Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira Fund EXP/2011-3544.CQ.1

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 20.05.2012, 13:46   #16
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



So ich habe mit OTL nochmal runtergeladen und es auf dem Destkop gespeichert.
Hier die 2 Logs:
Code:
ATTFilter
OTL logfile created on: 20.05.2012 14:36:40 - Run 4
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 63,92% Memory free
8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 54,08 Gb Free Space | 55,37% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 159,64 Gb Free Space | 81,74% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
 
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.20 14:34:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
PRC - [2012.05.20 11:50:59 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2012.05.08 21:28:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.25 23:42:44 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- E:\Hamachi\hamachi-2-ui.exe
PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009.05.04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.20 11:51:00 | 000,592,896 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0011\~de6248.tmp
MOD - [2012.05.20 11:50:59 | 000,697,884 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0011\~df394b.tmp
MOD - [2012.05.14 19:29:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.14 15:39:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 15:39:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.06 11:27:39 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.04.25 23:42:44 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.29 14:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.06.16 17:52:21 | 000,008,704 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll
MOD - [2011.06.16 17:52:21 | 000,007,680 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll
MOD - [2011.06.16 17:52:21 | 000,006,144 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.04.20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.25 23:42:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.30 12:26:16 | 001,295,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.13 18:38:00 | 004,241,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.30 17:42:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.10.30 17:41:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.08.10 15:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 18:52:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.17 18:52:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.11.25 15:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.05 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2001.08.25 16:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD A4 04 C7 29 31 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2922AFAD-0159-43EB-8D35-9DA555BFC30A}
IE - HKCU\..\SearchScopes\{2922AFAD-0159-43EB-8D35-9DA555BFC30A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}:5.0.18
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: d2nagent@isaaclw.com:0.4.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 23:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.14 16:29:46 | 000,000,000 | ---D | M]
 
[2010.10.29 19:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions
[2012.05.19 15:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions
[2012.02.13 12:07:38 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2012.03.29 22:47:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.05 22:07:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.05.19 15:23:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.01 21:11:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\plugin@yontoo.com
[2012.05.14 21:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-1.xml
[2012.05.14 16:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.14 16:33:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.05.11 18:24:02 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\EXTENSIONS\D2NAGENT@ISAACLW.COM.XPI
[2012.04.25 23:42:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.14 16:33:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.23 20:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Joel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Translator = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
CHR - Extension: Google Mail = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [ASRockOCTuner]  File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC940EA-F80F-41D9-B652-128D376145C8}: DhcpNameServer = 192.168.1.1 217.237.151.97
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.20 14:34:04 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2012.05.14 19:42:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.05.14 16:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.05.14 16:33:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.05.14 16:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.05.14 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Secunia PSI (BETA)
[2012.05.14 16:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.05.14 15:08:25 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.13 23:47:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012.05.13 23:47:21 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.05.13 23:47:21 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012.05.13 23:47:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.05.13 23:47:13 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012.05.13 23:47:13 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012.05.13 23:47:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012.05.13 23:47:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012.05.13 23:47:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012.05.13 23:47:12 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012.05.13 23:47:12 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012.05.13 23:47:12 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012.05.13 23:47:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012.05.13 23:47:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012.05.13 23:47:12 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012.05.13 23:47:12 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012.05.13 23:47:12 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012.05.13 23:47:08 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.05.13 23:47:07 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.05.13 23:47:07 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.05.13 23:47:07 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.05.13 23:47:05 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.05.13 23:47:05 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.05.13 23:46:49 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012.05.13 23:46:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.13 23:46:46 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012.05.13 23:46:45 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012.05.13 23:46:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012.05.13 23:46:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012.05.13 23:46:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012.05.13 23:46:37 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012.05.13 23:46:37 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012.05.13 23:46:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012.05.13 23:46:37 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012.05.13 23:44:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.05.13 23:44:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.05.13 23:24:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.05.13 23:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.13 11:22:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.05.12 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.12 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.12 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.12 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.05.12 12:08:29 | 000,839,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.12 12:08:28 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.05.12 12:08:28 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.05.12 12:08:22 | 000,189,384 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.05.12 12:08:22 | 000,188,872 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.05.12 12:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.12 11:43:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.12 02:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.11 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Malwarebytes
[2012.05.11 18:31:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.10 06:59:01 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 06:58:02 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 06:58:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 06:58:01 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.20 14:34:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2012.05.20 13:53:11 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.20 13:53:11 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.20 11:55:10 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.20 11:55:10 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.20 11:55:10 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.20 11:55:10 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.20 11:55:10 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.20 11:50:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.20 11:50:29 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.15 12:56:47 | 000,307,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.14 19:42:40 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.05.14 16:33:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.05.14 16:33:26 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.05.14 16:31:29 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.05.14 16:17:26 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.14 16:12:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.14 16:12:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.14 15:31:24 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.13 23:30:22 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.05.13 23:30:22 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012.05.13 13:44:23 | 544,077,993 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.12 12:34:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.12 12:22:26 | 000,132,796 | ---- | M] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg
[2012.05.12 12:15:31 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.12 12:08:04 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.05.12 12:08:04 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.12 12:08:04 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.05.12 12:08:04 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.05.12 12:08:04 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.05.12 02:22:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 18:31:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.06 22:27:36 | 000,156,374 | ---- | M] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.04.29 17:16:42 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.14 19:42:40 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.05.14 16:31:29 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.05.14 16:17:26 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.14 16:07:48 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.05.13 13:44:23 | 544,077,993 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.05.12 12:34:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.12 12:22:18 | 000,132,796 | ---- | C] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg
[2012.05.12 12:15:31 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.12 12:15:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.12 02:22:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 18:31:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.06 22:27:36 | 000,156,374 | ---- | C] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.14 01:34:30 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 17:41:38 | 105,854,917 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\.minecraft.rar
[2011.09.23 19:41:14 | 000,000,807 | ---- | C] () -- C:\Windows\eReg.dat
[2011.08.02 19:12:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.05.22 19:08:16 | 000,007,605 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg
[2011.05.02 22:01:15 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.02 22:01:15 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.10 14:26:13 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.11.03 22:26:04 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.10.30 17:43:02 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010.10.30 17:43:02 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010.10.30 17:43:02 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010.10.30 17:42:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.10.30 17:42:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
 
