Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   2 trojaner auf meinen pc (https://www.trojaner-board.de/110524-2-trojaner-meinen-pc.html)

pino1987 27.02.2012 15:33
2 trojaner auf meinen pc
 
Hallo leute ich brauche umbedingt eure erfahrung ich habe 2 trojaner auf meiner kiste und ich weis nicht wie ich die weg bekommen!

Nummer 1: Win32:AGENT-AOEG der ist hier drinne C:/Windows/system32/DllHost


Nummer 2: Win32:Agent-AOEG der ist hier versteckt C:/Windows/system32/pngl1ba6.dll


Da ich nicht so viel erfahrungen mit trojaner habe hoffe ich sehr das ihr mir helfen könnt Vielen dank im vorraus

markusg 27.02.2012 16:07
hi,
welches programm hat das gefunden?
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

pino1987 27.02.2012 18:23
Gefunden hat es Avast antivirus!OTL Logfile:
Code:
OTL logfile created on: 27.02.2012 17:58:56 - Run 1
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\user\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 66,59% Memory free
6,72 Gb Paging File | 5,68 Gb Available in Paging File | 84,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 567,19 Gb Free Space | 60,89% Space Free | Partition Type: NTFS
 
Computer Name: AMD-DESKTOP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.27 17:51:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012.02.10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.10 04:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.02.09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.11.28 13:19:56 | 000,265,120 | ---- | M] () -- C:\Programme\Common Files\WireHelpSvc.exe
PRC - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.07 23:46:06 | 000,271,408 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2011.01.05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010.10.27 03:51:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.10.27 03:51:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.10.15 19:42:14 | 000,326,704 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.24 09:53:13 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.10 20:37:48 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012.02.10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.29 12:26:58 | 000,212,992 | ---- | M] (Works Ltd.) [Auto | Running] -- C:\Windows\System32\aptwtmt29.dll -- (LanmanWorkstation)
SRV - [2011.12.06 21:51:17 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.11.28 13:19:56 | 000,265,120 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.07 23:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011.01.07 23:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011.01.05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010.10.27 03:51:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.10.15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.10 05:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 13:19:46 | 000,836,496 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2010.12.06 10:16:50 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2010.10.27 04:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.10.27 03:14:02 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.09.22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010.09.22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.08.10 09:15:30 | 010,502,784 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.12.26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2005.10.13 16:19:12 | 008,701,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Deutschland - die andere Suchmaschine
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.27 10:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011.04.16 18:43:35 | 000,000,000 | ---D | M]
 
[2011.12.18 23:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.02.27 14:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\1746t83a.default\extensions
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\searchplugins\askcom.xml
[2012.02.27 10:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.27 10:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1746T83A.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1746T83A.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1746T83A.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.02.22 20:26:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.22 21:10:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.22 20:53:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.22 21:10:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.22 21:10:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.22 21:10:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.22 21:10:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\user\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\user\Desktop\PartyPoker.lnk File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11217339-B9C5-42CA-BCB2-E5DF062EE5FB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32C157FA-02A1-4CCC-B8A1-5DA6393B39B0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6E2342F-BC02-462C-8840-95824956CCAA}: NameServer = 10.48.8.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:1eb13b0a4)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: EADM - hkey= - key= - C:\Program Files\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
MsConfig - StartUpReg: ESL Wire - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.27 17:51:50 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.02.27 11:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012.02.27 11:31:29 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012.02.27 11:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.02.27 11:31:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TestApp
[2012.02.27 11:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.02.27 10:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.02.27 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.02.26 14:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.02.26 14:13:32 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.02.22 13:14:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Systweak
[2012.02.22 13:14:41 | 000,017,280 | ---- | C] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\System32\roboot.exe
[2012.02.16 01:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.16 01:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.12 17:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.02.10 15:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.02.02 17:45:48 | 000,433,664 | ---- | C] (Bluw (Hong Kong) Limited) -- C:\Windows\System32\drivers\hidyjy59.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.27 17:51:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.02.27 16:57:02 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 16:57:02 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 15:48:07 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.27 15:47:49 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.02.27 15:47:29 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.02.27 15:03:47 | 000,671,212 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.27 15:03:47 | 000,631,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.27 15:03:47 | 000,144,186 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.27 15:03:47 | 000,118,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.27 14:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.27 14:56:58 | 3488,731,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.27 14:34:52 | 000,237,568 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.27 14:34:34 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2012.02.27 11:32:14 | 002,061,481 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012.02.27 10:59:57 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.23 20:31:02 | 737,044,480 | ---- | M] () -- C:\Users\user\Desktop\2012-Underworld_Awakening-cineonws512.avi
[2012.02.17 08:47:10 | 000,312,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.10 16:00:58 | 000,017,280 | ---- | M] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\System32\roboot.exe
[2012.02.10 15:54:21 | 000,000,932 | ---- | M] () -- C:\Users\user\Desktop\FL Studio 9.lnk
[2012.02.10 05:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.02.10 05:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012.02.09 20:05:44 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.02 17:45:48 | 000,433,664 | ---- | M] (Bluw (Hong Kong) Limited) -- C:\Windows\System32\drivers\hidyjy59.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.27 14:37:33 | 3488,731,136 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.27 11:31:38 | 002,061,481 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012.02.27 10:59:57 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.27 10:59:57 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.23 20:17:33 | 737,044,480 | ---- | C] () -- C:\Users\user\Desktop\2012-Underworld_Awakening-cineonws512.avi
[2012.02.10 15:54:21 | 000,000,932 | ---- | C] () -- C:\Users\user\Desktop\FL Studio 9.lnk
[2012.02.09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.03 10:00:30 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.01.04 19:01:43 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.12.11 15:00:33 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.12.10 00:12:55 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.06 22:36:38 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.05.10 20:31:20 | 000,027,503 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2011.04.15 14:18:54 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2011.04.15 14:18:54 | 000,345,600 | ---- | C] () -- C:\Windows\tsnp325.exe
[2011.04.15 14:18:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2011.04.15 14:18:54 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2011.04.15 14:18:54 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2011.04.15 14:18:54 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys
[2011.04.15 14:13:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2011.04.14 21:27:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.01.25 22:33:55 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.01.17 22:37:19 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.01.17 22:37:19 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.06 10:04:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.01.06 10:04:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.06 10:04:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.06 09:47:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.12.27 02:07:02 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.27 02:07:01 | 000,138,056 | ---- | C] () -- C:\Users\user\AppData\Roaming\PnkBstrK.sys
[2010.12.27 02:06:46 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.12.27 02:06:41 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.12.27 02:06:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.12.14 21:40:05 | 000,237,568 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.11 21:30:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.11 21:04:43 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010.10.27 03:13:02 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.09.22 19:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.17 19:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== LOP Check ==========
 
