Trojaner-Board - malewarebytes scan mit vielen funden

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - malewarebytes scan mit vielen funden (https://www.trojaner-board.de/114615-malewarebytes-scan-vielen-funden.html)

malewarebytes scan mit vielen funden

Guten Tag

Ich habe heute mein system mit dem quickscan von malewarebytes gescanned, da ich durch tuneup ein autostartprogramm entdeckt hab was mir recht merkwürdig vorkam der name war userinit die exe hieß appconf32.exe.
das habe ich gegoogelt und ein user dieses forums hat empfohlen windows komplett neu zu installieren und nur dateien zu behalten die keine exe sind und alle passwörter danach zu ändern.
da ich keine windows cd beim kauf meines pcs bekommen hab, entschied ich mich erstmal mein malewarebytes log hier zu scannen und auf empfehlungen zu warten. achja was mir auch beim scan aufgefallen ist und mich ziemlich erschrocken hat war das malewarebytes eine meldung anzeigte das es die verbindung zu einer gefährlichen website geschlossen habe.

hier der log:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.03.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Boris :: BORIS-PC [Administrator]

Schutz: Aktiviert

03.05.2012 16:10:24
mbam-log-2012-05-03 (16-10-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235187
Laufzeit: 7 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 24
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FUNMOODS (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods|UninstallString (PUP.Funmoods) -> Daten: "C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 2
C:\Program Files\Funmoods\funmoods\1.5.11.16 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\bh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 9
C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Boris\Desktop\grplauncher0.6.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Boris\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Funmoods\funmoods\1.5.11.16\uninstall.exe (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Vielen Dank schonmal für eure Mühe und Hilfe

Grüße

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

So ich habe jetzt nochmal einen Vollständigen Scan durchgeführt, der hat aber nichts gefunden. Meinst du es ist wirklich notwendig noch diesen Online Scan durchzuführen? und sollte ich jetzt besser all meine pws ändern?

Zitat:

Meinst du es ist wirklich notwendig noch diesen Online Scan durchzuführen?

Ja das ist eine Routineprüfung und die steht nicht zur Dekoration da so rum
Passwörter änderst du am besten von einem anderen sauberen Rechner aus oder kannst du ganz genau wissen, dass dieser Rechner doch nicht befallen ist? Ohne genaueren Analysen kann das niemand sagen

so habe den eset scan durchgeführt. hier die ergebnisse:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=074c8a48a8d04d4faaaefd06dfe39768

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-05-04 02:42:11

# local_time=2012-05-04 04:42:11 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 5015161 5015161 0 0

# compatibility_mode=5892 16776573 100 100 3240 173669175 0 0

# compatibility_mode=8192 67108863 100 0 238 238 0 0

# scanned=346790

# found=10

# cleaned=10

# scan_time=6083

C:\Program Files\DVDVideoSoft\Free Audio CD Burner\icon1045.exe        Win32/Adware.ADON application (deleted - quarantined)        00000000000000000000000000000000        C

C:\Program Files\ICQ7.5\upgrade\2dcd1d63cb45e6613582211c3d5f4b23        Win32/OpenCandy application (deleted - quarantined)        00000000000000000000000000000000        C

C:\Program Files\ICQ7.5\upgrade\53e83dd5315bfb1f928441c9b4618b68        Win32/OpenCandy application (deleted - quarantined)        00000000000000000000000000000000        C

C:\Program Files\ICQ7.6\install_dll\OCSetupHlp.dll        Win32/OpenCandy application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Program Files\Perfect Uninstaller\PU.exe        a variant of Win32/PerfectUninstaller application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\ProgramData\TrackMania\Cache\883C9B377792A06FEBC59FA4CFF3C10C_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png        HTML/Iframe.B.Gen virus (deleted - quarantined)        00000000000000000000000000000000        C

C:\Users\Boris\AppData\Roaming\11019\components\AcroFF019.dll        probably a variant of Win32/Spy.Banker.XOS trojan (cleaned by deleting (after the next restart) - quarantined)        00000000000000000000000000000000        C

C:\Users\Boris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk        Win32/Adware.ADON application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk        Win32/Adware.ADON application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Windows\System32\BReWErS.dll        a variant of Win32/GameHack.D application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

So viel zum Thema, dass da ja nichts mehr sein kann :pfeiff:

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

erstmal danke für die hilfe soweit :)

was genau meinst du mit normalem modus?

zu 1. also eigentlich läuft alles normal bei meinem pc mir sind keine veränderungen aufgefallen ausser das einige windows updates nich installiert werden konnten und im startmenü steht das symbol installiert updates und fährt herrunter im ausschalt feld. wenn ich das anklicke steht es beim nächsten start immer noch da ich hab auch eine meldung vor etwas längerer zeit bekommen das 33 windows updates nicht installeirt werden konnten.

zu 2. ist schwer zu sagen da ich im laufe der jahre allen möglichen kram installiert, deinstalliert oder einfach installationsordner gelöscht ohne deinstallation aber eigentlich kommt mir nichts irgendwie merkwürdig oder verändert vor und alle programme laufen korrekt.

was meinst du zu diesem spy.banker trojaner im log könnte das einer sein der private daten von mir ausspioniert hat?

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hier das otl log:

OTL Logfile:

Code:

OTL logfile created on: 04.05.2012 20:33:49 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Boris\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 66,90% Memory free

6,23 Gb Paging File | 5,19 Gb Available in Paging File | 83,27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 284,09 Gb Total Space | 36,44 Gb Free Space | 12,83% Space Free | Partition Type: NTFS

 

Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.04 20:29:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe

PRC - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

PRC - [2012.02.09 11:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.08.09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) -- C:\Programme\Tunngle\TnglCtrl.exe

PRC - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe

PRC - [2009.11.09 14:35:50 | 000,072,704 | ---- | M] (Autodesk) -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe

PRC - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

PRC - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe

PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\System32\HidService.exe

PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] --  -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.10.08 17:21:09 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.08.09 22:04:38 | 000,741,224 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)

SRV - [2010.02.10 19:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2009.11.09 14:35:50 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2009.07.21 04:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)

SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)

SRV - [2009.01.11 08:07:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)

SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008.05.29 10:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\System32\HidService.exe -- (GenericHidService)

SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012.02.09 11:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2012.01.31 09:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.01.31 09:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.04.17 16:58:04 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2010.08.11 22:59:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2009.11.17 17:43:20 | 000,134,808 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)

DRV - [2009.11.09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009.11.07 12:50:22 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2009.11.07 12:50:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.09.16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)

DRV - [2009.08.28 12:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd)

DRV - [2009.08.05 15:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2009.08.05 13:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2009.07.28 21:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2009.07.24 12:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2009.06.19 10:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2009.06.19 10:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2009.06.17 12:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)

DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)

DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008.11.06 07:33:58 | 000,043,928 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\phmcd.sys -- (phmcd)

DRV - [2008.07.16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)

DRV - [2006.08.28 23:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gan_adapter.sys -- (hamachi_oem)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=0709&m=imedia_d3860_ge

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ironto

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes,DefaultScope = {62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE349&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{8719298B-F26E-449B-9698-4542A1E7CA4B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE349

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.04 14:37:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 01:04:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\extensions\mail@shopping-preise.de

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\extensions\firejump@firejump.net

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boris\AppData\Roaming\11019 [2012.04.25 14:18:15 | 000,000,000 | ---D | M]

 

[2009.10.16 18:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Extensions

[2012.04.04 15:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\j1lg8v7j.default\extensions

[2012.03.30 18:40:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\j1lg8v7j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.03.07 15:24:38 | 000,001,090 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\conduit.xml

[2012.03.09 08:25:10 | 000,001,292 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\funmoods.xml

[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-1.xml

[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-2.xml

[2012.03.09 08:25:10 | 000,000,901 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin.xml

[2012.04.05 14:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.10.16 19:46:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.04.05 14:28:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2011.01.26 00:38:26 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de

[2012.04.25 14:18:15 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\BORIS\APPDATA\ROAMING\11019

[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\mozilla firefox\plugins\NPOP7PlugIn.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.09 08:25:10 | 000,002,050 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)

O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)

O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-209655109-2756548685-674970729-1010..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153

O7 - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_04)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36931A3B-291C-4867-B965-612740A42758}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F39D017-B652-4270-AB6F-6878927A7424}: DhcpNameServer = 193.22.254.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}: DhcpNameServer = 7.254.254.254

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Boris\Pictures\Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Boris\Pictures\Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell - "" = AutoRun

O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell\AutoRun\command - "" = L:\loader.exe

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\win32\autorun\m4ck.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll ()

Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()

Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.04 20:29:36 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe

[2012.05.04 14:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.05.03 16:08:47 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Malwarebytes

[2012.05.03 16:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.03 16:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.03 16:08:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.05.03 16:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.03 09:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black and White

[2012.05.03 09:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Black & White

[2012.04.29 00:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dead Island

[2012.04.25 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11019

[2012.04.24 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11018

[2012.04.23 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11017

[2012.04.21 12:25:04 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer

[2012.04.21 12:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer

[2012.04.20 15:29:14 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11016

[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe

[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe

[2012.04.17 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11015

[2012.04.16 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11014

[2012.04.14 21:10:37 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2012.04.14 13:56:56 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe

[2012.04.14 13:56:56 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2012.04.14 13:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012

[2012.04.14 13:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012

[2012.04.13 14:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

[2012.04.13 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com

[2012.04.13 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11013

[2012.04.12 13:49:53 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11012

[2012.04.12 04:04:54 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\Almost Human

[2012.04.12 03:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Legend of Grimrock

[2012.04.11 23:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Interplay

[2012.04.11 23:14:42 | 000,052,224 | ---- | C] (Interplay Productions) -- C:\Windows\ipuninst.exe

[2012.04.11 23:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interplay

[2012.04.11 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\UAs

[2012.04.11 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11009

[2012.04.09 17:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlitzMax

[2012.04.08 23:18:36 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL

[2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe

[2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE

[2012.04.05 14:57:31 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe

[2012.04.05 14:44:38 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe

[2012.04.05 14:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld

[2012.04.05 14:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Boris\AppData\Roaming\*.tmp files -> C:\Users\Boris\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.04 20:29:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe

[2012.05.04 20:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.04 19:12:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.04 19:12:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.04 18:11:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2012.05.04 17:19:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.04 17:12:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2012.05.04 17:12:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.04 17:10:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.05.04 17:10:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat

[2012.05.04 13:53:59 | 000,321,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.05.03 16:08:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.03 16:01:57 | 000,218,600 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe113.dll

[2012.05.03 16:01:57 | 000,007,368 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe113.dll

[2012.05.03 16:01:53 | 000,000,016 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\blckdom.res

[2012.05.03 09:37:01 | 000,001,711 | ---- | M] () -- C:\Users\Boris\Desktop\Black and White.lnk

[2012.05.01 17:19:14 | 000,000,011 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\urhtps.dat

[2012.04.30 17:30:54 | 000,218,600 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe112.dll

[2012.04.30 17:30:54 | 000,007,368 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe112.dll

[2012.04.29 01:17:19 | 000,001,426 | ---- | M] () -- C:\Users\Boris\Desktop\Dead Island.lnk

[2012.04.20 15:28:18 | 000,012,288 | ---- | M] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.20 14:13:59 | 000,929,124 | ---- | M] () -- C:\Users\Boris\Documents\pinfect.zip