========== LOP Check ==========
 
[2012.05.19 14:21:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft
[2011.05.19 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\aaa
[2011.02.03 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Ashampoo
[2010.12.02 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited
[2011.01.28 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FOG Downloader
[2011.08.02 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack
[2012.05.12 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\go
[2012.02.13 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\gtk-2.0
[2012.05.20 14:36:43 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICQ
[2012.01.14 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICSharpCode
[2011.12.31 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Leadertech
[2010.12.26 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\LolClient
[2011.05.17 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Notepad++
[2012.01.14 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\NuGet
[2010.11.02 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\OpenOffice.org
[2010.10.30 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Opera
[2011.08.16 00:47:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TeamViewer
[2012.02.04 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Teeworlds
[2012.04.23 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TS3Client
[2012.03.18 10:47:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Und der Extras Log:
Code:
ATTFilter
OTL Extras logfile created on: 20.05.2012 14:36:40 - Run 4
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 63,92% Memory free
8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 54,08 Gb Free Space | 55,37% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 159,64 Gb Free Space | 81,74% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
 
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015815D5-4987-4150-9D7A-F49B9F7D5396}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05EBCCD6-652A-44CA-94E9-E57F8FF52600}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{06FA5D42-DFB0-43D1-B7D7-DFBA6422BACF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{088EC2C0-2CEA-4D29-8E3A-5BC6E17937E1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0EDD4EB9-0141-455D-9869-5381630AA28B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{11124883-B46D-4855-8250-DD475A4450D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{11A2AE83-0D1A-4044-9EA4-F3FC9A6AF2F9}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{12381292-6D93-4B38-9CAA-EB4B17D2AB73}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{19B708A7-7745-4D63-A51A-751417C1C5E1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2135EF7B-ABE1-4308-A8B5-B1E1D2F362F7}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{245E9322-C745-4F47-B696-F263FAD6BA38}" = lport=6889 | protocol=17 | dir=in | name=teeworlds 6889 | 
"{26E18C0F-89A8-40EE-B0E8-74745893CF29}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{2BCA9D23-17DE-40B5-8956-536B7F56943A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2DA99FB8-C4C6-4827-B4EB-134F1BBF2347}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3846C789-5684-43E0-9C11-DDDA5AC2205A}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3CE6A1A6-8931-4FDA-ACB7-0D68F8946B24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DD2EBCF-BC0B-46F1-BEB1-CB58F2E65B7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3FA2AA14-4FF3-41D9-9933-898491A8BD5E}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{4A9E817D-66BF-42F7-BE98-4F37970322BB}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher | 
"{4C7BEE98-F2F3-4C05-84AC-40AF57B7367F}" = lport=8303 | protocol=6 | dir=in | name=teeworlds 8303 | 
"{541ADF90-38D5-4693-ACB5-4A564C8085F3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{57B3AD67-C67C-4D4B-81D1-24525953D8ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{712ED346-27E9-411E-A1DB-BB3532EFD6B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7550083D-8366-456B-B103-512A483711FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7FC55C48-E1F7-4431-B5DC-9F9D444A98F0}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{8CA0D869-4A94-4DDF-8AD7-1D6C6ABA9A6F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{90260A72-7C51-4B92-BBA0-C9601E4CFC14}" = lport=137 | protocol=17 | dir=in | app=system | 
"{94C425E1-132A-4F32-8420-B01024B7A645}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{AF4B6F89-C56C-4714-AB97-84E206950D7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFF3AA23-9A5C-4C27-A1A8-C71198CE1C9C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C8D3113E-3008-42E5-8128-862A1139E7E4}" = lport=8303 | protocol=17 | dir=in | name=teeworlds 8303 | 
"{C8FF6561-17F4-4395-97DD-A94AC3D92833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CFDEFD51-A904-405A-83E7-B82E240785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4CB7803-B589-43B8-A12D-6E054869F04F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{D6B45973-2137-4C51-89AF-88D1ED1B86DD}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{DADA2499-EB5D-4D4B-9C25-EB8AE22216D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DDE33CEC-4819-4165-8E5A-FC118D7824B2}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe | 
"{E0F2A274-ACD8-4DAE-98E5-F9CB96999C05}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{E860FF78-F313-4A86-A9F6-4A25D60C7C76}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{E9F41EDC-A75F-4CF9-B45C-8B59470A88A0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EBAAA8FB-EE5E-4D9C-B789-DAFAF2302B15}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher | 
"{EC717585-9A40-4B80-822F-B922F7225B6B}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{F7E65764-E8BC-43CD-8379-1B573B36D4F3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FA262EBD-ADCA-44BE-8B37-025647D07DB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA8481E5-AF40-4F49-821C-04D8A55A9539}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FD9831E4-DDFC-45D7-9D5D-26B7A280F5D6}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{FE14AF1F-F279-4CF9-8D44-436CD5C52E30}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3B126-5F17-43AC-B5F8-5308CBEBC442}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{0E866DD7-C829-40E7-86BB-7ADE18317CB1}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2editor.exe | 
"{1A15FD6B-66CC-4499-95F8-0A4704128839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BD50DC6-91B6-4E81-93C0-D914DE6940BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CAB8500-5FBC-4D0B-AC57-862DF5B4FCAF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D6D9081-B49B-45A3-AD35-38697A98CBC5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{1DD0803B-C9BC-48F4-A29A-B2DFEA15FC3B}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{23C1D74F-982F-48CB-BE6E-179079715A8A}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{2980A7BE-7C96-472E-94E2-1655BFB5ABFC}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3245222B-3529-4C6D-A44B-4965FD2D4BF2}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{33328ADB-1A55-4554-ADE1-97F6BDF67CB4}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3CE72F82-D496-44CD-BEE9-59D94F70DA9F}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{42EE1539-3799-4CB6-9280-B99B08FA2E51}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4AD08C25-9E9B-46D5-9CA6-F93EFADB2001}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4FE91235-CB14-4A92-9197-76224023C725}" = protocol=58 | dir=in | app=system | 
"{5108EEC9-83CD-4EFE-A7B6-45EA62B06744}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{52764308-B504-4B40-934F-42FB2E462B67}" = protocol=17 | dir=in | app=e:\far cry 2\bin\farcry2.exe | 
"{57B906E3-9808-4E95-B071-8E9A8546FF35}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{5C244910-F9D9-439B-918F-22807DF574E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{600EFF9C-C1E7-4214-9C47-1328DFACD1B0}" = protocol=6 | dir=out | app=system | 