[2011.04.01 11:29:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2011.01.21 22:14:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avnex
[2011.01.07 03:12:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2010.12.11 21:23:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canneverbe Limited
[2011.06.03 10:49:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.03.20 20:11:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.23 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2011.12.14 15:50:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gutscheinmieze
[2011.03.23 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX
[2011.01.15 21:28:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Need for Speed World
[2012.02.10 15:54:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2011.12.19 02:20:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Screaming Bee
[2011.04.01 11:26:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2012.02.22 15:18:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Systweak
[2012.02.03 09:59:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012.02.27 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TestApp
[2011.12.08 16:03:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ts3client
[2011.03.20 18:45:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue
[2011.12.01 09:01:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VoipBuster
[2012.02.27 14:55:56 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.09 23:51:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.12.11 21:27:13 | 000,000,000 | ---D | M] -- C:\ATI
[2011.01.21 22:15:51 | 000,000,000 | ---D | M] -- C:\AV_LOGS
[2011.04.14 22:06:03 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.03.13 01:35:40 | 000,000,000 | ---D | M] -- C:\Casino
[2006.11.02 14:02:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.11 21:02:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.16 12:57:53 | 000,000,000 | ---D | M] -- C:\Down
[2011.06.01 22:08:45 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.02.18 22:00:33 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2011.12.08 18:54:49 | 000,000,000 | -H-D | M] -- C:\Infovox2.lic
[2011.12.15 20:48:52 | 000,000,000 | ---D | M] -- C:\LISA
[2011.01.05 15:57:30 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.11.16 12:57:44 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2011.01.03 14:19:43 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.27 14:42:18 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.27 11:31:02 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.11 21:02:31 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.17 17:58:29 | 000,000,000 | ---D | M] -- C:\Programs
[2012.02.27 18:01:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.26 14:16:56 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.27 13:34:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010.12.12 18:20:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010.12.12 18:20:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010.12.12 18:20:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.12.12 18:18:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.12.12 18:18:11 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.12.12 18:18:11 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.12.12 18:48:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010.12.12 18:48:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010.12.12 18:18:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.12.12 17:33:34 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2010.12.12 17:33:34 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.02.27 17:58:51 | 004,718,592 | -HS- | M] () -- C:\Users\user\NTUSER.DAT
[2012.02.27 17:58:51 | 000,262,144 | -H-- | M] () -- C:\Users\user\ntuser.dat.LOG1
[2010.12.11 21:04:40 | 000,000,000 | -H-- | M] () -- C:\Users\user\ntuser.dat.LOG2
[2012.02.27 14:55:54 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2012.02.27 14:55:54 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010.12.11 21:11:28 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010.12.11 21:04:41 | 000,000,020 | -HS- | M] () -- C:\Users\user\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
--- --- ---





OTL Logfile:
Code:
OTL Extras logfile created on: 27.02.2012 17:58:56 - Run 1
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\user\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 66,59% Memory free
6,72 Gb Paging File | 5,68 Gb Available in Paging File | 84,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 567,19 Gb Free Space | 60,89% Space Free | Partition Type: NTFS
 