[2012.04.20 10:26:37 | 000,000,055 | ---- | M] () -- C:\Windows\Lic.xxx

[2012.04.20 10:08:19 | 000,001,356 | ---- | M] () -- C:\Users\Boris\AppData\Local\d3d9caps.dat

[2012.04.14 13:56:54 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk

[2012.04.13 14:40:00 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk

[2012.04.11 23:42:44 | 000,052,224 | ---- | M] (Interplay Productions) -- C:\Windows\ipuninst.exe

[2012.04.10 16:27:08 | 000,330,195 | ---- | M] () -- C:\Users\Boris\.recently-used.xbel

[2012.04.05 15:27:04 | 000,001,075 | ---- | M] () -- C:\Users\Boris\Desktop\ArtRage Studio Pro.lnk

[2012.04.05 15:17:26 | 023,146,296 | ---- | M] () -- C:\Windows\REGBK00.ZIP

[2012.04.05 14:44:37 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Boris\AppData\Roaming\*.tmp files -> C:\Users\Boris\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.03 16:08:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.03 16:01:57 | 000,218,600 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe113.dll

[2012.05.03 16:01:57 | 000,007,368 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe113.dll

[2012.05.03 09:36:10 | 000,001,711 | ---- | C] () -- C:\Users\Boris\Desktop\Black and White.lnk

[2012.05.03 09:31:11 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll

[2012.05.01 17:19:14 | 000,000,011 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\urhtps.dat

[2012.04.30 17:30:54 | 000,218,600 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\AcroIEHelpe112.dll

[2012.04.30 17:30:54 | 000,007,368 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\BAcroIEHelpe112.dll

[2012.04.29 01:17:19 | 000,001,426 | ---- | C] () -- C:\Users\Boris\Desktop\Dead Island.lnk

[2012.04.20 10:07:56 | 000,929,124 | ---- | C] () -- C:\Users\Boris\Documents\pinfect.zip

[2012.04.14 13:56:54 | 000,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk

[2012.04.14 13:56:54 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk

[2012.04.13 14:40:00 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk

[2012.04.12 13:49:11 | 000,000,827 | ---- | C] () -- C:\Users\Boris\Desktop\LogMeIn Hamachi.lnk

[2012.04.10 16:27:08 | 000,330,195 | ---- | C] () -- C:\Users\Boris\.recently-used.xbel

[2012.04.05 15:27:04 | 000,001,075 | ---- | C] () -- C:\Users\Boris\Desktop\ArtRage Studio Pro.lnk

[2012.04.05 15:16:03 | 023,146,296 | ---- | C] () -- C:\Windows\REGBK00.ZIP

[2012.04.05 14:45:12 | 000,000,055 | ---- | C] () -- C:\Windows\Lic.xxx

[2012.04.03 22:32:49 | 000,000,016 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\blckdom.res

[2012.03.22 20:44:39 | 000,000,041 | ---- | C] () -- C:\Windows\MinGW.INI

[2012.03.07 15:24:40 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll

[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011.12.01 16:21:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2011.10.23 12:36:59 | 000,000,000 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\EasyToolz.ini

[2011.09.17 23:56:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat

[2011.08.05 14:22:43 | 000,000,075 | ---- | C] () -- C:\Windows\Flarium24.INI

[2011.06.27 13:38:06 | 000,000,240 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\wklnhst.dat

[2011.05.29 16:00:01 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll

[2011.05.29 16:00:01 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll

[2011.05.29 16:00:01 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll

[2011.05.29 16:00:01 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll

[2011.01.08 14:30:57 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.12.13 17:33:39 | 000,107,292 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010.11.24 16:37:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2010.10.23 20:41:58 | 000,000,306 | ---- | C] () -- C:\Windows\W2W.ini

[2010.10.23 19:49:41 | 000,036,734 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe

[2010.07.22 03:21:26 | 040,490,118 | -HS- | C] () -- C:\Windows\mb_warband_upgrade_1100_to_1113.exe

[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll

[2010.05.23 22:47:23 | 000,000,549 | ---- | C] () -- C:\Windows\eReg.dat

 
 ========== LOP Check ==========

 

[2012.05.03 21:36:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.minecraft

[2012.04.08 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.Nitrous

[2011.02.08 21:11:53 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.visualvm

[2012.04.03 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11006

[2012.04.11 22:30:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11009

[2012.04.12 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11012

[2012.04.13 13:41:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11013

[2012.04.16 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11014

[2012.04.17 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11015

[2012.04.20 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11016

[2012.04.23 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11017

[2012.04.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11018

[2012.04.25 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11019

[2010.04.18 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\acccore

[2010.08.18 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Acoustica

[2011.08.22 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ambient Design

[2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Avaq

[2009.10.16 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Blender Foundation

[2011.09.18 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Braid

[2010.05.22 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Bump Technologies, Inc

[2010.08.11 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Lite

[2011.04.17 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Pro

[2009.10.22 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Desktopicon

[2012.03.07 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DesktopIconForAmazon

[2012.03.06 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Dev-Cpp

[2012.01.22 18:07:26 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoft

[2011.04.11 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.02.20 00:10:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\EasyMangosHandler

[2010.01.06 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Engelmann Media

[2011.07.16 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FileHunter

[2011.05.22 14:13:50 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Firefly Studios

[2010.03.12 22:51:01 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FOG Downloader

[2010.01.22 13:01:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FreeFLVConverter

[2011.06.20 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FUEL

[2011.07.31 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GetRightToGo

[2011.01.26 01:14:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GrabPro

[2012.03.26 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\gtk-2.0

[2012.04.04 01:27:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Gutep

[2010.01.28 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Hunspell

[2012.05.04 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ

[2011.01.26 00:14:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Iggels

[2011.04.17 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ImgBurn

[2012.02.25 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\IrfanView

[2012.04.05 17:32:10 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Irit

[2010.11.24 17:11:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Jumping Bytes

[2012.03.17 17:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Kittomer Studios

[2012.04.03 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\kock

[2010.08.08 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LEGO Company

[2010.06.19 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient

[2010.12.05 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\mathegrafix

[2011.06.21 12:53:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MAXON

[2009.10.22 15:37:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MilkShape 3D 1.x.x

[2010.11.24 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mobile Master

[2010.05.26 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mount&Blade Warband

[2011.07.20 13:55:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NCH Swift Sound

[2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ocpode

[2012.03.07 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OCS

[2010.01.21 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org

[2011.03.30 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera

[2012.04.04 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Orbit

[2010.10.10 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PACE Anti-Piracy

[2011.01.26 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\phonostar GmbH

[2011.01.26 00:20:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ProgSense

[2011.01.26 01:18:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar

[2010.09.08 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Registry Mechanic

[2010.09.07 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sakura

[2009.12.21 15:19:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ScummVM

[2009.10.22 14:03:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\smc

[2009.10.22 01:18:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sony

[2010.04.25 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Spiral Graphics

[2010.09.20 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SPORE

[2010.08.18 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SynthMaker

[2009.10.16 17:48:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\T-Online

[2012.04.03 20:24:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer

[2010.04.04 23:49:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Teeworlds

[2011.06.27 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Template

[2010.05.02 11:16:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Texture Maker

[2011.06.25 20:25:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Thinstall

[2010.12.03 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TS3Client

[2012.03.11 15:52:59 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TuneUp Software

[2011.10.09 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Tunngle

[2010.10.17 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Turbine

[2012.04.11 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\UAs

[2010.04.17 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ubisoft

[2011.04.06 14:59:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ultra Fractal 5

[2010.11.11 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Uniblue

[2011.03.30 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Unity

[2010.01.17 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utherverse

[2012.04.19 14:29:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\uTorrent

[2012.04.05 18:05:49 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utysik

[2012.04.05 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wafeo

[2010.09.06 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wildlife Park 2

[2012.04.11 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\xmldm

[2010.08.09 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\XRay Engine

[2011.02.10 18:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\YoWindow

[2012.04.20 16:42:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ziymqa

[2012.04.04 01:29:19 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Zoco

[2012.05.04 17:10:21 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.05.03 21:36:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.minecraft

[2012.04.08 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.Nitrous

[2011.02.08 21:11:53 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\.visualvm

[2012.04.03 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11006

[2012.04.11 22:30:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11009

[2012.04.12 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11012

[2012.04.13 13:41:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11013

[2012.04.16 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11014

[2012.04.17 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11015

[2012.04.20 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11016

[2012.04.23 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11017

[2012.04.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11018

[2012.04.25 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\11019

[2010.04.18 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\acccore

[2010.08.18 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Acoustica

[2012.02.25 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Adobe

[2011.08.22 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ambient Design

[2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Avaq

[2012.03.07 15:04:31 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Avira

[2009.10.16 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Blender Foundation

[2011.09.18 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Braid

[2010.05.22 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Bump Technologies, Inc

[2012.04.18 14:21:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\codeblocks

[2010.08.11 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Lite

[2011.04.17 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DAEMON Tools Pro

[2009.10.22 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Desktopicon

[2012.03.07 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DesktopIconForAmazon

[2012.03.06 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Dev-Cpp

[2010.12.05 04:15:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DivX

[2010.08.28 23:42:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\dvdcss

[2012.01.22 18:07:26 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoft

[2011.04.11 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.02.20 00:10:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\EasyMangosHandler

[2010.01.06 16:02:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Engelmann Media

[2011.07.16 21:01:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FileHunter

[2011.05.22 14:13:50 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Firefly Studios

[2010.03.12 22:51:01 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FOG Downloader

[2010.01.22 13:01:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FreeFLVConverter

[2011.06.20 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\FUEL

[2011.07.31 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GetRightToGo

[2009.10.16 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Google

[2011.01.26 01:14:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\GrabPro

[2012.03.26 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\gtk-2.0

[2012.04.04 01:27:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Gutep

[2012.04.03 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Help

[2010.01.28 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Hunspell

[2012.05.04 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ICQ

[2012.04.03 20:28:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Identities

[2011.01.26 00:14:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Iggels

[2011.04.17 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ImgBurn

[2010.09.05 17:23:28 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\InstallShield

[2010.09.05 17:24:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\InstallShield Installation Information

[2012.02.25 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\IrfanView

[2012.04.05 17:32:10 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Irit

[2010.11.24 17:11:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Jumping Bytes

[2012.03.17 17:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Kittomer Studios

[2012.04.03 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\kock

[2010.08.08 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LEGO Company

[2010.06.19 17:46:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\LolClient

[2009.10.16 18:29:56 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Macromedia

[2012.05.03 16:08:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Malwarebytes

[2010.12.05 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\mathegrafix

[2011.06.21 12:53:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MAXON

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Media Center Programs

[2012.04.15 12:59:33 | 000,000,000 | --SD | M] -- C:\Users\Boris\AppData\Roaming\Microsoft

[2009.10.22 15:37:33 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\MilkShape 3D 1.x.x

[2010.11.24 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mobile Master

[2010.05.26 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mount&Blade Warband

[2010.10.17 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Mozilla

[2011.07.20 13:57:25 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NCH Software

[2011.07.20 13:55:08 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NCH Swift Sound

[2009.10.18 09:23:24 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Nero

[2012.02.04 12:47:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\NVIDIA

[2012.04.04 01:27:37 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ocpode

[2012.03.07 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OCS

[2010.01.21 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\OpenOffice.org

[2011.03.30 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Opera

[2012.04.04 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Orbit

[2010.10.10 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\PACE Anti-Piracy