"{605C8B43-1D1D-4210-944C-326BD8D13605}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61BFECEE-5A94-40F9-8395-3030C378BFCD}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{665EE240-9017-40A5-BC67-7E33C9BF1BA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69078C34-E2F9-4E08-B796-4CB9554E522C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6A1776CA-3594-4245-A668-15FD1BAFEAB0}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2editor.exe | 
"{76EF8693-A675-4258-878F-1E8331258C53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{792616E3-4491-4D5E-BF85-699167F5D06E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CEEDD4F-F520-4689-BD77-E863AF242D04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{80902871-5467-415E-8A7F-0FBC14CE5AAF}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe | 
"{8132ECDD-BD30-4E30-83FF-DACEA64249B5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{8B718EAC-453F-4770-9A91-B722EDCB5229}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{8BD19A94-2866-4DB0-997C-BA8313179C68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90B29A8C-07D4-4FA8-B437-372618C0E054}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe | 
"{95ACD2CD-8FBD-491F-B65E-93F7E61FC6A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A4D77DD2-7F25-4CDB-B66B-C2779EA49D70}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe | 
"{A9461706-D7AA-451B-A0F0-35F0D8F86C3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A9EA04DD-B6D9-49AF-84D0-34A21A9DC884}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{AD9F48D9-D24B-437B-8225-A71D72AB9D01}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{AF98AE5C-1802-4662-AB77-C4EAF0D40CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{BB3FDDCF-593C-4FED-8177-2CEBF9B876F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BD89DF75-6603-4B1E-8B3B-18571CE447EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BF72DDE1-60A7-4EC6-9F75-2A09A053835E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C760398A-B8AF-4F00-A259-1CD29D9C6248}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{C8EA45EE-3F6D-4393-8033-EF756008536B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D15DB42D-7FFD-441B-9CEC-FAFBADEC5832}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{DC00E59C-509D-47EE-94E7-8D35DAB582AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DCAA34C4-8967-42E4-9C78-E9956F3C99B8}" = protocol=6 | dir=in | app=e:\far cry 2\bin\farcry2.exe | 
"{DCB87F33-6EC8-4205-8D96-4444FC969B3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3C22EB4-9D0A-4100-B80F-1720117B69AF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{EE2F26C4-A33E-4F03-9FA8-B391F9652B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEA942E7-DD54-4CE3-9BF6-302536EED318}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{EEFB4877-B4D1-46A2-80CB-68D11A9A95BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F18CDE47-D147-4493-8719-911BC85815F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{F55BAB88-E7B2-4587-83F1-F061E59292E9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{F6B7F342-6C59-467F-93A9-4DD469789FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7B31CA4-7E0F-4495-B49F-AADAF19AC1A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FCC5FE58-F9BF-4219-9C75-AF67E4D16254}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{FDB0D687-F909-4780-88F0-871C9B48F49F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{073D0A6D-EA75-4A3D-999C-EFE9F9AE03BE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | 
"TCP Query User{08120891-AC55-4A3F-8B9A-7189CDB31059}E:\runes of magic\launcher.exe" = protocol=6 | dir=in | app=e:\runes of magic\launcher.exe | 
"TCP Query User{0F5C36C0-7EE5-4213-BC9E-0A4C7E30463A}E:\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=e:\urbanterror\iourbanterror.exe | 
"TCP Query User{1702350D-7D8E-49F4-BD9A-1481CBEC6825}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe | 
"TCP Query User{1F5934C3-A05B-469D-A920-C93A55B72337}E:\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\runes of magic\client.exe | 
"TCP Query User{2DD4A950-554B-41AC-9BE5-1C9CB737EE03}E:\age of empires 2\empires2.exe" = protocol=6 | dir=in | app=e:\age of empires 2\empires2.exe | 
"TCP Query User{33AE62CA-5396-44C9-8DEE-C79E74321E4D}E:\njam\njam.exe" = protocol=6 | dir=in | app=e:\njam\njam.exe | 
"TCP Query User{42355D16-A3D8-4F51-867C-4ECD1083F2F4}E:\mirc\mirc.exe" = protocol=6 | dir=in | app=e:\mirc\mirc.exe | 
"TCP Query User{60F5A421-F134-494C-9412-D47E063047C9}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe | 
"TCP Query User{7D5DB9CE-ABFE-4DDF-A061-08CB79AEB9CF}E:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"TCP Query User{967A166B-39B2-4214-B950-5B99F1604481}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{AC2CE038-B41C-4CFE-822D-AB7FB1D38E39}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{C3DDD949-FC0A-434A-9C69-5147C5752836}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{0A856155-4C77-4DCF-BEC9-D28558A76A27}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{0B31C258-5707-421D-A622-702B6C248E48}E:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"UDP Query User{1EFF81D8-9DA8-4B64-968C-7E8EEC6943DE}E:\runes of magic\launcher.exe" = protocol=17 | dir=in | app=e:\runes of magic\launcher.exe | 
"UDP Query User{2BD8ECDB-C61C-41D0-A08E-BB42CBDA032D}E:\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\runes of magic\client.exe | 
"UDP Query User{2C29389C-B73A-4E2B-B303-79A30D00295D}E:\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=e:\urbanterror\iourbanterror.exe | 
"UDP Query User{34CBF9A0-42B6-4A84-8F3A-CF5C9765C80B}E:\age of empires 2\empires2.exe" = protocol=17 | dir=in | app=e:\age of empires 2\empires2.exe | 
"UDP Query User{58AE977F-B7DC-4C39-835D-56EB78482958}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{753EADA8-C870-408E-B86E-DF7B0DA963A7}E:\njam\njam.exe" = protocol=17 | dir=in | app=e:\njam\njam.exe | 
"UDP Query User{9CE78EEB-CEBF-4F55-9179-B97C83428D8A}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{DE0C055B-D2C0-483F-B300-94D2EB7D1586}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe | 
"UDP Query User{E0EB627E-59EE-48F3-A037-EDE088A9CFEE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | 
"UDP Query User{FDFE606C-9EA9-48A5-97BA-701C72E61D04}E:\mirc\mirc.exe" = protocol=17 | dir=in | app=e:\mirc\mirc.exe | 
"UDP Query User{FEFAD096-12E3-4147-94AB-9DE82B585771}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Explorer Suite_is1" = Explorer Suite III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05248BF9-6E23-4AF0-A1CB-C378F9D25524}" = SharpDevelop 4.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = Die Sims - Megastar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27A48664-BDDF-4AA3-8627-47CB8AC7D8A4}_is1" = Robokill
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Divine Divinity" = Divine Divinity
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"FreePascal_is1" = Free Pascal 2.6.0
"HyperCam 2" = HyperCam 2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Jagged Alliance 2 Wildfire" = Jagged Alliance 2 Wildfire
"Jagged Alliance 2: Unfinished Business" = Jagged Alliance 2: Unfinished Business
"Little Fighter 2" = Little Fighter 2 1.9c
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"mIRC" = mIRC
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Njam_is1" = Njam 1.21
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"Pangya" = Pangya (Ntreev SG Interactive)
"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood
"Secunia PSI" = Secunia PSI (3.0.0.0006)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Urban Terror_is1" = Urban Terror 4.1
"VirtualCloneDrive" = VirtualCloneDrive
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.1
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 21.05.2012, 08:27   #17
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {2922AFAD-0159-43EB-8D35-9DA555BFC30A}
IE - HKCU\..\SearchScopes\{2922AFAD-0159-43EB-8D35-9DA555BFC30A}: "URL" = http://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
ATTFilter
[2011.05.19 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\aaa
         