Computer Name: AMD-DESKTOP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{142B1129-2CEC-4ECB-83B2-E30CE1967C50}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F6EB448-6468-4508-87FB-F1F0CC590196}" = lport=445 | protocol=6 | dir=in | app=system |
"{243A51B4-8005-4FC0-8063-0C0E5ECF4403}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E1C7AF0-49AB-4CDA-9722-7D22DA9240F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47D3056C-8539-4DD5-94C1-6A4FF1953A41}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{57E361C6-23DF-46EF-8BBD-2A3D6B143389}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{69088081-9D9C-4C8D-9227-C924F716563A}" = rport=139 | protocol=6 | dir=out | app=system |
"{6B7631D4-66E3-45FB-ACC3-C541C795AC35}" = lport=139 | protocol=6 | dir=in | app=system |
"{74AB50D8-7B61-4DF2-A5E4-043A3D50CDE1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{77AD3238-D2D8-4F88-8DD6-4F67925718ED}" = rport=445 | protocol=6 | dir=out | app=system |
"{787EC1F9-FE4C-4821-80D2-D5748FC2912F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{845F6BE5-C07A-4833-93A2-BAA4B73824DD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9FFF5332-68E4-4004-8CA8-26F78BFD38D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB35D11F-9CA4-4281-A239-077561086177}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C65EC404-1C65-4D82-A295-D78626DBE158}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBB1E917-451E-46F3-B57F-7BBBB8963AC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D3167965-3C58-42D3-A846-FE2379C4C1E6}" = lport=137 | protocol=17 | dir=in | app=system |
"{D328B082-4CBB-4302-8075-DC6474DB3637}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5CEF831-6FF4-452E-8945-44137C43ACD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DCC3AC00-EA30-4759-9348-CBED1654996B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DEA69F55-FCE3-4923-90C8-837D61324230}" = rport=138 | protocol=17 | dir=out | app=system |
"{F86676F7-040A-4ABA-B73F-BA0582D839FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0202D04F-9078-4AF0-8F16-FA93335128B8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{06362CCF-D0A6-41E6-AAFE-A901DFBCAC42}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{07195692-68A5-470F-87C9-947DCF18CDF0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{077B1B13-D484-4214-8175-84549C0641CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord\overlord.exe |
"{0AE16801-612F-45A0-BD41-5BD7BB4CBE58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0B0CCDCE-861C-40BE-8B3E-796EFD5C9319}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{0B665A62-FB51-4205-86C4-8C61FA60201E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pino2011\counter-strike source\hl2.exe |
"{16C3C645-3678-439B-A1B2-381E97EE27F8}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{17DBE1EF-F8F4-4B47-A2E7-AA4CFE53C6DE}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{1B17EB45-D2CC-4C0B-89A3-9D249FA0F75F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{1E981C2D-D395-455B-A30A-785634FDA0DE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{1ED59583-5D90-40D5-B531-FED7EC1EE202}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\blackmann1987\counter-strike source\hl2.exe |
"{2083C6A2-A568-437E-9799-FE3772EF5DA2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{28B58DBB-49AC-4D65-8F2A-D31D71AF020C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{2BB5B26D-AEE2-4599-899E-72D4BF6DD2D5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{2CB50FE2-BFB9-48EC-902F-C702EDEC7120}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{2D35F187-0FF2-4C93-9BA7-476261BC31C9}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2D395DF7-D8FE-4DBF-B55C-EC3F35A71BC9}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{2F539017-8922-448A-A412-AE02BE029040}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pino2011\counter-strike\hl.exe |
"{30095AC7-DFCF-4403-AD3E-41577A906FF8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{31C7C5DD-1F8D-4E50-A746-9D892F1C0DA5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{375318C3-13E9-4C90-9B68-0D636B53F47B}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{37A1BCEA-2F27-4487-978E-67082159B77C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3AE1EB7C-930A-4FBA-9635-E436BBE0461B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3E4252D3-065D-4D67-BD25-2C3EB4D1F1DF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{43BD014A-24D3-4F99-8CA5-4AF869C39A80}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{4452ECB7-E4EC-48D1-9525-9012378D4531}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord\config.exe |
"{46D51A7A-55BC-48D0-882A-47E631301C6E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{491C4C19-7705-409A-90C5-76C8D6EFCA49}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{4FAFEF04-5543-4B0A-BE0E-CDD9A44ACA75}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord\config.exe |
"{58C520EF-5DCD-44FC-AEA5-3D45B6FA00BE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{5ACFD045-65CF-4D21-B3C6-E4896A4D7FF5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{5D8E7CC5-297E-4B4E-A7BE-CA5131C95251}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{5EBB1458-7CAA-4519-BCFF-5D094328EC90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{652749E5-4E95-4BC9-828B-8B2F84944244}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{656A7BA7-A39B-4C7F-A0D2-4E650C857CB5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6B5E834E-0BAF-46DD-99FC-7692A22FFE1C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pino2011\counter-strike\hl.exe |
"{7584A946-1DF5-4329-9047-9CA42DF19964}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{77327678-C4B6-4259-AC15-C6741DAE5DAE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{7DE67346-E0F8-41F9-8917-119F3BC24571}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{7E3CA8E3-A081-48CB-AEF8-C4C1C46523E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{83A00C61-1C06-46E5-986C-69360E5B3D81}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{8FA30740-D7D7-41D8-90ED-4075576140AD}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{9D29F695-C81B-430D-B158-B2BF5F74A475}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9D62F74C-6421-4AB0-BFD3-88C8309A2ADB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9DA4D3B7-AC43-494E-BA30-28AE705FEB69}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{A7A6BA59-895F-41B3-A450-620C6A780293}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{AB0CD762-1211-4592-8BE5-DFF9A37C1D79}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{AC781A3E-B7B0-4760-9384-BA496DF005B5}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{ADE90F6D-5503-4733-A9F7-3D03420246AC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{AE23BC51-FF8C-418C-951E-8DD4265FC6A2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{AF24F831-7ED8-429D-A49E-89981950AD7E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pino2011\counter-strike source\hl2.exe |
"{B4595BD9-90D2-4FE0-868C-D8BAFC76C1EF}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{B694A48A-CA4F-4BE3-9747-D1E6B8D969AF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B6A3C179-15D5-429A-8CB6-43AF9D731CB5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{B83A2106-8708-412B-B211-5902326C83E9}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{BD6288D0-3A97-4CE7-9E33-96EBDDC5AABE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{BDAB4C8B-7231-467E-ACBC-1C222AC07CF5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{C44990E7-D476-4B72-8012-90632F973195}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord\overlord.exe |
"{D7A1F7E7-4E72-4729-A642-D075A73AC464}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{D85A054C-F58E-4CAC-B56A-678522304965}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{D9566748-6897-4CAB-A42A-0901BCC105C1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{DDC58119-82A2-43CF-BA8A-628E9ED0974A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DEF3F4C8-1A42-4165-B414-A0C8B78843E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\blackmann1987\counter-strike source\hl2.exe |
"{E424034D-7970-438E-902A-AF791AEA2AA3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{EB7E6497-CD26-4BE0-B855-E93484E87384}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"TCP Query User{1998303D-D7C8-4BAA-96BE-261398AD7F3E}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe |
"TCP Query User{5E49F600-A35E-4A99-B8D8-480505A30C36}C:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\shift 2 unleashed\shift2u.exe |
"TCP Query User{73BF4BCD-A2E9-4619-BCB0-6ED70477E6C5}C:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"TCP Query User{84E4AFAA-891C-41BF-AC85-41605FB77C37}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"TCP Query User{8831980F-8C81-4EFB-8398-F1D14A91A73E}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"TCP Query User{99DC76BC-BAB6-4619-B437-CEA181082A47}C:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"TCP Query User{ACFA982B-79DD-476F-B8D4-5803F83BEAC8}C:\program files\voipbuster.com\voipbuster\voipbuster.exe" = protocol=6 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
"TCP Query User{D6FA6432-F33D-4698-9E3E-04AF9B16338B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DF1F9CAF-AB65-4C92-A532-937383098807}C:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"TCP Query User{E74D1CD3-6BD5-42B5-878B-972A94287B0F}C:\program files\gamigo\levelr\levelr.bin" = protocol=6 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"TCP Query User{F1848D94-2EFA-49ED-973B-1B70EB756A34}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{0F3D45F8-0877-4A5E-BDC7-94C9143A9178}C:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\shift 2 unleashed\shift2u.exe |
"UDP Query User{29A12271-36C0-48B3-BF12-24674D599E31}C:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"UDP Query User{59B99BD8-46E2-46B1-A374-36C8A56C4E34}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"UDP Query User{89E8506A-D399-44E9-9C0D-09664BCDF10B}C:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"UDP Query User{A0BB4602-4C2B-46B6-9CA9-656DAF94A0F7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{A6036F21-470F-4238-81C0-869F0D40398E}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"UDP Query User{B5F21837-02D4-4288-94F9-B98101BFD47D}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe |
"UDP Query User{BB70B86B-D186-45D4-87F1-C0DEC46F2FF6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C15AC99B-88DC-4D2D-AC3F-087290F5F1B5}C:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"UDP Query User{D29DA6E4-DCFF-44B0-894E-3E69754DBF62}C:\program files\gamigo\levelr\levelr.bin" = protocol=17 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"UDP Query User{E7C4AB6E-522F-4613-B76D-0C54CD16B7CA}C:\program files\voipbuster.com\voipbuster\voipbuster.exe" = protocol=17 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0749E1E5-BD6B-474C-BD21-48891526113E}" = MAGIX Music Maker 17 Download-Version
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{300DFCBA-348B-4FD6-AE50-1D3CDFEE6314}" = MAGIX Speed burnR (MSI)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52C32940-C538-40CF-8DE9-B91090F49938}" = Infovox Desktop 2.2
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DC197D6-F4AB-44E0-ACF7-210355E6F389}" = Windows Speech Recognition Macros
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E04D1AC1-B3AF-4C1A-B7E0-B37A058271CE}" = MAGIX Screenshare
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F686C148-CBAE-483D-92CE-B4D6913BDD77}" = LevelR
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = SPEEDLINK Reflect2 Camera
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Any Video Converter_is1" = Any Video Converter 3.2.1
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DealPly" = DealPly
"Drumaxx" = Drumaxx
"EADM" = EA Download Manager
"ESL Wire_is1" = ESL Wire 1.11
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 9" = FL Studio 9
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Hardcore" = Hardcore
"HotspotShield" = Hotspot Shield 1.57
"ID2220Voices" = Infovox Desktop 2.220 voices
"IL Download Manager" = IL Download Manager
"LHTTSGED" = L&H TTS3000 Deutsch
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PartyPoker" = PartyPoker
"PoiZone" = PoiZone
"PriceGong" = PriceGong 2.1.0
"PunkBusterSvc" = PunkBuster Services
"Sakura" = Sakura
"Sawer" = Sawer
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 10" = Counter-Strike
"Steam App 11020" = TrackMania Nations Forever
"Steam App 113400" = APB Reloaded
"Steam App 11450" = Overlord
"Steam App 12710" = Overlord: Raising Hell
"Steam App 12810" = Overlord II
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 36630" = Rusty Hearts
"Steam App 630" = Alien Swarm
"Steam App 90530" = Rise of Immortals
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FoxTab PDF Creator" = FoxTab PDF Creator
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---