[2011.01.26 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\phonostar GmbH

[2011.01.26 00:20:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ProgSense

[2011.01.26 01:18:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar

[2010.04.25 14:15:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Reallusion

[2010.09.08 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Registry Mechanic

[2010.09.07 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sakura

[2009.12.21 15:19:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\ScummVM

[2010.01.31 05:22:56 | 000,000,000 | RH-D | M] -- C:\Users\Boris\AppData\Roaming\SecuROM

[2011.09.27 08:47:43 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Skype

[2011.09.27 08:47:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\skypePM

[2009.10.22 14:03:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\smc

[2009.10.22 01:18:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Sony

[2010.04.25 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Spiral Graphics

[2010.09.20 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SPORE

[2010.08.18 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\SynthMaker

[2009.10.16 17:48:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\T-Online

[2009.10.24 13:00:36 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\teamspeak2

[2012.04.03 20:24:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TeamViewer

[2010.04.04 23:49:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Teeworlds

[2011.06.27 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Template

[2010.05.02 11:16:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Texture Maker

[2011.06.25 20:25:35 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Thinstall

[2010.12.03 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TS3Client

[2012.03.11 15:52:59 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TuneUp Software

[2011.10.09 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Tunngle

[2010.10.17 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Turbine

[2012.04.11 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\UAs

[2010.04.17 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ubisoft

[2011.04.06 14:59:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ultra Fractal 5

[2010.11.11 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Uniblue

[2011.03.30 16:12:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Unity

[2010.01.17 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utherverse

[2012.04.19 14:29:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\uTorrent

[2012.04.05 18:05:49 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Utysik

[2012.04.04 10:24:52 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\vlc

[2012.04.05 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wafeo

[2010.09.06 21:55:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Wildlife Park 2

[2012.03.06 16:04:55 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Winamp

[2009.10.18 09:41:11 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\WinRAR

[2011.02.02 23:23:42 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Xfire

[2012.04.11 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\xmldm

[2010.08.09 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\XRay Engine

[2011.02.10 18:51:07 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\YoWindow

[2012.04.20 16:42:04 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Ziymqa

[2012.04.04 01:29:19 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Zoco

 
 < %APPDATA%\*.exe /s >

[2009.10.22 21:43:13 | 000,031,836 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Desktopicon\uninst.exe

[2012.03.07 15:24:39 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Boris\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe

[2006.05.24 19:10:42 | 000,455,600 | ---- | M] (Macrovision Corporation) -- C:\Users\Boris\AppData\Roaming\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe

[2010.06.19 17:01:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Boris\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2010.04.17 19:32:58 | 000,018,944 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{2158685C-E2B3-4026-B0A1-0FFE31837AFD}\Icon2158685C.exe

[2009.11.14 21:26:49 | 000,004,608 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}\Icon40FE74B5.exe

[2010.05.09 00:12:34 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

[2010.05.09 00:12:34 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

[2010.05.09 00:12:35 | 000,008,854 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

[2009.10.22 18:09:08 | 000,010,134 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2007.09.18 03:37:18 | 000,262,144 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\NCH Software\Components\flacdec2\flacdec2.exe

[2007.08.29 15:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe

[2012.03.07 15:24:34 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Boris\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

[2012.03.07 15:24:34 | 000,040,960 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

[2011.01.26 00:38:24 | 000,704,248 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar\unins000.exe

[2010.03.03 15:58:22 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\Boris\AppData\Roaming\QuickStoresToolbar\Update.exe

[2006.09.23 20:43:58 | 001,707,856 | ---- | M] (Microsoft Corporation) -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\instmsi.exe

[2006.09.23 20:44:22 | 001,821,008 | ---- | M] (Microsoft Corporation) -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\instmsiw.exe

[2006.10.25 10:04:20 | 003,608,576 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\mm.exe

[2006.09.15 09:45:20 | 006,955,008 | R--- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe

[2006.09.23 20:44:34 | 000,054,784 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\SteamInstall_German.exe

[2006.09.23 20:44:30 | 000,111,419 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Ubisoft\Dark Messiah of Might and Magic\steam_setup.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: NVSTOR32.SYS  >

[2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73\IDE\WinVista\sata_ide\nvstor32.sys

[2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys

[2007.10.31 05:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys

[2007.10.31 05:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73\IDE\WinVista\sataraid\nvstor32.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010.08.11 22:59:58 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\$NtUninstallKB9818$] -> Error: Cannot create file handle -> Unknown point type

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:64217CD0

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 

< End of report >

--- --- ---

[/Code]

ich doppelposte hier weils zu viele zeichen hatte

hier das extra file von otl

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 04.05.2012 20:33:49 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Boris\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 66,90% Memory free

6,23 Gb Paging File | 5,19 Gb Available in Paging File | 83,27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 284,09 Gb Total Space | 36,44 Gb Free Space | 12,83% Space Free | Partition Type: NTFS

 

Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)

htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{16D405D8-F953-4DD2-8A5A-9D9EEE5E9D80}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{17B3D5C0-C61F-4A1D-AE96-DB4863AE9408}" = lport=138 | protocol=17 | dir=in | app=system | 

"{1880B996-7A9C-4A57-8AF0-C9FE315632C8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{25EBCB20-10A0-4D7C-BC80-9E80ADD4D11C}" = rport=137 | protocol=17 | dir=out | app=system | 

"{2B664397-F9B2-4D16-8588-DD0B33C648CB}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher | 

"{2BF801DC-8D92-4297-BA60-6BE572437D4B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 

"{31A13E34-FC45-4133-97CF-2B8AB2577377}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{38AE8D31-C9A9-4044-8FF0-4325890B1025}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher | 

"{38CE5D1D-57DE-4F2D-9F3E-4C1213C7B982}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher | 

"{3D1382CF-C86E-46D4-9BB6-D72D165B5D28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3D3D50F1-FA05-4493-84F9-6851DDA703D4}" = lport=6923 | protocol=6 | dir=in | name=league of legends launcher | 

"{3DBB8EA1-638D-4481-AEE5-425EB4AABF94}" = rport=445 | protocol=6 | dir=out | app=system | 

"{3F93DC00-70C9-45C7-9F33-1DC3487C1423}" = lport=25565 | protocol=6 | dir=in | name=minecraft | 

"{491DF767-ACFF-488D-B3E2-13B9D3ECE459}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher | 

"{4A0D7FB0-D95D-4265-B8EC-9524EAEEAFBA}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher | 

"{539B7996-E722-4F32-AA95-3CFFA52EBDA0}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher | 

"{636D8103-85B0-4D46-8869-41342380A226}" = rport=138 | protocol=17 | dir=out | app=system | 

"{769B59E4-4E71-43DD-9709-14F1AC9B29EE}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher | 

"{76FE37F4-FB8E-4694-AC00-E01B3C54F178}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{7B1455CA-FB24-40D7-8ACE-5125AB45202D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{7D781E32-3A4B-4044-97C5-A042C35ECF6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{7D7AEE22-AB39-4BFE-A4E4-EF230FBBE7A2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{7D92076E-F5AB-4B69-8FDE-8A0BF3E52C08}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{8609416A-58AB-4017-9958-5360EED02861}" = rport=139 | protocol=6 | dir=out | app=system | 

"{9182E02F-DEA2-497B-9E62-D3CDAEB09D98}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher | 

"{91F4EDE9-1B58-4017-AC67-9DF41DC4D106}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher | 

"{923751DB-1BCC-4249-869D-0C955CF5B200}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher | 

"{926DD65B-F4F5-43B0-88CF-1E70CD878CC8}" = lport=6906 | protocol=6 | dir=in | name=league of legends launcher | 

"{943746CF-6B73-45EF-A298-6543F36AEC21}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 

"{94522379-6B1D-40E0-AD44-EDA41167B7AD}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 

"{99E79BB5-6A90-4C09-9A86-321B7D8C3C9C}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher | 

"{9FA029B4-32FA-4778-8AF7-F5947BFF6D46}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 

"{B23104C8-BF71-4A5E-95A8-3C7181F13860}" = lport=6906 | protocol=17 | dir=in | name=league of legends launcher | 

"{B25F2FEC-25FD-4A45-92BB-151C86DE53EF}" = lport=6923 | protocol=17 | dir=in | name=league of legends launcher | 

"{B8396BF4-AA93-4945-9EFE-8003C7A6AE99}" = lport=445 | protocol=6 | dir=in | app=system | 

"{C962D8B7-2BE9-42B4-977A-6CBEF83A56D8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 

"{E37E8B01-AE88-45DA-8905-CC4ECA288F99}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 

"{E701D24A-3D94-419A-B5A6-FFCF74E01C8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E9A92223-0E73-47DE-97F0-EF8677D933D3}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher | 

"{EE77F615-FD06-467C-AD45-7B1CF6CED0F5}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 

"{F04E04D7-5B9D-428B-8503-D96897711EFD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{FA0AE466-264D-4C90-8459-C198216F7CFC}" = lport=139 | protocol=6 | dir=in | app=system | 

"{FEF6969A-DFF2-43DD-A0B3-38D739C54C33}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02DE0583-4297-4138-BBA8-71B214473385}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 

"{045BBE7C-8422-490A-994F-FC7D87EDBAA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{05FF2AB3-4724-488A-A325-EE933EEE1F27}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 

"{0BC3232B-49C1-4ACB-BD04-389910DC7D88}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe | 

"{0CD46D83-20CC-487D-B960-E4CEE2D218CE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{0E3D17A6-B201-499B-8662-62A9D1096363}" = protocol=17 | dir=in | app=c:\users\boris\desktop\minecraft_server.exe | 

"{0EA6539E-BA88-4175-8D37-C759C420402E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{1318CF1E-BD35-4CC2-B2AB-74335E31B95A}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 

"{144B9E9F-195E-4876-AB4D-B77E3EDFF8B5}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 

"{19104522-D34F-4C4D-A344-3BF9B9A60131}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00a8cbd9\installer.exe | 

"{1AAFFC13-6FB6-44AB-AFC2-23586053D13A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\runme.exe | 

"{202F2C3B-ACFD-448B-9247-3E877D58B369}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{24F02A85-189D-441F-B10B-970C63D950DB}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 

"{26843590-AFD0-4B86-8892-A0E420CA8AFB}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 

"{273A8E26-7BFD-4BE8-98C8-C054847606E8}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 

"{27CC98A7-D665-45D6-8A31-8EADB8530BCF}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 

"{2CC17DBC-ADB2-4813-99F5-34A4194B8D2B}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 

"{2CD57A8B-D713-4F6C-BCC2-236ADC196FD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{33C2FC98-153D-4055-B825-135CEC08590E}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{33D4AD69-5C77-42C1-A6D1-C32F2345CAAD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"{35373F66-E430-46D8-9185-D038987707A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{3ADEB337-C631-4D8D-ACDD-022C88EF9F25}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{3C2BA712-9576-4FBF-A532-A525D141EA37}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 07ee7f08\installer.exe | 

"{3F757E7B-1C74-44E5-82C1-BEBA1B335B7B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 

"{4081D61F-21B3-4C53-9E7E-7CB42B4644B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{44DF9EF6-E174-47DF-BDD4-F3BFE8B8C215}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{47591EB6-8387-4D1C-BFCF-E0EEA5299E85}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 

"{478C2556-E1EF-4455-9D15-285B409D3970}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 