__________________

__________________

Alt 21.05.2012, 15:00   #18
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



1. Habe den Fix ausgeführt:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2922AFAD-0159-43EB-8D35-9DA555BFC30A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2922AFAD-0159-43EB-8D35-9DA555BFC30A}\ not found.
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=" removed from keyword.URL
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Joel\Desktop\cmd.bat deleted successfully.
C:\Users\Joel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Joel
->Temp folder emptied: 240232520 bytes
->Temporary Internet Files folder emptied: 134197006 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 962731618 bytes
->Google Chrome cache emptied: 10233460 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 2140 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 233804604 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.508,00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05212012_154937

Files\Folders moved on Reboot...
C:\Users\Joel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
2. Hier die 2 Scan Logs:
Code:
ATTFilter
OTL logfile created on: 21.05.2012 15:54:43 - Run 5
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,10% Memory free
8,00 Gb Paging File | 6,25 Gb Available in Paging File | 78,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 55,58 Gb Free Space | 56,92% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 159,64 Gb Free Space | 81,74% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
 
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.21 15:52:12 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2012.05.20 14:34:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
PRC - [2012.05.08 21:28:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.25 23:42:44 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- E:\Hamachi\hamachi-2-ui.exe
PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009.05.04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.21 15:52:12 | 000,697,884 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp
MOD - [2012.05.21 15:52:12 | 000,592,896 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp
MOD - [2012.05.14 19:29:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.14 15:39:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 15:39:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.25 23:42:44 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.29 14:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.06.16 17:52:21 | 000,008,704 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll
MOD - [2011.06.16 17:52:21 | 000,007,680 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll
MOD - [2011.06.16 17:52:21 | 000,006,144 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.04.20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.25 23:42:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.30 12:26:16 | 001,295,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.13 18:38:00 | 004,241,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.30 17:42:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.10.30 17:41:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.08.10 15:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 18:52:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.17 18:52:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.11.25 15:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.05 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2001.08.25 16:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD A4 04 C7 29 31 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}:5.0.18
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: d2nagent@isaaclw.com:0.4.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 23:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.14 16:29:46 | 000,000,000 | ---D | M]
 