hoffe ihr könnt mir echt helfen =)

pino1987 27.02.2012 18:25
Gefunden hat es Avast antivirus!


OTL Logfile:
Code:
OTL logfile created on: 27.02.2012 17:58:56 - Run 1
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\user\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 66,59% Memory free
6,72 Gb Paging File | 5,68 Gb Available in Paging File | 84,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 567,19 Gb Free Space | 60,89% Space Free | Partition Type: NTFS
 
Computer Name: AMD-DESKTOP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.27 17:51:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012.02.10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.10 04:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.02.09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.11.28 13:19:56 | 000,265,120 | ---- | M] () -- C:\Programme\Common Files\WireHelpSvc.exe
PRC - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.07 23:46:06 | 000,271,408 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2011.01.05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010.10.27 03:51:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.10.27 03:51:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.10.15 19:42:14 | 000,326,704 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.24 09:53:13 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.10 20:37:48 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012.02.10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.29 12:26:58 | 000,212,992 | ---- | M] (Works Ltd.) [Auto | Running] -- C:\Windows\System32\aptwtmt29.dll -- (LanmanWorkstation)
SRV - [2011.12.06 21:51:17 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.11.28 13:19:56 | 000,265,120 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.07 23:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011.01.07 23:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011.01.05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010.10.27 03:51:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.10.15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.10 05:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 13:19:46 | 000,836,496 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2010.12.06 10:16:50 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2010.10.27 04:59:14 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.10.27 03:14:02 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.09.22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010.09.22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.08.10 09:15:30 | 010,502,784 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.12.26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2005.10.13 16:19:12 | 008,701,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com Deutschland - die andere Suchmaschine
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.27 10:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011.04.16 18:43:35 | 000,000,000 | ---D | M]
 
[2011.12.18 23:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.02.27 14:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\1746t83a.default\extensions
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\searchplugins\askcom.xml
[2012.02.27 10:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.27 10:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1746T83A.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1746T83A.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1746T83A.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.02.22 20:26:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.22 21:10:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.22 20:53:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.22 21:10:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.22 21:10:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.22 21:10:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.22 21:10:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\user\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\user\Desktop\PartyPoker.lnk File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11217339-B9C5-42CA-BCB2-E5DF062EE5FB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32C157FA-02A1-4CCC-B8A1-5DA6393B39B0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6E2342F-BC02-462C-8840-95824956CCAA}: NameServer = 10.48.8.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:1eb13b0a4)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: EADM - hkey= - key= - C:\Program Files\Electronic Arts\EADM\EADMUI.exe (Electronic Arts)
MsConfig - StartUpReg: ESL Wire - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.27 17:51:50 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.02.27 11:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012.02.27 11:31:29 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012.02.27 11:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.02.27 11:31:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TestApp
[2012.02.27 11:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.02.27 10:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.02.27 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.02.26 14:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.02.26 14:13:32 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.02.22 13:14:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Systweak
[2012.02.22 13:14:41 | 000,017,280 | ---- | C] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\System32\roboot.exe
[2012.02.16 01:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.16 01:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.12 17:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.02.10 15:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.02.02 17:45:48 | 000,433,664 | ---- | C] (Bluw (Hong Kong) Limited) -- C:\Windows\System32\drivers\hidyjy59.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.27 17:51:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.02.27 16:57:02 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 16:57:02 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 15:48:07 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.27 15:47:49 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.02.27 15:47:29 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.02.27 15:03:47 | 000,671,212 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.27 15:03:47 | 000,631,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.27 15:03:47 | 000,144,186 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.27 15:03:47 | 000,118,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.27 14:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.27 14:56:58 | 3488,731,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.27 14:34:52 | 000,237,568 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.27 14:34:34 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2012.02.27 11:32:14 | 002,061,481 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012.02.27 10:59:57 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.23 20:31:02 | 737,044,480 | ---- | M] () -- C:\Users\user\Desktop\2012-Underworld_Awakening-cineonws512.avi
[2012.02.17 08:47:10 | 000,312,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.10 16:00:58 | 000,017,280 | ---- | M] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\System32\roboot.exe
[2012.02.10 15:54:21 | 000,000,932 | ---- | M] () -- C:\Users\user\Desktop\FL Studio 9.lnk
[2012.02.10 05:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.02.10 05:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012.02.09 20:05:44 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.02 17:45:48 | 000,433,664 | ---- | M] (Bluw (Hong Kong) Limited) -- C:\Windows\System32\drivers\hidyjy59.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.27 14:37:33 | 3488,731,136 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.27 11:31:38 | 002,061,481 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012.02.27 10:59:57 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.27 10:59:57 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.23 20:17:33 | 737,044,480 | ---- | C] () -- C:\Users\user\Desktop\2012-Underworld_Awakening-cineonws512.avi
[2012.02.10 15:54:21 | 000,000,932 | ---- | C] () -- C:\Users\user\Desktop\FL Studio 9.lnk
[2012.02.09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.03 10:00:30 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.01.04 19:01:43 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.12.11 15:00:33 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.12.10 00:12:55 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.06 22:36:38 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.05.10 20:31:20 | 000,027,503 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2011.04.15 14:18:54 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2011.04.15 14:18:54 | 000,345,600 | ---- | C] () -- C:\Windows\tsnp325.exe
[2011.04.15 14:18:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2011.04.15 14:18:54 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2011.04.15 14:18:54 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2011.04.15 14:18:54 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys
[2011.04.15 14:13:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2011.04.14 21:27:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.01.25 22:33:55 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.01.17 22:37:19 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.01.17 22:37:19 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.06 10:04:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.01.06 10:04:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.06 10:04:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.06 09:47:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.12.27 02:07:02 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.27 02:07:01 | 000,138,056 | ---- | C] () -- C:\Users\user\AppData\Roaming\PnkBstrK.sys
[2010.12.27 02:06:46 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.12.27 02:06:41 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.12.27 02:06:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.12.14 21:40:05 | 000,237,568 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.11 21:30:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.11 21:04:43 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010.10.27 03:13:02 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.09.22 19:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.17 19:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== LOP Check ==========
 