"{4800BC03-56A9-4515-857C-55BBFCD91569}" = protocol=17 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe | 

"{50258AE8-954A-4D18-9ABC-DD44309F91B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\runme.exe | 

"{528EF6A9-600F-4425-8481-0B23B171639F}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 0484ad46\installer.exe | 

"{5470820D-DE2F-49EB-B2F0-11BBDDE970F2}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 

"{560B1F2B-DA32-4DE8-B534-B04040A89073}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 028bb0b5\installer.exe | 

"{5756069D-62F5-43FD-B88E-FCF9AA1B4C17}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{580B9066-0F9E-4863-8EF9-5A97BF8DA476}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 

"{58BE4677-E454-4CA2-B8F5-49C161444BDF}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{5D262F7D-6F72-40B5-8170-FC30AD2F0B8D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{5EC7A198-EA69-41D1-A50E-21E00EFFCDEA}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{618B1286-66BA-479D-8107-8B426544CF21}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 

"{62D264A3-D99B-4305-86B0-702007694967}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00ee262a\installer.exe | 

"{669DF0F2-7594-464B-944F-5A39FCD2721F}" = protocol=6 | dir=in | app=c:\users\boris\desktop\minecraft_server.exe | 

"{6D62E307-08C6-499E-989B-111F0A84BA27}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00a8cbd9\installer.exe | 

"{7415F57B-BE65-4434-A45C-0C04FC5CCF09}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{778F9966-8CDC-4992-96BB-480ECB3BFF1C}" = protocol=17 | dir=in | app=c:\program files\codemasters\fuel\fuel.exe | 

"{7A4DD3B8-561C-4933-AB39-B5DC1878171B}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 

"{8032B261-753F-4B5C-9AFA-D61CD67721F3}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{809D45BE-F6E7-43B3-9508-BF86A9A40E48}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 

"{81B9B241-0569-4878-B6E6-4203A051B9B5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{8641BAFB-FF02-4C5E-9923-8D24723E1AB3}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 

"{86E83DCC-B5DB-44C3-9806-0835551121B5}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{877A3AFF-1C57-4DB9-A6B7-6EC3BFE0291D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{883B9DB7-DBC8-41DC-ABD7-27F32E4CA91C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 

"{8A75486B-C67E-460D-9554-B52F6E536D0E}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 9\3dsmax.exe | 

"{8AF652F9-B30D-4109-BCB9-795C72688A8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{8C3B5638-BCBC-4795-99C6-4C28CE89F787}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{8CD551BB-8577-4FE3-B5C8-4378904B2CBF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 

"{8F0DB90D-4434-4191-9516-FE3701927DD8}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 

"{953B2F24-3D26-43D4-BB3A-AA024B370CB2}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{99427D11-070B-43CE-87A8-49DF18D07EC7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 

"{9B8AA46C-2C6D-44D2-9D9A-0F304D2C5ADD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{9BC993B1-61FE-4D58-AB6F-1C49D89ED678}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 

"{9CE210E5-141A-4544-A4AF-43AC91CAA564}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00ee262a\installer.exe | 

"{9E7B8992-6B2A-4C90-846A-FB5F2727D3BC}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00024604\installer.exe | 

"{9F6CAA77-FB1F-4130-8C53-CDB4A94CC447}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{A25640AE-6F3B-47AC-8B3B-B567958BA3ED}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 

"{A450128C-032C-46DB-8C46-8FF6D72F025F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{A45C83A6-B0DD-4533-A8B3-5AFA446713EC}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 

"{A698B36C-4F48-4C0C-BFDF-46947F0621E7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 

"{A7CE014C-832F-4332-938E-0DA66A042E08}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{A9CF2A59-7A9B-4506-8861-8856A7F4EDAC}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 

"{AC90A8BE-D64B-411A-B990-1BC305503B0C}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00909c9f\installer.exe | 

"{ADC9062B-3727-4A32-81E8-F8D919DEFBAD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{B06B8EC0-5E7B-4077-AB45-8E9AF35F4076}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 

"{B2B955B7-E1A9-4F26-83BD-DE59BD695504}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{B623593D-FAFC-4393-AE0B-A0A53614B386}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 

"{B6E500B9-8D70-4295-9043-9B36D3661567}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{BA704343-95FA-4296-B828-D4B27EBDD4A8}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 0484ad46\installer.exe | 

"{BCC2A4F6-A28B-481D-8F6B-CEA07F494C57}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00024604\installer.exe | 

"{BE7DD6A6-30E8-47AD-B02F-D1EDBE1AD73B}" = protocol=6 | dir=in | app=c:\program files\codemasters\fuel\fuel.exe | 

"{C142CC44-EFF4-48BA-9926-ABAF85580FA5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{C5BDE3E4-2050-4BA3-9C87-D904661D28D4}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 02de647b\installer.exe | 

"{C6428EAA-0B5D-4FB9-B0AD-F6DA98121689}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 

"{CA3A0387-4A5F-4DA4-BBCB-4645D6E91C84}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{CAD2F887-39C3-47FA-98FC-96D7C0ED85E1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 

"{DA3278F4-AF77-477A-A6B0-545FF3CDC4CE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 

"{DAD0CD48-8102-4275-BCA8-D24B572DF53C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 

"{DBB6A3A7-1F9B-4752-94B2-D49C34EA0877}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 

"{DE36D1B0-BF38-459D-B37E-755F5DCEE516}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 028bb0b5\installer.exe | 

"{E43039F7-9D3A-4198-B2A7-B58CADA54497}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{E6EDA77F-EF6B-4B1D-B769-667B5B3FB820}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{E9FE5BB9-6643-4C22-B119-6B4CD7E0CBF0}" = protocol=6 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe | 

"{EB52EB36-F719-40E3-A351-A2EAD81DC056}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 

"{EBD07366-D943-42D4-87D0-483741E33D59}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 00909c9f\installer.exe | 

"{EC92F9BC-24E8-4F26-9FFE-80063FAB19C9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 

"{F1A0767C-A800-4A7C-8DA5-DF0DCF3E6D98}" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 02de647b\installer.exe | 

"{F54A5BE6-50FB-47EB-A87A-213036F3CEEE}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 

"{FA18CB15-8798-4BCE-A756-C08724D32D80}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 

"{FC0893EC-E4CA-45E3-82A9-1E1E3C649C61}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 

"{FC3A99E2-13C4-461B-9B68-BA9FF30ADC9D}" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\blizzard installer bootstrap - 07ee7f08\installer.exe | 

"{FF4C2E75-BBAB-4A81-8819-8C5B0AC02751}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 

"TCP Query User{022DE049-564C-4012-9E21-84F26C0F5C5F}C:\program files\night\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files\night\mass effect 2\binaries\masseffect2.exe | 

"TCP Query User{02653C95-74CD-48EE-A07F-7BFE52BA063A}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe | 

"TCP Query User{06767FDE-A731-4AAF-9826-6E8035AA6188}C:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe | 

"TCP Query User{067ADF3E-9189-43A8-9E12-FA0936C78A00}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 

"TCP Query User{0776E850-ED15-45C2-AC29-7156310C74A0}C:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe | 

"TCP Query User{0B574A9B-7B82-46EB-8244-CC95A7A19FBD}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 

"TCP Query User{1320678D-EA91-4D1F-A96A-CF56DE96AC5F}C:\program files\the babylon project\fs2_open_3_6_9.exe" = protocol=6 | dir=in | app=c:\program files\the babylon project\fs2_open_3_6_9.exe | 

"TCP Query User{133C9B90-1081-48DB-9B88-886F1FD383F1}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 

"TCP Query User{14C08A75-51A3-4FF9-A051-39EEBB850645}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 

"TCP Query User{1AF315BD-7EC8-4780-A9F2-75768F9E5B52}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 

"TCP Query User{1F0D8FB3-5693-449E-9CD8-A8623CD04CB0}C:\program files\hypercube source\steamless.dll" = protocol=6 | dir=in | app=c:\program files\hypercube source\steamless.dll | 

"TCP Query User{21341BA7-E7E6-4C31-94DD-CE0B1D1D2451}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"TCP Query User{2577BE9C-0BFB-42A0-BAA3-7BF19BBB4FCB}C:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe | 

"TCP Query User{26838C21-2A82-424B-9E62-AA74CA11CC33}C:\program files\blitz3d\bin\blitzcc.exe" = protocol=6 | dir=in | app=c:\program files\blitz3d\bin\blitzcc.exe | 

"TCP Query User{2E141BD9-170E-4BDA-A654-98136BE96505}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{2E83B60D-E898-4E0B-A527-018FBD3C6ACB}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe | 

"TCP Query User{2FEB44FB-8D53-4451-99CA-7C3845E699FE}C:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe | 

"TCP Query User{30D3A633-6A5C-4986-A6C8-3D427FF4D02A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"TCP Query User{33955399-04FC-44C4-8622-89C01A0D99F9}C:\users\boris\downloads\core\cwcore.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\cwcore.exe | 

"TCP Query User{3937FB58-5A42-4630-8E2F-8B76A902E172}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 

"TCP Query User{3E1538A2-BBCA-4AFC-8D17-01A1CA3A9A6D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 

"TCP Query User{3EAEA7ED-8E83-4758-9929-CD7DD43FA294}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{3F173495-1841-4ECC-8886-713C05C700A2}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{413F770A-B9FD-4E2A-9E4E-4868610259BA}C:\users\boris\downloads\core\cwrealm.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\cwrealm.exe | 

"TCP Query User{42594201-F037-437B-8141-AF3F60C8A400}C:\program files\valve\hltv.exe" = protocol=6 | dir=in | app=c:\program files\valve\hltv.exe | 

"TCP Query User{429FBD7D-2C5E-4EE1-A709-3823D27C0EAE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"TCP Query User{43CBB8C4-6615-4EFF-9AB6-1DDC469477E4}C:\udk\udk-2011-04\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udk.exe | 

"TCP Query User{457DB43B-35E6-480D-A24D-56E95B3DE700}C:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe | 

"TCP Query User{45AEC5EA-1184-4A48-9428-A6D48662D4A2}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=6 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe | 

"TCP Query User{47C77EFE-5920-495A-86C9-5710503A2861}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{516AA790-0B6F-4ACC-BF27-C124B33A5033}C:\program files\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\stronghold3.exe | 

"TCP Query User{544A51CE-016A-4E35-BBDF-A32209DC9B76}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 

"TCP Query User{54DB338E-FEC2-44DD-A0C0-19BC8D9AD1D9}C:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 

"TCP Query User{58A72013-7EA2-48B3-A2C4-BF82ED3896AF}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 

"TCP Query User{5A2A1118-0A97-4C8E-B5A1-2D97A9AB0193}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{5D3ACD67-FFB0-4CE9-BEE6-B834E6795F2B}C:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe | 

"TCP Query User{68FA5DB8-96BD-47B2-B1AE-943861EB7947}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 

"TCP Query User{6BD09A77-62EC-48BE-B272-EF6D7160F61E}C:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe | 

"TCP Query User{6D084A94-CD54-498F-9524-53788E9DD209}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 

"TCP Query User{6E21FDCB-D240-4FCC-8074-BC7540FD5841}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe | 

"TCP Query User{72216BAF-B0C5-4E7A-AB46-764831D04F3A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{77CBC97C-A2B3-472C-BD60-D0D3F23935E3}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe | 