[2010.10.29 19:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions
[2012.05.19 15:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions
[2012.02.13 12:07:38 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2012.03.29 22:47:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.05 22:07:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.05.19 15:23:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.01 21:11:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\plugin@yontoo.com
[2012.05.14 21:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-1.xml
[2012.05.14 16:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.14 16:33:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.05.11 18:24:02 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\EXTENSIONS\D2NAGENT@ISAACLW.COM.XPI
[2012.04.25 23:42:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.14 16:33:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.23 20:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Joel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Translator = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
CHR - Extension: Google Mail = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [ASRockOCTuner]  File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC940EA-F80F-41D9-B652-128D376145C8}: DhcpNameServer = 192.168.1.1 217.237.151.97
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.20 14:34:04 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2012.05.14 19:42:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.05.14 16:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.05.14 16:33:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.05.14 16:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.05.14 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Secunia PSI (BETA)
[2012.05.14 16:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.05.14 15:08:25 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.13 23:47:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012.05.13 23:47:21 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.05.13 23:47:21 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012.05.13 23:47:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.05.13 23:47:13 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012.05.13 23:47:13 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012.05.13 23:47:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012.05.13 23:47:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012.05.13 23:47:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012.05.13 23:47:12 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012.05.13 23:47:12 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012.05.13 23:47:12 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012.05.13 23:47:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012.05.13 23:47:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012.05.13 23:47:12 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012.05.13 23:47:12 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012.05.13 23:47:12 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012.05.13 23:47:08 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.05.13 23:47:07 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.05.13 23:47:07 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.05.13 23:47:07 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.05.13 23:47:05 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.05.13 23:47:05 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.05.13 23:46:49 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012.05.13 23:46:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.13 23:46:46 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012.05.13 23:46:45 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012.05.13 23:46:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012.05.13 23:46:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012.05.13 23:46:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012.05.13 23:46:37 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012.05.13 23:46:37 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012.05.13 23:46:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012.05.13 23:46:37 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012.05.13 23:44:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.05.13 23:44:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.05.13 23:24:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.05.13 23:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.13 11:22:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.05.12 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.12 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.12 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.12 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.05.12 12:08:29 | 000,839,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.12 12:08:28 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.05.12 12:08:28 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.05.12 12:08:22 | 000,189,384 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.05.12 12:08:22 | 000,188,872 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.05.12 12:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.12 11:43:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.12 02:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.11 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Malwarebytes
[2012.05.11 18:31:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.10 06:59:01 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 06:58:02 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 06:58:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 06:58:01 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.21 15:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.21 15:51:25 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.21 15:50:47 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.21 15:50:47 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.21 14:55:09 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.21 14:55:09 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.21 14:55:09 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.21 14:55:09 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.21 14:55:09 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.20 14:34:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2012.05.15 12:56:47 | 000,307,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.14 19:42:40 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.05.14 16:33:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.05.14 16:33:26 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.05.14 16:31:29 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.05.14 16:17:26 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.14 16:12:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.14 16:12:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.14 15:31:24 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.13 23:30:22 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.05.13 23:30:22 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012.05.13 13:44:23 | 544,077,993 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.12 12:34:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.12 12:22:26 | 000,132,796 | ---- | M] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg
[2012.05.12 12:15:31 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.12 12:08:04 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.05.12 12:08:04 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.12 12:08:04 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.05.12 12:08:04 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.05.12 12:08:04 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.05.12 02:22:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 18:31:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.06 22:27:36 | 000,156,374 | ---- | M] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.04.29 17:16:42 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.14 19:42:40 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.05.14 16:31:29 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.05.14 16:17:26 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.14 16:07:48 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.05.13 13:44:23 | 544,077,993 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.05.12 12:34:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.12 12:22:18 | 000,132,796 | ---- | C] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg
[2012.05.12 12:15:31 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.12 12:15:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.12 02:22:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 18:31:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.06 22:27:36 | 000,156,374 | ---- | C] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.14 01:34:30 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 17:41:38 | 105,854,917 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\.minecraft.rar
[2011.09.23 19:41:14 | 000,000,807 | ---- | C] () -- C:\Windows\eReg.dat
[2011.08.02 19:12:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.05.22 19:08:16 | 000,007,605 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg
[2011.05.02 22:01:15 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.02 22:01:15 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.10 14:26:13 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.11.03 22:26:04 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.10.30 17:43:02 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010.10.30 17:43:02 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010.10.30 17:43:02 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010.10.30 17:42:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.10.30 17:42:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
 
========== LOP Check ==========
 
[2012.05.19 14:21:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft
[2011.02.03 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Ashampoo
[2010.12.02 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited
[2011.01.28 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FOG Downloader
[2011.08.02 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack
[2012.05.12 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\go
[2012.02.13 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\gtk-2.0
[2012.05.20 21:41:17 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICQ
[2012.01.14 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICSharpCode
[2011.12.31 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Leadertech
[2010.12.26 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\LolClient
[2011.05.17 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Notepad++
[2012.01.14 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\NuGet
[2010.11.02 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\OpenOffice.org
[2010.10.30 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Opera
[2011.08.16 00:47:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TeamViewer
[2012.02.04 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Teeworlds
[2012.04.23 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TS3Client
[2012.03.18 10:47:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Und der Extras Log:
Code:
ATTFilter
OTL Extras logfile created on: 21.05.2012 15:54:43 - Run 5
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,10% Memory free
8,00 Gb Paging File | 6,25 Gb Available in Paging File | 78,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 55,58 Gb Free Space | 56,92% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 159,64 Gb Free Space | 81,74% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
 