[2011.04.01 11:29:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2011.01.21 22:14:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avnex
[2011.01.07 03:12:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2010.12.11 21:23:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canneverbe Limited
[2011.06.03 10:49:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.03.20 20:11:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.23 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2011.12.14 15:50:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gutscheinmieze
[2011.03.23 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX
[2011.01.15 21:28:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Need for Speed World
[2012.02.10 15:54:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2011.12.19 02:20:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Screaming Bee
[2011.04.01 11:26:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2012.02.22 15:18:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Systweak
[2012.02.03 09:59:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012.02.27 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TestApp
[2011.12.08 16:03:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ts3client
[2011.03.20 18:45:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue
[2011.12.01 09:01:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VoipBuster
[2012.02.27 14:55:56 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.09 23:51:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.12.11 21:27:13 | 000,000,000 | ---D | M] -- C:\ATI
[2011.01.21 22:15:51 | 000,000,000 | ---D | M] -- C:\AV_LOGS
[2011.04.14 22:06:03 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.03.13 01:35:40 | 000,000,000 | ---D | M] -- C:\Casino
[2006.11.02 14:02:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.11 21:02:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.16 12:57:53 | 000,000,000 | ---D | M] -- C:\Down
[2011.06.01 22:08:45 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.02.18 22:00:33 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2011.12.08 18:54:49 | 000,000,000 | -H-D | M] -- C:\Infovox2.lic
[2011.12.15 20:48:52 | 000,000,000 | ---D | M] -- C:\LISA
[2011.01.05 15:57:30 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.11.16 12:57:44 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2011.01.03 14:19:43 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.27 14:42:18 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.27 11:31:02 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.11 21:02:31 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.17 17:58:29 | 000,000,000 | ---D | M] -- C:\Programs
[2012.02.27 18:01:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.26 14:16:56 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.27 13:34:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010.12.12 18:20:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010.12.12 18:20:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010.12.12 18:20:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.12.12 18:18:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.12.12 18:18:11 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.12.12 18:18:11 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.12.12 18:48:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010.12.12 18:48:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010.12.12 18:18:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.12.12 17:33:34 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2010.12.12 17:33:34 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.02.27 17:58:51 | 004,718,592 | -HS- | M] () -- C:\Users\user\NTUSER.DAT
[2012.02.27 17:58:51 | 000,262,144 | -H-- | M] () -- C:\Users\user\ntuser.dat.LOG1
[2010.12.11 21:04:40 | 000,000,000 | -H-- | M] () -- C:\Users\user\ntuser.dat.LOG2
[2012.02.27 14:55:54 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2012.02.27 14:55:54 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010.12.11 21:11:28 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2010.12.11 21:04:41 | 000,000,020 | -HS- | M] () -- C:\Users\user\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
--- --- ---








OTL Logfile:
Code:
OTL Extras logfile created on: 27.02.2012 17:58:56 - Run 1
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\user\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 66,59% Memory free
6,72 Gb Paging File | 5,68 Gb Available in Paging File | 84,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 567,19 Gb Free Space | 60,89% Space Free | Partition Type: NTFS
 