"TCP Query User{7815EB27-6698-431C-A79A-9F5DB5AFA91D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"TCP Query User{7B061044-AB54-46A8-AEB7-251F4640B801}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 

"TCP Query User{8416F972-0AA8-4828-ACA7-B59A28840426}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 

"TCP Query User{867159E4-F1A7-4358-B351-3B993BE3905F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{86A26453-2FA3-4398-8B86-0907E00A2FF1}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 

"TCP Query User{8AC941BE-3E5A-4CE0-9CA4-CE9BD84CF085}C:\udk\udk-2011-04\binaries\win32\udkmobile.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udkmobile.exe | 

"TCP Query User{8D86B87B-EE5F-4316-8DB0-C3CCDB222CDF}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe | 

"TCP Query User{929027B2-4AB4-4806-A21E-8F9957B87A2E}C:\program files\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\black & white\runblack.exe | 

"TCP Query User{940FBC74-7DE1-4830-A760-929750893F81}C:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe | 

"TCP Query User{97472822-0439-444B-B6F6-DB9FE87C27D3}C:\program files\java\jdk1.6.0_23\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_23\bin\java.exe | 

"TCP Query User{9DAA6599-8DC1-4EAC-AB5E-932F27A299A4}C:\program files\stronghold 3\bin\win32_release\mapeditor.exe" = protocol=6 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\mapeditor.exe | 

"TCP Query User{9E8C12BD-3867-4CFD-9F49-673EE9689267}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 

"TCP Query User{9EF206B9-C9FF-4957-9B38-F0761AF7B397}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 

"TCP Query User{9F65A574-101D-4350-AC39-4BA569D93FF9}C:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe | 

"TCP Query User{A002C11C-6AD8-4FF1-AC8D-C022706A0F46}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{A3C5F585-18ED-4664-B0E4-987E8F116B8D}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=6 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe | 

"TCP Query User{A464C402-FB90-4043-ACEE-989161E3D64F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{ACF1B1CC-CD0F-42DC-BEE0-C1FB1ABC9AA4}C:\users\boris\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\roaming\filehunter\pumpa.exe | 

"TCP Query User{B1932715-2E2A-4EF1-9874-4F621EA5149F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 

"TCP Query User{B2766438-A46C-4660-9505-0D08268F728F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 

"TCP Query User{B4770EE8-708C-4556-9315-0A48D36E26E5}C:\udk\hazard - journey of life demo\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\hazard - journey of life demo\binaries\win32\udk.exe | 

"TCP Query User{BAD96D52-FB5D-4205-B198-3967FC1B1251}C:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe | 

"TCP Query User{BD38BC71-CC01-4975-A684-23B3BFE72ADD}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 

"TCP Query User{C1F52990-E4A0-432B-ABDA-C47BA891B323}C:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe | 

"TCP Query User{C310592F-B9F4-446C-919F-7A3C8FE5D4DC}C:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe | 

"TCP Query User{C659805D-4B14-488E-9DAD-C685F343DD80}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe | 

"TCP Query User{D35280C2-7DEC-4B0E-8D83-AB4384399506}C:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe | 

"TCP Query User{D49D1BFF-7D9C-42F5-8232-3E67C5F79222}C:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe | 

"TCP Query User{D5833881-93E7-411C-A3F7-0FC720DAF948}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 

"TCP Query User{D6F78663-8FE2-45C7-93D3-D332D5DCB8DA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{DE7AA29E-7E83-47B7-BE79-B0AC2BFF926A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"TCP Query User{DED412C4-7181-49B0-A221-FDD21224D80A}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 

"TCP Query User{E382B687-C828-48AF-B52D-34A882A1FBB3}C:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe | 

"TCP Query User{E442A0B0-F572-4D24-B310-C33DF40C9FEC}C:\users\boris\appdata\local\temp\dsoclient\app.n3app" = protocol=6 | dir=in | app=c:\users\boris\appdata\local\temp\dsoclient\app.n3app | 

"TCP Query User{EC134832-63E8-42AF-BB30-52B0C3A491A8}C:\users\boris\desktop\spiele\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\spiele\counter-strike source\hl2.exe | 

"TCP Query User{EC34E1DA-D02E-4D86-B508-54B1CAFC91D6}C:\program files\xnormal\3.16.13\x86\coordinator.exe" = protocol=6 | dir=in | app=c:\program files\xnormal\3.16.13\x86\coordinator.exe | 

"TCP Query User{EDB0961D-A6F7-4EBD-B17B-C1B6AB4FF95E}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe | 

"TCP Query User{EF79D92C-5D28-4FD3-93EA-5090F30F926F}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 

"TCP Query User{F0D97232-1EC7-4EB8-8984-BD06644BE0D3}C:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe" = protocol=6 | dir=in | app=c:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe | 

"TCP Query User{F33AC4F1-4EBA-4981-9EB0-571512F86547}C:\udk\udk-2011-04\binaries\swarmagent.exe" = protocol=6 | dir=in | app=c:\udk\udk-2011-04\binaries\swarmagent.exe | 

"TCP Query User{F3821BB0-9DFD-4787-9493-ADE16099DC02}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 

"TCP Query User{F492F37C-849A-4FC3-87D4-B7698AF3669D}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 

"TCP Query User{F92E44C5-7643-4D91-894C-44BCCF7A0FCD}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 

"TCP Query User{FE6F0035-6221-4401-A4BE-1E9D401B684F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 

"TCP Query User{FF8A7B8E-DFDF-44DA-94CB-89992778F85F}C:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe | 

"UDP Query User{0151A2BF-32A7-4D76-B340-B33D97597F08}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe | 

"UDP Query User{045D52F1-2CD8-49C4-809C-3B390AE4D4E8}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{05127824-4C81-445F-9D67-F61D280734BF}C:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\apache2\bin\apache_16.exe | 

"UDP Query User{052990CF-4B5C-4D29-B93C-CD0EEE8A5D9D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 

"UDP Query User{083D5889-9C48-42CD-808E-4D10047D2391}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 

"UDP Query User{0A68D327-6070-44D1-A8A2-321AA2585586}C:\program files\java\jdk1.6.0_23\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_23\bin\java.exe | 

"UDP Query User{0B1A0E88-18C0-4131-BBE5-8807E99D48BB}C:\users\boris\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\roaming\filehunter\pumpa.exe | 

"UDP Query User{0B6095D2-1697-4C43-9C82-95FFFC533801}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 

"UDP Query User{14022CA9-47BE-465A-BCEA-8B880AACB16D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 

"UDP Query User{152468BB-E02E-4C0F-8823-8F1A18308E7D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"UDP Query User{1E14CAF8-89E3-4B10-9E16-E265D82A5DC0}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 

"UDP Query User{1E41A05A-AD35-4C29-9B59-6F02FA0468B5}C:\program files\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\black & white\runblack.exe | 

"UDP Query User{2292C245-7B10-4890-9467-DACC7842DB25}C:\udk\udk-2011-04\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udk.exe | 

"UDP Query User{24FD5A2C-88EF-409A-B3A3-116417E95E22}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{2ADE7731-AE6C-498B-ADF3-78116F08A21F}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic dedicated server\srcds.exe | 

"UDP Query User{2B8FCBDB-9FEC-4D32-B8F6-AB52F9EFCE36}C:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\left4dead2.exe | 

"UDP Query User{2D685F94-FD87-4B0F-BA42-5C4517C28970}C:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\call of duty 2\call of duty 2-multiplayer.exe | 

"UDP Query User{2D97AD20-6B5D-49F2-87AF-C2756FA26369}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 

"UDP Query User{2FDE7C13-0469-4092-B282-7042CA6AF82F}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=17 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe | 

"UDP Query User{33FCFA65-0776-407E-A0F9-16F48F2628A9}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 

"UDP Query User{349CF789-108E-4FBF-9F99-8FBEF6995928}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 

"UDP Query User{3621C7CF-DA20-48FA-B661-4504DE9CC5A9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{3862D31C-8EB1-42EB-BCC7-B56DDA97FC47}C:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\fogdownloader-rom_2_1_6_2049.exe | 

"UDP Query User{398B9CAE-4661-4B89-BAA1-14F97F15E88D}C:\program files\blitz3d\bin\blitzcc.exe" = protocol=17 | dir=in | app=c:\program files\blitz3d\bin\blitzcc.exe | 

"UDP Query User{3DAB5E4A-6429-4A73-8D1D-64ECB6F7B6B5}C:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 

"UDP Query User{43FBA8BB-2ADA-48AE-A653-2D38868F7CC4}C:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 2\cod2mp_s.exe | 

"UDP Query User{46E867DC-F92E-4C9A-A99E-E65032FA8BF8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{4A29D028-1875-4DE2-A54D-B159AC8AD726}C:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\neuer ordner\stranded_mulitplayer\stranded mulitplayer\strandedii.exe | 

"UDP Query User{508DAA28-B9F1-4F38-93E2-5A918C449495}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 

"UDP Query User{52EAAD1E-6A44-42AD-BE47-2C9AA8282D98}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{53CC166D-9A6B-440C-AE97-FDC018E1F52F}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 

"UDP Query User{5CA333C3-2393-4CB6-8C43-A2458B5E07A7}C:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\udrive\usr\local\mysql\bin\mysqld-opt.exe | 

"UDP Query User{5D0B9ABB-80FF-47F0-B3CF-E59F7402CDFD}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 

"UDP Query User{5EEDDFF6-BC0B-4809-AE85-6B5BF1FB3070}C:\program files\xnormal\3.16.13\x86\coordinator.exe" = protocol=17 | dir=in | app=c:\program files\xnormal\3.16.13\x86\coordinator.exe | 

"UDP Query User{61C08820-608B-4076-8D49-58623299AD36}C:\program files\rockstar games\gta san andreas\samp-server.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\samp-server.exe | 

"UDP Query User{67A078B9-E937-48EE-82AC-B8846624509C}C:\program files\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\stronghold3.exe | 

"UDP Query User{6A8E5217-84A7-4D48-A63B-E4917345BACE}C:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\left 4 dead 2\srcds.exe | 

"UDP Query User{6C85AB3D-163C-4AA0-8027-27BBE7E20381}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 

"UDP Query User{6D06211C-137B-4729-B798-EA1E410A8D79}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 

"UDP Query User{6DDFF840-5DC5-4ADA-BBF7-DAF3E7BCB032}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 

"UDP Query User{6F0CE591-5714-4178-B213-46C502D53E13}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 

"UDP Query User{703379DA-58C7-4FCA-A716-D327B8FEF1CA}C:\users\boris\downloads\core\cwrealm.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\cwrealm.exe | 

"UDP Query User{71D373C7-B443-4D7E-A118-3E80CC2EDB52}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{7205C025-131E-4B6F-8BC8-D812399487B4}C:\udk\udk-2011-04\binaries\swarmagent.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-04\binaries\swarmagent.exe | 

"UDP Query User{746048C6-E4E1-4C78-9AC8-9B159AE3C3AA}C:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\counter-strike source\counter-strike source\srcds.exe | 

"UDP Query User{7C1D3DD9-E1EA-412A-BDCF-AC1FE4271B61}C:\program files\stronghold 3\bin\win32_release\mapeditor.exe" = protocol=17 | dir=in | app=c:\program files\stronghold 3\bin\win32_release\mapeditor.exe | 

"UDP Query User{8167A71D-0BAE-4DC0-BFBE-BDD8BD1111A6}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 