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015815D5-4987-4150-9D7A-F49B9F7D5396}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05EBCCD6-652A-44CA-94E9-E57F8FF52600}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{06FA5D42-DFB0-43D1-B7D7-DFBA6422BACF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{088EC2C0-2CEA-4D29-8E3A-5BC6E17937E1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0EDD4EB9-0141-455D-9869-5381630AA28B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{11124883-B46D-4855-8250-DD475A4450D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{11A2AE83-0D1A-4044-9EA4-F3FC9A6AF2F9}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{12381292-6D93-4B38-9CAA-EB4B17D2AB73}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{19B708A7-7745-4D63-A51A-751417C1C5E1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2135EF7B-ABE1-4308-A8B5-B1E1D2F362F7}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{245E9322-C745-4F47-B696-F263FAD6BA38}" = lport=6889 | protocol=17 | dir=in | name=teeworlds 6889 | 
"{26E18C0F-89A8-40EE-B0E8-74745893CF29}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{2BCA9D23-17DE-40B5-8956-536B7F56943A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2DA99FB8-C4C6-4827-B4EB-134F1BBF2347}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3846C789-5684-43E0-9C11-DDDA5AC2205A}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3CE6A1A6-8931-4FDA-ACB7-0D68F8946B24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DD2EBCF-BC0B-46F1-BEB1-CB58F2E65B7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3FA2AA14-4FF3-41D9-9933-898491A8BD5E}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{4A9E817D-66BF-42F7-BE98-4F37970322BB}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher | 
"{4C7BEE98-F2F3-4C05-84AC-40AF57B7367F}" = lport=8303 | protocol=6 | dir=in | name=teeworlds 8303 | 
"{541ADF90-38D5-4693-ACB5-4A564C8085F3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{57B3AD67-C67C-4D4B-81D1-24525953D8ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{712ED346-27E9-411E-A1DB-BB3532EFD6B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7550083D-8366-456B-B103-512A483711FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7FC55C48-E1F7-4431-B5DC-9F9D444A98F0}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{8CA0D869-4A94-4DDF-8AD7-1D6C6ABA9A6F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{90260A72-7C51-4B92-BBA0-C9601E4CFC14}" = lport=137 | protocol=17 | dir=in | app=system | 
"{94C425E1-132A-4F32-8420-B01024B7A645}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{AF4B6F89-C56C-4714-AB97-84E206950D7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFF3AA23-9A5C-4C27-A1A8-C71198CE1C9C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C8D3113E-3008-42E5-8128-862A1139E7E4}" = lport=8303 | protocol=17 | dir=in | name=teeworlds 8303 | 
"{C8FF6561-17F4-4395-97DD-A94AC3D92833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CFDEFD51-A904-405A-83E7-B82E240785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4CB7803-B589-43B8-A12D-6E054869F04F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{D6B45973-2137-4C51-89AF-88D1ED1B86DD}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{DADA2499-EB5D-4D4B-9C25-EB8AE22216D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DDE33CEC-4819-4165-8E5A-FC118D7824B2}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe | 
"{E0F2A274-ACD8-4DAE-98E5-F9CB96999C05}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{E860FF78-F313-4A86-A9F6-4A25D60C7C76}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{E9F41EDC-A75F-4CF9-B45C-8B59470A88A0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EBAAA8FB-EE5E-4D9C-B789-DAFAF2302B15}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher | 
"{EC717585-9A40-4B80-822F-B922F7225B6B}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{F7E65764-E8BC-43CD-8379-1B573B36D4F3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FA262EBD-ADCA-44BE-8B37-025647D07DB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA8481E5-AF40-4F49-821C-04D8A55A9539}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FD9831E4-DDFC-45D7-9D5D-26B7A280F5D6}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{FE14AF1F-F279-4CF9-8D44-436CD5C52E30}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3B126-5F17-43AC-B5F8-5308CBEBC442}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{0E866DD7-C829-40E7-86BB-7ADE18317CB1}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2editor.exe | 
"{1A15FD6B-66CC-4499-95F8-0A4704128839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BD50DC6-91B6-4E81-93C0-D914DE6940BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1C3CDBD3-2ED0-4107-AE8E-8A4BB26D476D}" = protocol=58 | dir=in | app=system | 
"{1CAB8500-5FBC-4D0B-AC57-862DF5B4FCAF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D6D9081-B49B-45A3-AD35-38697A98CBC5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{1DD0803B-C9BC-48F4-A29A-B2DFEA15FC3B}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{23C1D74F-982F-48CB-BE6E-179079715A8A}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{2980A7BE-7C96-472E-94E2-1655BFB5ABFC}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3245222B-3529-4C6D-A44B-4965FD2D4BF2}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{33328ADB-1A55-4554-ADE1-97F6BDF67CB4}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3B009646-4C28-4925-9134-435F98D54D15}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{3CE72F82-D496-44CD-BEE9-59D94F70DA9F}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{42EE1539-3799-4CB6-9280-B99B08FA2E51}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4AD08C25-9E9B-46D5-9CA6-F93EFADB2001}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5108EEC9-83CD-4EFE-A7B6-45EA62B06744}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{52764308-B504-4B40-934F-42FB2E462B67}" = protocol=17 | dir=in | app=e:\far cry 2\bin\farcry2.exe | 
"{57B906E3-9808-4E95-B071-8E9A8546FF35}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{5C244910-F9D9-439B-918F-22807DF574E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{600EFF9C-C1E7-4214-9C47-1328DFACD1B0}" = protocol=6 | dir=out | app=system | 
"{605C8B43-1D1D-4210-944C-326BD8D13605}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61BFECEE-5A94-40F9-8395-3030C378BFCD}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{665EE240-9017-40A5-BC67-7E33C9BF1BA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69078C34-E2F9-4E08-B796-4CB9554E522C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6A1776CA-3594-4245-A668-15FD1BAFEAB0}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2editor.exe | 
"{76EF8693-A675-4258-878F-1E8331258C53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{792616E3-4491-4D5E-BF85-699167F5D06E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CEEDD4F-F520-4689-BD77-E863AF242D04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{80902871-5467-415E-8A7F-0FBC14CE5AAF}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe | 