Computer Name: AMD-DESKTOP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{142B1129-2CEC-4ECB-83B2-E30CE1967C50}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F6EB448-6468-4508-87FB-F1F0CC590196}" = lport=445 | protocol=6 | dir=in | app=system |
"{243A51B4-8005-4FC0-8063-0C0E5ECF4403}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E1C7AF0-49AB-4CDA-9722-7D22DA9240F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47D3056C-8539-4DD5-94C1-6A4FF1953A41}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{57E361C6-23DF-46EF-8BBD-2A3D6B143389}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{69088081-9D9C-4C8D-9227-C924F716563A}" = rport=139 | protocol=6 | dir=out | app=system |
"{6B7631D4-66E3-45FB-ACC3-C541C795AC35}" = lport=139 | protocol=6 | dir=in | app=system |
"{74AB50D8-7B61-4DF2-A5E4-043A3D50CDE1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{77AD3238-D2D8-4F88-8DD6-4F67925718ED}" = rport=445 | protocol=6 | dir=out | app=system |
"{787EC1F9-FE4C-4821-80D2-D5748FC2912F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{845F6BE5-C07A-4833-93A2-BAA4B73824DD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9FFF5332-68E4-4004-8CA8-26F78BFD38D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB35D11F-9CA4-4281-A239-077561086177}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C65EC404-1C65-4D82-A295-D78626DBE158}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBB1E917-451E-46F3-B57F-7BBBB8963AC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D3167965-3C58-42D3-A846-FE2379C4C1E6}" = lport=137 | protocol=17 | dir=in | app=system |
"{D328B082-4CBB-4302-8075-DC6474DB3637}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5CEF831-6FF4-452E-8945-44137C43ACD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DCC3AC00-EA30-4759-9348-CBED1654996B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DEA69F55-FCE3-4923-90C8-837D61324230}" = rport=138 | protocol=17 | dir=out | app=system |
"{F86676F7-040A-4ABA-B73F-BA0582D839FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0202D04F-9078-4AF0-8F16-FA93335128B8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{06362CCF-D0A6-41E6-AAFE-A901DFBCAC42}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{07195692-68A5-470F-87C9-947DCF18CDF0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{077B1B13-D484-4214-8175-84549C0641CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord\overlord.exe |
"{0AE16801-612F-45A0-BD41-5BD7BB4CBE58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0B0CCDCE-861C-40BE-8B3E-796EFD5C9319}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{0B665A62-FB51-4205-86C4-8C61FA60201E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pino2011\counter-strike source\hl2.exe |
"{16C3C645-3678-439B-A1B2-381E97EE27F8}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{17DBE1EF-F8F4-4B47-A2E7-AA4CFE53C6DE}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{1B17EB45-D2CC-4C0B-89A3-9D249FA0F75F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{1E981C2D-D395-455B-A30A-785634FDA0DE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{1ED59583-5D90-40D5-B531-FED7EC1EE202}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\blackmann1987\counter-strike source\hl2.exe |
"{2083C6A2-A568-437E-9799-FE3772EF5DA2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{28B58DBB-49AC-4D65-8F2A-D31D71AF020C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{2BB5B26D-AEE2-4599-899E-72D4BF6DD2D5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{2CB50FE2-BFB9-48EC-902F-C702EDEC7120}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{2D35F187-0FF2-4C93-9BA7-476261BC31C9}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2D395DF7-D8FE-4DBF-B55C-EC3F35A71BC9}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{2F539017-8922-448A-A412-AE02BE029040}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pino2011\counter-strike\hl.exe |
"{30095AC7-DFCF-4403-AD3E-41577A906FF8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{31C7C5DD-1F8D-4E50-A746-9D892F1C0DA5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{375318C3-13E9-4C90-9B68-0D636B53F47B}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{37A1BCEA-2F27-4487-978E-67082159B77C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{3AE1EB7C-930A-4FBA-9635-E436BBE0461B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3E4252D3-065D-4D67-BD25-2C3EB4D1F1DF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{43BD014A-24D3-4F99-8CA5-4AF869C39A80}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{4452ECB7-E4EC-48D1-9525-9012378D4531}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord\config.exe |
"{46D51A7A-55BC-48D0-882A-47E631301C6E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{491C4C19-7705-409A-90C5-76C8D6EFCA49}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{4FAFEF04-5543-4B0A-BE0E-CDD9A44ACA75}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord\config.exe |
"{58C520EF-5DCD-44FC-AEA5-3D45B6FA00BE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{5ACFD045-65CF-4D21-B3C6-E4896A4D7FF5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{5D8E7CC5-297E-4B4E-A7BE-CA5131C95251}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{5EBB1458-7CAA-4519-BCFF-5D094328EC90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{652749E5-4E95-4BC9-828B-8B2F84944244}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{656A7BA7-A39B-4C7F-A0D2-4E650C857CB5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6B5E834E-0BAF-46DD-99FC-7692A22FFE1C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pino2011\counter-strike\hl.exe |
"{7584A946-1DF5-4329-9047-9CA42DF19964}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{77327678-C4B6-4259-AC15-C6741DAE5DAE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{7DE67346-E0F8-41F9-8917-119F3BC24571}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{7E3CA8E3-A081-48CB-AEF8-C4C1C46523E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{83A00C61-1C06-46E5-986C-69360E5B3D81}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe |
"{8FA30740-D7D7-41D8-90ED-4075576140AD}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{9D29F695-C81B-430D-B158-B2BF5F74A475}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9D62F74C-6421-4AB0-BFD3-88C8309A2ADB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9DA4D3B7-AC43-494E-BA30-28AE705FEB69}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{A7A6BA59-895F-41B3-A450-620C6A780293}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe |
"{AB0CD762-1211-4592-8BE5-DFF9A37C1D79}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{AC781A3E-B7B0-4760-9384-BA496DF005B5}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{ADE90F6D-5503-4733-A9F7-3D03420246AC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{AE23BC51-FF8C-418C-951E-8DD4265FC6A2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{AF24F831-7ED8-429D-A49E-89981950AD7E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pino2011\counter-strike source\hl2.exe |
"{B4595BD9-90D2-4FE0-868C-D8BAFC76C1EF}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{B694A48A-CA4F-4BE3-9747-D1E6B8D969AF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B6A3C179-15D5-429A-8CB6-43AF9D731CB5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{B83A2106-8708-412B-B211-5902326C83E9}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{BD6288D0-3A97-4CE7-9E33-96EBDDC5AABE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{BDAB4C8B-7231-467E-ACBC-1C222AC07CF5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{C44990E7-D476-4B72-8012-90632F973195}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord\overlord.exe |
"{D7A1F7E7-4E72-4729-A642-D075A73AC464}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{D85A054C-F58E-4CAC-B56A-678522304965}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{D9566748-6897-4CAB-A42A-0901BCC105C1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{DDC58119-82A2-43CF-BA8A-628E9ED0974A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DEF3F4C8-1A42-4165-B414-A0C8B78843E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\blackmann1987\counter-strike source\hl2.exe |
"{E424034D-7970-438E-902A-AF791AEA2AA3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{EB7E6497-CD26-4BE0-B855-E93484E87384}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"TCP Query User{1998303D-D7C8-4BAA-96BE-261398AD7F3E}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe |
"TCP Query User{5E49F600-A35E-4A99-B8D8-480505A30C36}C:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\shift 2 unleashed\shift2u.exe |
"TCP Query User{73BF4BCD-A2E9-4619-BCB0-6ED70477E6C5}C:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"TCP Query User{84E4AFAA-891C-41BF-AC85-41605FB77C37}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"TCP Query User{8831980F-8C81-4EFB-8398-F1D14A91A73E}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"TCP Query User{99DC76BC-BAB6-4619-B437-CEA181082A47}C:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"TCP Query User{ACFA982B-79DD-476F-B8D4-5803F83BEAC8}C:\program files\voipbuster.com\voipbuster\voipbuster.exe" = protocol=6 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
"TCP Query User{D6FA6432-F33D-4698-9E3E-04AF9B16338B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DF1F9CAF-AB65-4C92-A532-937383098807}C:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"TCP Query User{E74D1CD3-6BD5-42B5-878B-972A94287B0F}C:\program files\gamigo\levelr\levelr.bin" = protocol=6 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"TCP Query User{F1848D94-2EFA-49ED-973B-1B70EB756A34}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{0F3D45F8-0877-4A5E-BDC7-94C9143A9178}C:\program files\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\shift 2 unleashed\shift2u.exe |
"UDP Query User{29A12271-36C0-48B3-BF12-24674D599E31}C:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"UDP Query User{59B99BD8-46E2-46B1-A374-36C8A56C4E34}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"UDP Query User{89E8506A-D399-44E9-9C0D-09664BCDF10B}C:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 11-20\gameunp.exe |
"UDP Query User{A0BB4602-4C2B-46B6-9CA9-656DAF94A0F7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{A6036F21-470F-4238-81C0-869F0D40398E}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"UDP Query User{B5F21837-02D4-4288-94F9-B98101BFD47D}C:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\novoline\gaminatordeluxe\gaminatordeluxe spiele 21-22\gameunp.exe |
"UDP Query User{BB70B86B-D186-45D4-87F1-C0DEC46F2FF6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C15AC99B-88DC-4D2D-AC3F-087290F5F1B5}C:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\gaminatordeluxe\gaminatordeluxe spiele 1-10\gameunp.exe |
"UDP Query User{D29DA6E4-DCFF-44B0-894E-3E69754DBF62}C:\program files\gamigo\levelr\levelr.bin" = protocol=17 | dir=in | app=c:\program files\gamigo\levelr\levelr.bin |
"UDP Query User{E7C4AB6E-522F-4613-B76D-0C54CD16B7CA}C:\program files\voipbuster.com\voipbuster\voipbuster.exe" = protocol=17 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0749E1E5-BD6B-474C-BD21-48891526113E}" = MAGIX Music Maker 17 Download-Version
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{300DFCBA-348B-4FD6-AE50-1D3CDFEE6314}" = MAGIX Speed burnR (MSI)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52C32940-C538-40CF-8DE9-B91090F49938}" = Infovox Desktop 2.2
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DC197D6-F4AB-44E0-ACF7-210355E6F389}" = Windows Speech Recognition Macros
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E04D1AC1-B3AF-4C1A-B7E0-B37A058271CE}" = MAGIX Screenshare
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F686C148-CBAE-483D-92CE-B4D6913BDD77}" = LevelR
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = SPEEDLINK Reflect2 Camera
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Any Video Converter_is1" = Any Video Converter 3.2.1
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DealPly" = DealPly
"Drumaxx" = Drumaxx
"EADM" = EA Download Manager
"ESL Wire_is1" = ESL Wire 1.11
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 9" = FL Studio 9
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Hardcore" = Hardcore
"HotspotShield" = Hotspot Shield 1.57
"ID2220Voices" = Infovox Desktop 2.220 voices
"IL Download Manager" = IL Download Manager
"LHTTSGED" = L&H TTS3000 Deutsch
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PartyPoker" = PartyPoker
"PoiZone" = PoiZone
"PriceGong" = PriceGong 2.1.0
"PunkBusterSvc" = PunkBuster Services
"Sakura" = Sakura
"Sawer" = Sawer
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 10" = Counter-Strike
"Steam App 11020" = TrackMania Nations Forever
"Steam App 113400" = APB Reloaded
"Steam App 11450" = Overlord
"Steam App 12710" = Overlord: Raising Hell
"Steam App 12810" = Overlord II
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 36630" = Rusty Hearts
"Steam App 630" = Alien Swarm
"Steam App 90530" = Rise of Immortals
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FoxTab PDF Creator" = FoxTab PDF Creator
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---