"UDP Query User{874E3D56-F598-4BD0-9B85-4F80A84EF9B8}C:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\stranded mulitplayer\strandedii.exe | 

"UDP Query User{89DECFF4-E9DE-4184-AC85-80A89BB4D76C}C:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\minetest-0.3.0-win32\minetest-0.3.0-win32\bin\minetest.exe | 

"UDP Query User{8F6471CD-8FBC-4862-A1F8-C8E6390B82B6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{8FBF5A62-94BB-46AD-ADBF-DB29E840EE7B}C:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\dead island\deadislandgame.exe | 

"UDP Query User{914DFAFF-7B1B-44F2-8396-7634B751203E}C:\program files\night\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files\night\mass effect 2\binaries\masseffect2.exe | 

"UDP Query User{94A899CB-EC83-4F38-8C8A-44863F8630BE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{9712ABBC-9B35-4682-9DDC-8C690436CD98}C:\users\boris\downloads\core\cwcore.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\core\cwcore.exe | 

"UDP Query User{9FE09C73-45E9-423C-91C9-8DFB594B9077}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 

"UDP Query User{A77071BE-40C1-4C54-B1F1-096BB1CA08D4}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 

"UDP Query User{A9B824AE-9249-46D0-B640-829B5E154B12}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 

"UDP Query User{AA829504-18FF-47CF-9322-7B9CE00C2772}C:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\cryengine_v3_3_7_2572_freesdk\bin32\launcher.exe | 

"UDP Query User{AAE51A5C-85AA-4AB5-930D-60E9D7BBC91E}C:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\thesmileassault i\thesmileassault i\thesmileassault.exe | 

"UDP Query User{AD8AE2BA-BFCD-44D8-A8EA-B8DCC17C5121}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{B005D980-3FE5-4EE4-80D1-915267186ECA}C:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\virtualstore\program files\dead island\deadislandgame.exe | 

"UDP Query User{B5CD05D8-46EC-4F47-B4C3-41B1EC5D106C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 

"UDP Query User{B810E388-E2EC-4F27-B301-5760F4FA460D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{B8CE9875-37FB-42F1-BFCB-822771DF46A3}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{C0F135BF-03FA-4034-84FA-07A802C6654A}C:\users\boris\appdata\local\temp\dsoclient\app.n3app" = protocol=17 | dir=in | app=c:\users\boris\appdata\local\temp\dsoclient\app.n3app | 

"UDP Query User{C7EAD287-6C8F-4292-967A-8B77F3C15C16}C:\program files\hypercube source\steamless.dll" = protocol=17 | dir=in | app=c:\program files\hypercube source\steamless.dll | 

"UDP Query User{C9A53DFD-8B51-4333-BF1C-E8851100AF8A}C:\udk\udk-2011-04\binaries\win32\udkmobile.exe" = protocol=17 | dir=in | app=c:\udk\udk-2011-04\binaries\win32\udkmobile.exe | 

"UDP Query User{D3861E9B-8083-4F6F-83E8-01270D5C675F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"UDP Query User{D7863355-18B3-4A6B-86B0-AC650856A0DC}C:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schimmelbolzen\dark messiah might and magic multi-player\mm.exe | 

"UDP Query User{D9E63ED6-7875-4245-A910-448E904C00BC}C:\udk\hazard - journey of life demo\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\hazard - journey of life demo\binaries\win32\udk.exe | 

"UDP Query User{E0782E38-CE26-4FB8-AE73-99E2DCEE0B94}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe | 

"UDP Query User{E17D6295-5BB8-4C4D-92CB-619E339C3C3C}C:\program files\valve\hltv.exe" = protocol=17 | dir=in | app=c:\program files\valve\hltv.exe | 

"UDP Query User{E1FF2836-73B3-48D6-AEA2-2D956561404D}C:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\stranded_mulitplayer\stranded mulitplayer\strandedii.exe | 

"UDP Query User{E5E34105-1D7A-448D-B94D-63EC04DE25B8}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 

"UDP Query User{E6830D94-2238-4A77-B506-5AAA59CAEBD6}C:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe" = protocol=17 | dir=in | app=c:\program files\jowood\gothic ii gold\_work\tools\zspy\zspy.exe | 

"UDP Query User{E9114C9C-F50B-4442-860E-FD6094C760F2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{EAB75652-C838-4E61-9183-07B4F0EE7CC9}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 

"UDP Query User{EC65006E-E787-4445-BD6B-4E7D75ADC562}C:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe" = protocol=17 | dir=in | app=c:\users\boris\downloads\left 4 dead 2 v2.0.0.1 cracked\srcds.exe | 

"UDP Query User{EC74F221-ED84-486F-B802-93F5E403CB5A}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 

"UDP Query User{ECACC013-C621-43B5-806F-E7959230BBA4}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 

"UDP Query User{EDF9C4FF-CC08-4AB3-A8A5-F4822C7825B7}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 

"UDP Query User{F0FF9C74-DE15-4F66-91D5-0B4FC7B1955C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{F2060172-1131-45ED-9558-8BD0791DD2F6}C:\program files\the babylon project\fs2_open_3_6_9.exe" = protocol=17 | dir=in | app=c:\program files\the babylon project\fs2_open_3_6_9.exe | 

"UDP Query User{F2A04A35-7274-48C1-985F-59981291F50A}C:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\minecraft server\mcadmin\mcadmin.exe | 

"UDP Query User{F2E5146B-3225-4922-8D3E-D4ED88CB0CBF}C:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\call of duty 4 - modern warfare1\iw3mp.exe | 

"UDP Query User{FAF060B8-B4C2-43C0-AFFF-9C8C66E32669}C:\users\boris\desktop\spiele\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\boris\desktop\spiele\counter-strike source\hl2.exe | 

"UDP Query User{FB0C1D01-B124-4877-8B2C-DB5AF6375502}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0

"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU

"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM

"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B9CCE86-8E60-4CE5-AE03-26F79D4D8FA9}" = Item-mall

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1

"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client

"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind

"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{2158685C-E2B3-4026-B0A1-0FFE31837AFD}" = PlayLinc

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4

"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1

"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU

"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012

"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23

"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1

"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver

"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials

"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]

"{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}" = Gothic 2 Gold

"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser

"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 

"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU

"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{573576B6-2112-4679-BF42-C8D9CE2E4A29}" = Ace of Spades

"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set

"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types

"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services

"{5C358088-A837-44EC-91D0-9FD06FF40896}" = Mobile Master

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works

"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319

"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie

"{6C15DC29-040C-433F-B1AE-783D37E9C08B}" = Python 2.6 pygame-1.9.1

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0

"{6EF7803B-4ADC-41F1-AFE7-E5A7931E5C4A}" = ArtRage Studio Pro

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime

"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6

"{765E50AF-5550-4F7E-84F4-524D1BF2C49D}" = MSM2MSI_gstudio

"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer

"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch

"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU

"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7

"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 

"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework

"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A8DE8C34-7F51-4cc8-B326-C425793EE741}" = THE CHRONICLES OF RIDDICK: ESCAPE FROM BUTCHER BAY 

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable

"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent

"{B7DDE586-D6F1-4CC7-8A2F-FCFF59F77D7D}" = OutcastDVD

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{BD87B950-D3E0-11D3-BE74-0000E20392C2}" = Outcast

"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

"{C53F001E-5912-4E76-AC49-9AC20B36B1A2}" = MSM2MSI_gstudio

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms

"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE

"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas

"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de

"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.8

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de

"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU

"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials

"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi

"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White

"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit

"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de

"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro

"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater

"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files

"5513-1208-7298-9440" = JDownloader 0.9

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Avira AntiVir Desktop" = Avira Free Antivirus

"Blender" = Blender

"BlitzMax_is1" = BlitzMax1.36

"CyberGhost VPN_is1" = CyberGhost VPN

"DAEMON Tools Pro" = DAEMON Tools Pro

"DesktopIconAmazon" = Desktop Icon für Amazon

"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)

"Die Rückkehr zur Geheimnisvollen Insel 2_is1" = Die Rückkehr zur Geheimnisvollen Insel 2

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"EarthSculptor_is1" = EarthSculptor 1.05

"EasyBits Magic Desktop" = EasyBits Magic Desktop

"eBay Icon" = eBay Icon

"ESET Online Scanner" = ESET Online Scanner v3

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"Fallout" = Fallout

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.3.920

"Free Audio Converter_is1" = Free Audio Converter version 2.3.815

"Free FLV Converter_is1" = Free FLV Converter V 6.7.7

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.4.1228

"Free YouTube Download_is1" = Free YouTube Download 2.3

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324

"GT Interactive - Driver" = GT Interactive - Driver

"Hardcore" = Hardcore

"Heroes of Might and Magic® III" = Heroes of Might and Magic® III

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"ICQToolbar" = ICQ Toolbar

"ImgBurn" = ImgBurn

"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch

"Legend of Grimrock_is1" = Legend of Grimrock

"LHTTSDUN" = L&H TTS3000 Nederlands

"LHTTSFRF" = L&H TTS3000 Français

"LHTTSGED" = L&H TTS3000 Deutsch

"LHTTSJPJ" = L&H TTS3000 Japanese

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"MaPZone2.Free" = Allegorithmic MaPZone2.Free

"MDT" = Battlefield Mod Development Toolkit 2.0 Beta

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU

"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack

"MinGW" = MinGW 5.1.3

"Mobile Master" = Mobile Master 7.7.4

"Mount&Blade Warband" = Mount&Blade Warband

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

"MySSID_is1" = Vtune 7.21

"Native Instruments Massive" = Native Instruments Massive

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office2007" = Microsoft Office Home and Student

"OggDS" = Direct Show Ogg Vorbis Filter (remove only)

"OpenAL" = OpenAL

"Orbit_is1" = Orbit Downloader

"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9

"PoiZone" = PoiZone

"PowerISO" = PowerISO

"PunkBusterSvc" = PunkBuster Services

"PyQt GPL v4.6.2 for Python v2.6" = PyQt GPL v4.6.2 for Python v2.6

"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0

"Return to Mysterious Island" = Return to Mysterious Island

"Sawer" = Sawer

"ScapeMaker" = ScapeMaker

"ScummVM_is1" = ScummVM 1.2.1

"ST6UNST #1" = HeightmapCreator

"ST6UNST #2" = HeightmapCreator (C:\Program Files\HeightmapCreator\)

"Steam App 2130" = Dark Messiah Might and Magic Multi-Player

"Steam App 39500" = Gothic 3

"Steam App 41680" = Death and the Fly

"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™

"Steam App 91310" = Dead Island

"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Theme Park World" = Theme Park World

"TmNationsForever_is1" = TmNationsForever Update 2010-03-15

"Toxic Biohazard" = Toxic Biohazard

"TuneUp Utilities 2012" = TuneUp Utilities 2012

"Tunngle beta_is1" = Tunngle beta

"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine

"Uninstall_is1" = Uninstall 1.0.0.1

"uTorrent" = µTorrent

"vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)

"VLC media player" = VLC media player 1.1.4

"Winamp" = Winamp

"WinGimp-2.0_is1" = GIMP 2.4.7

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"Works9se" = Microsoft Works 9.0 SE

"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)

"Xfire" = Xfire (remove only)

"Xvid_is1" = Xvid 1.2.2 final uninstall

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah 

"CodeBlocks" = CodeBlocks

"Dachon 4k" = Dachon 4k

"I-Doser v4" = I-Doser v4

"Miners4k" = Miners4k

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.05.2012 15:40:29 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 03.05.2012 16:02:16 | Computer Name = Boris-PC | Source = MsiInstaller | ID = 11316

Description = 

 

Error - 04.05.2012 07:54:44 | Computer Name = Boris-PC | Source = MSSQL$SQLEXPRESS | ID = 8317

Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'

 zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind

 deaktiviert.