"{8132ECDD-BD30-4E30-83FF-DACEA64249B5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{8B718EAC-453F-4770-9A91-B722EDCB5229}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{8BD19A94-2866-4DB0-997C-BA8313179C68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90B29A8C-07D4-4FA8-B437-372618C0E054}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe | 
"{95ACD2CD-8FBD-491F-B65E-93F7E61FC6A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A4D77DD2-7F25-4CDB-B66B-C2779EA49D70}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe | 
"{A9461706-D7AA-451B-A0F0-35F0D8F86C3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A9EA04DD-B6D9-49AF-84D0-34A21A9DC884}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{AD9F48D9-D24B-437B-8225-A71D72AB9D01}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{AF98AE5C-1802-4662-AB77-C4EAF0D40CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{BB3FDDCF-593C-4FED-8177-2CEBF9B876F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BD89DF75-6603-4B1E-8B3B-18571CE447EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BF72DDE1-60A7-4EC6-9F75-2A09A053835E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C760398A-B8AF-4F00-A259-1CD29D9C6248}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{C8EA45EE-3F6D-4393-8033-EF756008536B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D15DB42D-7FFD-441B-9CEC-FAFBADEC5832}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{DC00E59C-509D-47EE-94E7-8D35DAB582AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DCAA34C4-8967-42E4-9C78-E9956F3C99B8}" = protocol=6 | dir=in | app=e:\far cry 2\bin\farcry2.exe | 
"{DCB87F33-6EC8-4205-8D96-4444FC969B3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3C22EB4-9D0A-4100-B80F-1720117B69AF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{EE2F26C4-A33E-4F03-9FA8-B391F9652B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEA942E7-DD54-4CE3-9BF6-302536EED318}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{EEFB4877-B4D1-46A2-80CB-68D11A9A95BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F18CDE47-D147-4493-8719-911BC85815F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{F6B7F342-6C59-467F-93A9-4DD469789FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7B31CA4-7E0F-4495-B49F-AADAF19AC1A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FCC5FE58-F9BF-4219-9C75-AF67E4D16254}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{FDB0D687-F909-4780-88F0-871C9B48F49F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{073D0A6D-EA75-4A3D-999C-EFE9F9AE03BE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | 
"TCP Query User{08120891-AC55-4A3F-8B9A-7189CDB31059}E:\runes of magic\launcher.exe" = protocol=6 | dir=in | app=e:\runes of magic\launcher.exe | 
"TCP Query User{0F5C36C0-7EE5-4213-BC9E-0A4C7E30463A}E:\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=e:\urbanterror\iourbanterror.exe | 
"TCP Query User{1702350D-7D8E-49F4-BD9A-1481CBEC6825}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe | 
"TCP Query User{1F5934C3-A05B-469D-A920-C93A55B72337}E:\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\runes of magic\client.exe | 
"TCP Query User{2DD4A950-554B-41AC-9BE5-1C9CB737EE03}E:\age of empires 2\empires2.exe" = protocol=6 | dir=in | app=e:\age of empires 2\empires2.exe | 
"TCP Query User{33AE62CA-5396-44C9-8DEE-C79E74321E4D}E:\njam\njam.exe" = protocol=6 | dir=in | app=e:\njam\njam.exe | 
"TCP Query User{42355D16-A3D8-4F51-867C-4ECD1083F2F4}E:\mirc\mirc.exe" = protocol=6 | dir=in | app=e:\mirc\mirc.exe | 
"TCP Query User{60F5A421-F134-494C-9412-D47E063047C9}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe | 
"TCP Query User{7D5DB9CE-ABFE-4DDF-A061-08CB79AEB9CF}E:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"TCP Query User{967A166B-39B2-4214-B950-5B99F1604481}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{AC2CE038-B41C-4CFE-822D-AB7FB1D38E39}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{C3DDD949-FC0A-434A-9C69-5147C5752836}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{0A856155-4C77-4DCF-BEC9-D28558A76A27}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{0B31C258-5707-421D-A622-702B6C248E48}E:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"UDP Query User{1EFF81D8-9DA8-4B64-968C-7E8EEC6943DE}E:\runes of magic\launcher.exe" = protocol=17 | dir=in | app=e:\runes of magic\launcher.exe | 
"UDP Query User{2BD8ECDB-C61C-41D0-A08E-BB42CBDA032D}E:\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\runes of magic\client.exe | 
"UDP Query User{2C29389C-B73A-4E2B-B303-79A30D00295D}E:\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=e:\urbanterror\iourbanterror.exe | 
"UDP Query User{34CBF9A0-42B6-4A84-8F3A-CF5C9765C80B}E:\age of empires 2\empires2.exe" = protocol=17 | dir=in | app=e:\age of empires 2\empires2.exe | 
"UDP Query User{58AE977F-B7DC-4C39-835D-56EB78482958}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{753EADA8-C870-408E-B86E-DF7B0DA963A7}E:\njam\njam.exe" = protocol=17 | dir=in | app=e:\njam\njam.exe | 
"UDP Query User{9CE78EEB-CEBF-4F55-9179-B97C83428D8A}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{DE0C055B-D2C0-483F-B300-94D2EB7D1586}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe | 
"UDP Query User{E0EB627E-59EE-48F3-A037-EDE088A9CFEE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | 
"UDP Query User{FDFE606C-9EA9-48A5-97BA-701C72E61D04}E:\mirc\mirc.exe" = protocol=17 | dir=in | app=e:\mirc\mirc.exe | 
"UDP Query User{FEFAD096-12E3-4147-94AB-9DE82B585771}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Explorer Suite_is1" = Explorer Suite III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05248BF9-6E23-4AF0-A1CB-C378F9D25524}" = SharpDevelop 4.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = Die Sims - Megastar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27A48664-BDDF-4AA3-8627-47CB8AC7D8A4}_is1" = Robokill
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Divine Divinity" = Divine Divinity
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"FreePascal_is1" = Free Pascal 2.6.0
"HyperCam 2" = HyperCam 2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Jagged Alliance 2 Wildfire" = Jagged Alliance 2 Wildfire
"Jagged Alliance 2: Unfinished Business" = Jagged Alliance 2: Unfinished Business
"Little Fighter 2" = Little Fighter 2 1.9c
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"mIRC" = mIRC
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Njam_is1" = Njam 1.21
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"Pangya" = Pangya (Ntreev SG Interactive)
"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood
"Secunia PSI" = Secunia PSI (3.0.0.0006)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Urban Terror_is1" = Urban Terror 4.1
"VirtualCloneDrive" = VirtualCloneDrive
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.1
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
3. Hm ich weiß auch nicht genau wofür der Ordner war, scheint wohl so als ob ich den irgendwann mal erstellt hatte. Er war leer und ich habe ihn jetzt gelöscht.
__________________