hoffe ihr könnt mir echt helfen =)

markusg 27.02.2012 18:31
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

pino1987 27.02.2012 19:54
Combofix Logfile:
Code:
ComboFix 12-02-27.02 - user 27.02.2012  19:30:40.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.3326.2036 [GMT 1:00]
ausgeführt von:: c:\users\user\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\WireHelpSvc.exe
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\users\user\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WireHelpSvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-27 bis 2012-02-27  ))))))))))))))))))))))))))))))
.
.
2012-02-27 17:31 . 2012-02-27 17:31        --------        d-----w-        c:\program files\Recuva
2012-02-27 10:34 . 2012-02-27 12:38        --------        d-----w-        c:\program files\PC Tools
2012-02-27 10:31 . 2012-02-27 12:38        --------        d-----w-        c:\program files\Common Files\PC Tools
2012-02-27 10:31 . 2012-01-11 15:19        185560        ----a-w-        c:\windows\system32\drivers\PCTSD.sys
2012-02-27 10:31 . 2012-02-27 12:34        --------        d-----w-        c:\programdata\PC Tools
2012-02-27 10:31 . 2012-02-27 10:31        --------        d-----w-        c:\users\user\AppData\Roaming\TestApp
2012-02-26 23:08 . 2012-02-27 10:26        --------        d-----w-        c:\program files\Google
2012-02-26 13:16 . 2012-02-26 13:17        --------        d-----w-        c:\users\UpdatusUser
2012-02-26 13:13 . 2012-02-10 04:13        7713088        ----a-w-        c:\windows\system32\nvwgf2um.dll
2012-02-26 13:13 . 2012-02-10 04:13        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-26 13:13 . 2012-02-10 04:13        5892928        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-26 13:13 . 2012-02-10 04:13        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-26 13:13 . 2012-02-10 04:13        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-26 13:13 . 2012-02-10 04:13        19443520        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-02-26 13:13 . 2012-02-10 04:13        10816832        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-26 13:13 . 2012-02-10 04:13        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-24 09:51 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AAB20E8-8C2A-4A44-A933-2463361135DC}\mpengine.dll
2012-02-22 12:14 . 2012-02-22 14:18        --------        d-----w-        c:\users\user\AppData\Roaming\Systweak
2012-02-22 12:14 . 2012-02-10 15:00        17280        ----a-w-        c:\windows\system32\roboot.exe
2012-02-16 18:03 . 2012-01-12 19:52        2044416        ----a-w-        c:\windows\system32\win32k.sys
2012-02-16 18:03 . 2011-12-20 10:56        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-02-16 00:04 . 2012-02-16 00:04        --------        d-----w-        c:\program files\Common Files\Java
2012-02-16 00:02 . 2012-02-16 00:02        --------        d-----w-        c:\program files\Java
2012-02-10 14:53 . 2009-09-15 09:14        1554944        ----a-w-        c:\windows\system32\vorbis.acm
2012-02-09 19:05 . 2012-02-09 19:05        416064        ----a-w-        c:\windows\system32\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 14:48 . 2010-12-27 01:07        140496        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2012-02-27 14:47 . 2010-12-27 01:07        280736        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2012-02-27 14:47 . 2010-12-27 01:06        280736        ----a-w-        c:\windows\system32\PnkBstrB.exe
2012-02-27 14:47 . 2010-12-27 01:06        215128        ----a-w-        c:\windows\system32\PnkBstrB.ex0
2012-02-16 00:03 . 2010-12-18 16:16        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-12-17 16:36        881984        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-12-17 16:36        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-01-05 14:58        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2011-01-05 14:58        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2010-10-16 11:42        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2010-10-16 11:42        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2010-10-16 11:42        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2010-10-16 11:42        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2010-10-16 11:42        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2010-10-16 11:42        2561344        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-01-29 04:10 . 2010-12-12 01:20        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-29 11:26 . 2011-12-07 10:27        212992        ----a-w-        c:\windows\system32\aptwtmt29.dll
2011-12-19 22:35 . 2010-12-27 01:07        138056        ----a-w-        c:\users\user\AppData\Roaming\PnkBstrK.sys
2011-12-19 22:34 . 2010-12-27 01:06        75136        ----a-w-        c:\windows\system32\PnkBstrA.exe
2011-12-11 16:45 . 2011-11-30 12:07        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-08 12:08 . 2011-12-07 19:38        188896        ----a-w-        c:\programdata\Microsoft\VCSExpress\10.0\1031\ResourceCache.dll
2011-12-06 21:37 . 2011-01-21 21:49        319456        ----a-w-        c:\windows\DIFxAPI.dll
2011-12-06 20:51 . 2011-12-06 20:51        114000        ----a-w-        c:\windows\system32\UpdSvc.dll
2012-02-22 19:26 . 2012-02-27 09:59        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01        122512        ----a-w-        c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"tsnp325"="c:\windows\tsnp325.exe" [2010-08-13 345600]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0aswBoot.exe /M:1eb13b0a4
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2011-02-03 07:55        11509760        ----a-w-        c:\program files\Electronic Arts\EADM\EADMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2011-11-29 12:22        1892864        ----a-w-        c:\program files\EslWire\wire.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - hidyjy59
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
Akamai        REG_MULTI_SZ          Akamai
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=2204&gct=hp
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: Free YouTube Download - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B6E2342F-BC02-462C-8840-95824956CCAA}: NameServer = 10.48.8.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
AddRemove-FoxTab PDF Creator - c:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-27 19:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\## aswSnx private storage
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-27  19:47:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-27 18:47
.
Vor Suchlauf: 15 Verzeichnis(se), 607.976.181.760 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 603.241.058.304 Bytes frei
.
- - End Of File - - B5389265928BCDA3ABC1168EE7F311A7
--- --- ---