 

Error - 04.05.2012 07:55:41 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.05.2012 08:51:36 | Computer Name = Boris-PC | Source = MSSQL$SQLEXPRESS | ID = 8317

Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'

 zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind

 deaktiviert.

 

Error - 04.05.2012 08:52:07 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.05.2012 11:12:38 | Computer Name = Boris-PC | Source = MSSQL$SQLEXPRESS | ID = 8317

Description = Der 'First Counter'-Wert, der dem Registrierungsschlüssel 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'

 zugeordnet ist, kann nicht abgefragt werden. SQL Server-Leistungsindikatoren sind

 deaktiviert.

 

Error - 04.05.2012 11:13:27 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.05.2012 11:39:36 | Computer Name = Boris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.05.2012 11:39:37 | Computer Name = Boris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

[ System Events ]

Error - 04.05.2012 08:52:07 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 04.05.2012 08:52:07 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 04.05.2012 11:09:57 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 04.05.2012 11:10:00 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 04.05.2012 11:09:58 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 04.05.2012 11:10:00 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 04.05.2012 11:10:04 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 04.05.2012 11:10:04 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 04.05.2012 11:13:28 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 04.05.2012 11:13:28 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7001

Description = 

 

 

< End of report >

--- --- ---

[/Code]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironto

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes,DefaultScope = {62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}

IE - HKU\S-1-5-21-209655109-2756548685-674970729-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="

[2012.03.07 15:24:38 | 000,001,090 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\conduit.xml

[2012.03.09 08:25:10 | 000,001,292 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\funmoods.xml

[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-1.xml

[2012.03.09 08:25:10 | 000,000,828 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-2.xml

[2012.03.09 08:25:10 | 000,000,901 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin.xml

[2009.10.16 19:46:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.03.09 08:25:10 | 000,002,050 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}: DhcpNameServer = 7.254.254.254

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell - "" = AutoRun

O33 - MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\Shell\AutoRun\command - "" = L:\loader.exe

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\win32\autorun\m4ck.exe

[2012.04.25 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11019

[2012.04.24 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11018

[2012.04.23 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11017

[2012.04.20 15:29:14 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11016

[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe

[2012.04.20 10:45:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe

[2012.04.17 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11015

[2012.04.16 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11014

[2012.04.13 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11013

[2012.04.12 13:49:53 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11012

[2012.04.11 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\UAs

[2012.04.11 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\11009

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:64217CD0

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Files

C:\Windows\$NtUninstallKB9818$

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Heute kam eine Meldung von Avira "C:\Users\Boris\Appdata\Roaming\BAcroIEHelpe122.dll" das soll ein RKIT/Agent.czcu sein ist das was bedenkliches? soll ich vllt nochmal den eset scan durchführen?
edit:
Sorry ich habe deine neuste antwort gar nicht bemerkt, da sie auf der zweiten seite war .erst jetzt fällt es mir auf als ich noch was geschrieben hab.
avira hat mir noch kurz drauf 5 weitere meldungen gegeben TR/spy.banker.age13
so ich mach jetzt mal diesen otl fix. was bewirkt dieser fix?

hier is das log das nach dem fixen kam:

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-209655109-2756548685-674970729-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.

C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.

HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62CA968C-E5F9-4FDC-9F4E-C8C994351E8B}\ not found.

Registry key HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems

Prefs.js: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" removed from keyword.URL

C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\conduit.xml moved successfully.

C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\funmoods.xml moved successfully.

C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\searchplugins\icqplugin.xml moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.

C:\Programme\icq\Internet Explorer\icq.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}\\DhcpNameServer| /E : value set successfully!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a91e5259-c309-11de-88be-0025113402db}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a91e5259-c309-11de-88be-0025113402db}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a91e5259-c309-11de-88be-0025113402db}\ not found.

File L:\loader.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.

File J:\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.

File K:\win32\autorun\m4ck.exe not found.

C:\Users\Boris\AppData\Roaming\11019\components folder moved successfully.

C:\Users\Boris\AppData\Roaming\11019 folder moved successfully.

C:\Users\Boris\AppData\Roaming\11018\components folder moved successfully.

C:\Users\Boris\AppData\Roaming\11018 folder moved successfully.

C:\Users\Boris\AppData\Roaming\11017\components folder moved successfully.

C:\Users\Boris\AppData\Roaming\11017 folder moved successfully.

C:\Users\Boris\AppData\Roaming\11016\components folder moved successfully.

C:\Users\Boris\AppData\Roaming\11016 folder moved successfully.

C:\Windows\rundll16.exe folder moved successfully.

C:\Windows\logo1_.exe folder moved successfully.

C:\Users\Boris\AppData\Roaming\11015\components folder moved successfully.

C:\Users\Boris\AppData\Roaming\11015 folder moved successfully.

C:\Users\Boris\AppData\Roaming\11014\components folder moved successfully.

C:\Users\Boris\AppData\Roaming\11014 folder moved successfully.

C:\Users\Boris\AppData\Roaming\11013\components folder moved successfully.

C:\Users\Boris\AppData\Roaming\11013 folder moved successfully.

C:\Users\Boris\AppData\Roaming\11012\components folder moved successfully.

C:\Users\Boris\AppData\Roaming\11012 folder moved successfully.

C:\Users\Boris\AppData\Roaming\UAs folder moved successfully.

C:\Users\Boris\AppData\Roaming\11009\components folder moved successfully.

C:\Users\Boris\AppData\Roaming\11009 folder moved successfully.

ADS C:\ProgramData\TEMP:64217CD0 deleted successfully.

ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.

========== FILES ==========

Folder move failed. C:\Windows\$NtUninstallKB9818$\TxR scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB9818$\systemprofile\Vorlagen folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Videos folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Startmenü folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\SendTo folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Searches folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Saved Games folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Recent folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Pictures\Slide Shows folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Pictures folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Netzwerkumgebung folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Music\Playlists folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Music folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Lokale Einstellungen folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Links folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Favorites folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Eigene Dateien folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Druckumgebung folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Downloads folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Documents\Eigene Videos folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Documents\Eigene Musik folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Documents\Eigene Bilder folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Documents folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Desktop folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Cookies folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\Contacts folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2011\Backups folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software\TU2011 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\TuneUp Software folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Templates folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programme folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Recent folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Speech\Files folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Speech folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\NK9TARKA folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Adobe folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun\Java folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Sun folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\LocalLow folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Verlauf folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Temporary Internet Files folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Sidebar\Gadgets folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Sidebar folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery\Original Images folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5NKMPNM folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NUGUF235 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDHZW5F5 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YX8NGXU folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012050820120509 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\GameExplorer folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows\Burn folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Microsoft folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Google\Custom Buttons folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Google\CrashReports folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Google folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\Anwendungsdaten folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB9818$\systemprofile\Anwendungsdaten folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\RegBack scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB9818$\Journal folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB9818$ scheduled to be moved on reboot.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Boris

->Temp folder emptied: 50477492 bytes

->Temporary Internet Files folder emptied: 14573876 bytes

->Java cache emptied: 7289 bytes

->FireFox cache emptied: 821149206 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 66089 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2021561 bytes

RecycleBin emptied: 19902461 bytes

 

Total Files Cleaned = 866,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Boris

->Flash cache emptied: 0 bytes

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.2 log created on 05082012_143219
 

Files\Folders moved on Reboot...

Folder move failed. C:\Windows\$NtUninstallKB9818$\TxR scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully.

C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Local folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\RegBack scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\TxR scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\systemprofile scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$\RegBack scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB9818$ scheduled to be moved on reboot.

File\Folder C:\Windows\temp\TMP0000000ABBB1933184CDD6FF not found!
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

hab den scan druchgeführt. kannst du denn jetzt schon genaueres sagen womit ichs vielleicht zu tun habe? wär nett wenn du die frage beantwortest

Code:

17:08:15.0010 4740        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

17:08:16.0960 4740        ============================================================

17:08:16.0960 4740        Current date / time: 2012/05/08 17:08:16.0960

17:08:16.0960 4740        SystemInfo:

17:08:16.0960 4740        

17:08:16.0960 4740        OS Version: 6.0.6002 ServicePack: 2.0

17:08:16.0960 4740        Product type: Workstation

17:08:16.0960 4740        ComputerName: BORIS-PC

17:08:16.0960 4740        UserName: Boris

17:08:16.0960 4740        Windows directory: C:\Windows

17:08:16.0960 4740        System windows directory: C:\Windows

17:08:16.0960 4740        Processor architecture: Intel x86

17:08:16.0960 4740        Number of processors: 2

17:08:16.0960 4740        Page size: 0x1000

17:08:16.0960 4740        Boot type: Normal boot

17:08:16.0960 4740        ============================================================

17:08:17.0319 4740        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:08:17.0381 4740        ============================================================

17:08:17.0381 4740        \Device\Harddisk0\DR0:

17:08:17.0381 4740        MBR partitions:

17:08:17.0381 4740        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x2382DAB0

17:08:17.0381 4740        ============================================================

17:08:17.0490 4740        C: <-> \Device\Harddisk0\DR0\Partition0

17:08:17.0490 4740        ============================================================

17:08:17.0490 4740        Initialize success

17:08:17.0490 4740        ============================================================

17:08:42.0669 4860        ============================================================

17:08:42.0669 4860        Scan started

17:08:42.0669 4860        Mode: Manual; SigCheck; TDLFS; 

17:08:42.0669 4860        ============================================================

17:08:43.0277 4860        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

17:08:43.0355 4860        ACPI - ok

17:08:43.0433 4860        AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

17:08:43.0433 4860        AdobeActiveFileMonitor6.0 - ok

17:08:43.0480 4860        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

17:08:43.0511 4860        adp94xx - ok

17:08:43.0542 4860        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

17:08:43.0558 4860        adpahci - ok

17:08:43.0605 4860        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

17:08:43.0620 4860        adpu160m - ok

17:08:43.0636 4860        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

17:08:43.0651 4860        adpu320 - ok

17:08:43.0698 4860        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

17:08:43.0761 4860        AeLookupSvc - ok

17:08:43.0807 4860        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

17:08:43.0854 4860        AFD - ok

17:08:43.0885 4860        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

17:08:43.0901 4860        agp440 - ok

17:08:43.0917 4860        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

17:08:43.0932 4860        aic78xx - ok

17:08:44.0057 4860        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

17:08:44.0151 4860        ALG - ok

17:08:44.0166 4860        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

17:08:44.0182 4860        aliide - ok

17:08:44.0213 4860        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

17:08:44.0213 4860        amdagp - ok

17:08:44.0229 4860        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

17:08:44.0244 4860        amdide - ok

17:08:44.0260 4860        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

17:08:44.0291 4860        AmdK7 - ok

17:08:44.0291 4860        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

17:08:44.0322 4860        AmdK8 - ok

17:08:44.0385 4860        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe

17:08:44.0400 4860        AntiVirSchedulerService - ok

17:08:44.0431 4860        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

17:08:44.0447 4860        AntiVirService - ok

17:08:44.0494 4860        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

17:08:44.0525 4860        Appinfo - ok

17:08:44.0556 4860        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

17:08:44.0556 4860        arc - ok

17:08:44.0603 4860        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

17:08:44.0603 4860        arcsas - ok

17:08:44.0962 4860        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

17:08:44.0977 4860        aspnet_state - ok

17:08:45.0009 4860        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

17:08:45.0055 4860        AsyncMac - ok

17:08:45.0071 4860        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

17:08:45.0087 4860        atapi - ok

17:08:45.0118 4860        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

17:08:45.0149 4860        atksgt - ok

17:08:45.0196 4860        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

17:08:45.0227 4860        AudioEndpointBuilder - ok

17:08:45.0227 4860        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

17:08:45.0243 4860        Audiosrv - ok

17:08:45.0321 4860        Autodesk Licensing Service (17681266e789ba928cbed70dd58ee4b1) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

