrator, anti-malware, appdata, broken.opencommand, browser, dateien, dateisystem, desktop, explorer, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, install.exe, log, merkwürdig, microsoft, pup.funmoods, roaming, scan, system, trojan.agent, verbindung, vista



Ähnliche Themen: malewarebytes scan mit vielen funden


  1. Vorbeugende Scan? Malewarebytes/Adwcleaner/Junkware
    Plagegeister aller Art und deren Bekämpfung - 21.05.2015 (1)
  2. Avast mit 2 Funden
    Plagegeister aller Art und deren Bekämpfung - 06.10.2014 (3)
  3. Browser stürzt öfters ab und nach S+D sowie Malewarebytes-Scan fährt das Lapptop nicht mehr hoch
    Plagegeister aller Art und deren Bekämpfung - 30.05.2014 (19)
  4. Windows 7: PC-Scan mit Malewarebytes zeigt infizierte Dateien und Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.05.2014 (9)
  5. nach Scan mit Malewarebytes folgender Log
    Log-Analyse und Auswertung - 01.03.2014 (8)
  6. Sehr langsamer upload - Scan mit Malewarebytes - PUP.Optional.InstallCore.A
    Log-Analyse und Auswertung - 10.02.2014 (9)
  7. Virenbefall mit bisher unbekannt vielen Funden
    Plagegeister aller Art und deren Bekämpfung - 14.01.2014 (19)
  8. Malwarebytes mit extrem vielen Funden
    Log-Analyse und Auswertung - 10.09.2013 (3)
  9. PUP.LoadTubes nach Scan mit Malewarebytes gefunden
    Log-Analyse und Auswertung - 01.01.2013 (19)
  10. PUP.LoadTubes bei Scan mit Malewarebytes gefunden
    Log-Analyse und Auswertung - 23.11.2012 (21)
  11. Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt
    Log-Analyse und Auswertung - 21.08.2012 (27)
  12. SUISA Trojaner Screen trotz MalewareBytes Scan
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (7)
  13. OTL.exe mit diversen Funden - konfuse Situation
    Log-Analyse und Auswertung - 28.12.2011 (50)
  14. Probleme mit verschiedenen Funden
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (30)
  15. [doppelt] Scan mit Spybot und malewarebytes.Spybot...
    Mülltonne - 21.10.2011 (1)
  16. AntiVir mit 35 Funden, Trojaner in C:\WINDOWS\system32\ *.dll
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (25)
  17. escan mit wiederkehrenden funden?
    Log-Analyse und Auswertung - 30.09.2007 (6)

Zum Thema malewarebytes scan mit vielen funden - Guten Tag Ich habe heute mein system mit dem quickscan von malewarebytes gescanned, da ich durch tuneup ein autostartprogramm entdeckt hab was mir recht merkwürdig vorkam der name war userinit - malewarebytes scan mit vielen funden...
Archiv
Du betrachtest: malewarebytes scan mit vielen funden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.