Alt 21.05.2012, 21:16   #19
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - Extension: Babylon Translator = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

► sonst noch Probleme, oder alles im grünen Bereich?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 21.05.2012, 21:59   #20
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Hier der Fix Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
File C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll not found.
C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Joel\Desktop\cmd.bat deleted successfully.
C:\Users\Joel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Joel
->Temp folder emptied: 61499 bytes
->Temporary Internet Files folder emptied: 7502267 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 383539569 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1818 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 373,00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05212012_225149

Files\Folders moved on Reboot...
C:\Users\Joel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Sontige Probleme habe ich derzeit keine. Ich hatte vor einiges Zeit immer mal wieder einen Bluescreen (Abstand variierte, manchmal war innerhalb von 2 Tagen 2 Stück und dann wieder 3 Wochen nichts), zurzeit hatte ich aber schon seit einiger Zeit keinen mehr.
Sollte ich wegen den Bluescreens falls weider welche auftauchen ein neues Thema eröffnen?
Dann noch eine Frage, kennst du vielleicht ein Programm (kostenlos wäre gut) das die Aktuallität der Treiber überprüft?
Und dann noch eine Frage wegen der Kompromittierung eines Systems, ist es da theoretisch auch möglich, dass man zwar keine Anzeichen hat und Virenscanner auch nichts finden, da das System sozusagen falsche Angaben macht, aber doch ein Virus auf dem PC vorhanden ist?
Nochmal vielen Dank für deine Hilfe


Alt 22.05.2012, 11:17   #21
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Zitat:
Sollte ich wegen den Bluescreens falls weider welche auftauchen ein neues Thema eröffnen?
Wenn das dann eben ein paar Tage hintereinander passiert, dann ja

Zitat:
Dann noch eine Frage, kennst du vielleicht ein Programm (kostenlos wäre gut) das die Aktuallität der Treiber überprüft?
am besten auf die Herstellerseite gehen und die aktuellsten Treiber/ Software herunterladen und installieren.

Zitat:
Und dann noch eine Frage wegen der Kompromittierung eines Systems, ist es da theoretisch auch möglich, dass man zwar keine Anzeichen hat und Virenscanner auch nichts finden, da das System sozusagen falsche Angaben macht, aber doch ein Virus auf dem PC vorhanden ist?
"theoretisch auch möglich", da kein Programm findet alles, wir auch nicht...insbesondere dann, wenn es sich um einen Backdoor oder/auch Rootkit handelt!
** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!


Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________
--> Avira Fund EXP/2011-3544.CQ.1

Geändert von kira (22.05.2012 um 11:23 Uhr)

Alt 27.05.2012, 11:03   #22
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Ich hatte jetzt wieder gesterrn 2 Bluescreens und heute auch einen.
Soll ich diesen Thread weiterverwenden oder einen neuen deswegen aufmachen?

Alt 27.05.2012, 20:33   #23
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



habe mal alle Logfiles nochmal angeschaut. Nun ja ...neben dem Hauptproblem Nr.1 (dass Du seit längere Zeit ohne SP1 unterwegs warst), liegt auch auf jeden Fall ein technisches Problem (auch) vor! Ich würde eine komplette Neuinstallation vorschlagen, da es ist eine optimale Lösung für die Fehlerbehebung alle Computer Probleme. Aus der Ferne, über das Internet nach Fehler zu suchen und zu beheben oft nicht möglich. Danach hat den großen Vorteil, wenn dein Rechner ohne Fehler läuft, dass Du auch einen Virenverdacht definitiv ausschließen kannst. Danach das SP1 nicht vergessen gleich aufspielen!

Tipps & Hilfe:
-> Anleitung: Neuaufsetzen des Systems + Absicherung
-> Neuaufsetzen (Windows XP, Vista und Windows 7) - Anleitungen
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Avira Fund EXP/2011-3544.CQ.1
.dll, administrator, appdata, autostart, avg, avira, blaster, datei, dateisystem, desktop, deutsch, entfernen, exp/2011-3544.cq.1, explorer, forum, free, google, heuristiks/extra, heuristiks/shuriken, modul, monitor.exe, namen, nt.dll, problem, programm, prozesse, pup.bundleoffer.downloader.s, pup.offerbundler.st, registry, shutdown, sound, trojan.agent.h, trojan.fakealert, verweise, windows



Ähnliche Themen: Avira Fund EXP/2011-3544.CQ.1


  1. Java/Exploit.CVE-2011-3544.BR trojan
    Log-Analyse und Auswertung - 28.11.2012 (14)
  2. Exp/cve-2011-3544
    Log-Analyse und Auswertung - 15.10.2012 (1)
  3. AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (33)
  4. Exploits EXP/CVE-2011-3544.BU von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (37)
  5. Laptop befallen von: Exploit.Java.cve-2011-3544.ji, Was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (12)
  6. Exploits EXP/CVE-2011-3544.CF - Ist alles weg?
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (2)
  7. Trojanerfund EXP/2011-3544.BY & TR/Ransom.Ej.13 & W32/Parite.BadClean.Gen
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (6)
  8. Exp/2011-3544.hh
    Log-Analyse und Auswertung - 26.04.2012 (1)
  9. Avira meldet EXP/2011-3544.BW.1 und JAVA/Dldr.OpenS.H
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (5)
  10. EXP/2011-3544.BU.1 in AppData\Local\Temp\jar_cache1546302327481531767.tmp
    Log-Analyse und Auswertung - 27.03.2012 (24)
  11. EXP/2011-3544.BU.1 mittels Avira AntiVir gefunden
    Log-Analyse und Auswertung - 19.03.2012 (8)
  12. Avira meldet EXP/2011-3544.BY.1, ist mein System noch sicher?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (5)
  13. Avira hat TR/Maljava.A.43 und Exploits EXP/CVE-2011-3544.AZ gefunden - und nun?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (33)
  14. Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 24.02.2012 (22)
  15. 2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (30)
  16. exploit.java.cve-2011-3544 irreparabel
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (23)
  17. EXP/2011-3544.AK und EXP/2010-0840.CN
    Plagegeister aller Art und deren Bekämpfung - 29.01.2012 (4)

Zum Thema Avira Fund EXP/2011-3544.CQ.1 - So ich habe mit OTL nochmal runtergeladen und es auf dem Destkop gespeichert. Hier die 2 Logs: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 20.05.2012 14:36:40 - Run - Avira Fund EXP/2011-3544.CQ.1...
Archiv
Du betrachtest: Avira Fund EXP/2011-3544.CQ.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.