markusg 27.02.2012 19:57
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

pino1987 27.02.2012 23:07
Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.02.27.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
user :: AMD-DESKTOP [Administrator]

Schutz: Aktiviert

27.02.2012 21:27:34
mbam-log-2012-02-27 (21-27-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 414739
Laufzeit: 1 Stunde(n), 32 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 13
C:\Program Files\DVDVideoSoft\Free YouTube Download\DVDVideoSoft.Resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\de-DE\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\es-ES\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\fr-FR\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\it-IT\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\ja-JP\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\ko-KR\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\nl-NL\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\pl-PL\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\pt-PT\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\ru-RU\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\DVDVideoSoft\Free YouTube Download\zh-CHS\DVDVideoSoft.Resources.resources.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Local\assembly\dl3\9NTG52NX.136\NDPE3MC1.TAA\5fc2f8fb\3f4fb2f7_19b5cc01\Properties.Resources.Designer.cs.dll (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

pino1987 28.02.2012 11:57
Das problem besteht leider immer noch =(

markusg 28.02.2012 12:01
poste die aktuellen meldungen vollständig bitte

pino1987 28.02.2012 15:44
wenn ich meinen pc anmache und dann firefox öffne zeigt mir avira immer noch den selben trojaner an wie oben beschrieben ist und darauf hin blockiert avira!

markusg 28.02.2012 17:22
ich möchte trotzdem noch mal die kompletten pfadangaben sehen, zu finden unter avira, ereignisse.

pino1987 29.02.2012 12:51
wenn ich den pc neustarte und dann firefox öffne kommt die meldung von avast das trojaner C:/Windows/system32/pngl1ba6.dll
blockiert

markusg 29.02.2012 12:58
lade mal hitmanpro:
Home - SurfRight
instalieren, settings, license, test lizense.
dann scan, funde in quarantäne, log am ende als xml exportieren und anhängen.

pino1987 29.02.2012 20:11
- <Log computer="AMD-DESKTOP" scan="Normal" version="3.5.9.131" date="2012-02-29T19:54:10" timeSpentInSecs="163" filesProcessed="40169">
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\1NOKU6TC.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\77CL92NA.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\BU7EN66L.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C0JRR7VQ.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\CFH9KERR.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\G4LNQH4G.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\N819QYF6.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\PTHP4HYR.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Z0HL3DAM.txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.360yield.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.ad-srv.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.adc-serv.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.adition.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.adnet.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.adperium.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.adserver01.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.dyntracker.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.dyntracker.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.yieldmanager.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ad.zanox.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:adbrite.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads-lb.creative-serving.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.ad4game.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.bleepingcomputer.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.brandwire.tv" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.creative-serving.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.dothads.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.dreamhack.se" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.etonix.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.glispa.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.immobilienscout24.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.jinkads.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.pubmatic.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.quartermedia.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ads.saymedia.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:adserver.adtechus.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:adtech.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:advertisingenhanced.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:adviva.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:apmebf.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:atdmt.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:autoscout24.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:bs.serving-sys.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:c.atdmt.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:c1.atdmt.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:casalemedia.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:clicksor.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:collective-media.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:counter.sexsuche.tv" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:counter2.sexmoney.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:de.sitestat.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:doubleclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:eaeacom.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:eas.apm.emediate.eu" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:eas4.emediate.eu" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ero-advertising.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:exoclick.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:fastclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:girlsteachsex.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:go.wantusexy.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:h.atdmt.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:invitemedia.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:kaspersky.122.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:kontera.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:livejasmin.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:lokalportal24de.112.2o7.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:media6degrees.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:mediaplex.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:mofosex.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:myroitracking.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:overture.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:porntube.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:questionmarket.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:revsci.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:rts.phn.doublepimp.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ru4.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:serving-sys.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:smartadserver.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:specificclick.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:statcounter.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:stats.computecmedia.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:stats.ilivid.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:track.adform.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:track.solocpm.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:tradedoubler.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:tribalfusion.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:ww251.smartadserver.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:www.etracker.de" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:www.googleadservices.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:www.mofosex.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:www.porntube.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:xiti.com" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:yieldmanager.net" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1746t83a.default\cookies.sqlite:zedo.com" />
</Item>
</Log>


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:43 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131