17:08:45.0321 4860        Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning

17:08:45.0321 4860        Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)

17:08:45.0352 4860        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys

17:08:45.0367 4860        avgntflt - ok

17:08:45.0383 4860        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys

17:08:45.0399 4860        avipbb - ok

17:08:45.0414 4860        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

17:08:45.0414 4860        avkmgr - ok

17:08:45.0477 4860        BazisVirtualCDBus (85939efff66a851c59a9c25d62e9e24c) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys

17:08:45.0492 4860        BazisVirtualCDBus ( UnsignedFile.Multi.Generic ) - warning

17:08:45.0492 4860        BazisVirtualCDBus - detected UnsignedFile.Multi.Generic (1)

17:08:45.0508 4860        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

17:08:45.0555 4860        Beep - ok

17:08:45.0586 4860        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

17:08:45.0617 4860        BFE - ok

17:08:45.0664 4860        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

17:08:45.0742 4860        BITS - ok

17:08:45.0757 4860        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

17:08:45.0789 4860        blbdrive - ok

17:08:45.0804 4860        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

17:08:45.0835 4860        bowser - ok

17:08:45.0867 4860        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

17:08:45.0882 4860        BrFiltLo - ok

17:08:45.0898 4860        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

17:08:45.0945 4860        BrFiltUp - ok

17:08:45.0960 4860        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

17:08:45.0991 4860        Browser - ok

17:08:46.0038 4860        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

17:08:46.0147 4860        Brserid - ok

17:08:46.0194 4860        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

17:08:46.0241 4860        BrSerWdm - ok

17:08:46.0272 4860        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

17:08:46.0303 4860        BrUsbMdm - ok

17:08:46.0319 4860        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

17:08:46.0366 4860        BrUsbSer - ok

17:08:46.0413 4860        BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

17:08:46.0444 4860        BthEnum - ok

17:08:46.0475 4860        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

17:08:46.0506 4860        BTHMODEM - ok

17:08:46.0537 4860        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

17:08:46.0569 4860        BthPan - ok

17:08:46.0647 4860        BTHPORT         (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys

17:08:46.0678 4860        BTHPORT - ok

17:08:46.0725 4860        BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll

17:08:46.0756 4860        BthServ - ok

17:08:46.0771 4860        BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys

17:08:46.0803 4860        BTHUSB - ok

17:08:46.0818 4860        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

17:08:46.0865 4860        cdfs - ok

17:08:46.0881 4860        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

17:08:46.0912 4860        cdrom - ok

17:08:46.0943 4860        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

17:08:46.0974 4860        CertPropSvc - ok

17:08:47.0115 4860        CGVPNCliSrvc    (13cee66949534cc98a7125174a6e502f) C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe

17:08:47.0239 4860        CGVPNCliSrvc - ok

17:08:47.0364 4860        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

17:08:47.0395 4860        circlass - ok

17:08:47.0427 4860        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

17:08:47.0442 4860        CLFS - ok

17:08:47.0473 4860        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:08:47.0489 4860        clr_optimization_v2.0.50727_32 - ok

17:08:47.0536 4860        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:08:47.0551 4860        clr_optimization_v4.0.30319_32 - ok

17:08:47.0583 4860        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

17:08:47.0583 4860        cmdide - ok

17:08:47.0598 4860        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

17:08:47.0614 4860        Compbatt - ok

17:08:47.0614 4860        COMSysApp - ok

17:08:47.0629 4860        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

17:08:47.0645 4860        crcdisk - ok

17:08:47.0645 4860        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

17:08:47.0692 4860        Crusoe - ok

17:08:47.0723 4860        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

17:08:47.0739 4860        CryptSvc - ok

17:08:47.0785 4860        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

17:08:47.0832 4860        DcomLaunch - ok

17:08:47.0879 4860        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

17:08:47.0910 4860        DfsC - ok

17:08:48.0019 4860        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

17:08:48.0238 4860        DFSR - ok

17:08:48.0347 4860        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

17:08:48.0378 4860        Dhcp - ok

17:08:48.0425 4860        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

17:08:48.0441 4860        disk - ok

17:08:48.0472 4860        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

17:08:48.0519 4860        Dnscache - ok

17:08:48.0550 4860        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

17:08:48.0565 4860        dot3svc - ok

17:08:48.0597 4860        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

17:08:48.0628 4860        DPS - ok

17:08:48.0675 4860        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

17:08:48.0690 4860        drmkaud - ok

17:08:48.0737 4860        dtsoftbus01     (16c5891c6d1fa0b5d9014f85a482eb20) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

17:08:48.0753 4860        dtsoftbus01 - ok

17:08:48.0799 4860        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

17:08:48.0815 4860        DXGKrnl - ok

17:08:48.0862 4860        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

17:08:48.0893 4860        E1G60 - ok

17:08:48.0909 4860        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

17:08:48.0940 4860        EapHost - ok

17:08:48.0987 4860        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

17:08:48.0987 4860        Ecache - ok

17:08:49.0049 4860        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

17:08:49.0065 4860        ehRecvr - ok

17:08:49.0096 4860        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

17:08:49.0127 4860        ehSched - ok

17:08:49.0143 4860        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

17:08:49.0158 4860        ehstart - ok

17:08:49.0205 4860        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

17:08:49.0236 4860        elxstor - ok

17:08:49.0283 4860        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

17:08:49.0345 4860        EMDMgmt - ok

17:08:49.0392 4860        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

17:08:49.0423 4860        ErrDev - ok

17:08:49.0517 4860        ETService       (23112102bc2a8fe44b8ac44a05bdf4c3) C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe

17:08:49.0517 4860        ETService ( UnsignedFile.Multi.Generic ) - warning

17:08:49.0517 4860        ETService - detected UnsignedFile.Multi.Generic (1)

17:08:49.0548 4860        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

17:08:49.0579 4860        EventSystem - ok

17:08:49.0626 4860        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

17:08:49.0673 4860        exfat - ok

17:08:49.0720 4860        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

17:08:49.0767 4860        fastfat - ok

17:08:49.0845 4860        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

17:08:49.0860 4860        fdc - ok

17:08:49.0891 4860        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

17:08:49.0907 4860        fdPHost - ok

17:08:49.0923 4860        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

17:08:49.0969 4860        FDResPub - ok

17:08:49.0985 4860        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

17:08:49.0985 4860        FileInfo - ok

17:08:50.0001 4860        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

17:08:50.0032 4860        Filetrace - ok

17:08:50.0110 4860        FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

17:08:50.0157 4860        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

17:08:50.0157 4860        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

17:08:50.0172 4860        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

17:08:50.0219 4860        flpydisk - ok

17:08:50.0250 4860        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

17:08:50.0266 4860        FltMgr - ok

17:08:50.0328 4860        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

17:08:50.0422 4860        FontCache - ok

17:08:50.0469 4860        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

17:08:50.0469 4860        FontCache3.0.0.0 - ok

17:08:50.0500 4860        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

17:08:50.0531 4860        Fs_Rec - ok

17:08:50.0562 4860        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

17:08:50.0562 4860        gagp30kx - ok

17:08:50.0656 4860        GenericHidService - ok

17:08:50.0718 4860        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

17:08:50.0749 4860        gpsvc - ok

17:08:50.0859 4860        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

17:08:50.0859 4860        gupdate - ok

17:08:50.0874 4860        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

17:08:50.0874 4860        gupdatem - ok

17:08:50.0921 4860        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

17:08:50.0937 4860        gusvc - ok

17:08:50.0968 4860        hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

17:08:50.0983 4860        hamachi - ok

17:08:51.0061 4860        Hamachi2Svc     (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

17:08:51.0108 4860        Hamachi2Svc - ok

17:08:51.0217 4860        hamachi_oem     (c25c70fd4d49391091d9eb8c747f19e6) C:\Windows\system32\DRIVERS\gan_adapter.sys

17:08:51.0233 4860        hamachi_oem ( UnsignedFile.Multi.Generic ) - warning

17:08:51.0233 4860        hamachi_oem - detected UnsignedFile.Multi.Generic (1)

17:08:51.0280 4860        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

17:08:51.0342 4860        HdAudAddService - ok

17:08:51.0389 4860        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:08:51.0451 4860        HDAudBus - ok

17:08:51.0467 4860        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

17:08:51.0514 4860        HidBth - ok

17:08:51.0545 4860        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

17:08:51.0592 4860        HidIr - ok

17:08:51.0623 4860        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

17:08:51.0623 4860        hidserv - ok

17:08:51.0654 4860        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

17:08:51.0685 4860        HidUsb - ok

17:08:51.0701 4860        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

17:08:51.0732 4860        hkmsvc - ok

17:08:51.0748 4860        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

17:08:51.0763 4860        HpCISSs - ok

17:08:51.0795 4860        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

17:08:51.0841 4860        HTTP - ok

17:08:51.0919 4860        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

17:08:51.0919 4860        i2omp - ok

17:08:51.0966 4860        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

17:08:51.0997 4860        i8042prt - ok

17:08:52.0029 4860        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

17:08:52.0029 4860        iaStorV - ok

17:08:52.0263 4860        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

17:08:52.0263 4860        IDriverT ( UnsignedFile.Multi.Generic ) - warning

17:08:52.0263 4860        IDriverT - detected UnsignedFile.Multi.Generic (1)

17:08:52.0590 4860        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:08:52.0621 4860        idsvc - ok

17:08:52.0746 4860        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

17:08:52.0746 4860        iirsp - ok

17:08:52.0777 4860        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

17:08:52.0809 4860        IKEEXT - ok

17:08:52.0855 4860        int15           (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys

17:08:52.0855 4860        int15 - ok

17:08:52.0965 4860        IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys

17:08:53.0121 4860        IntcAzAudAddService - ok

17:08:53.0261 4860        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

17:08:53.0261 4860        intelide - ok

17:08:53.0292 4860        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

17:08:53.0323 4860        intelppm - ok

17:08:53.0355 4860        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

17:08:53.0370 4860        IPBusEnum - ok

17:08:53.0448 4860        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:08:53.0479 4860        IpFilterDriver - ok

17:08:53.0511 4860        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

17:08:53.0542 4860        iphlpsvc - ok

17:08:53.0557 4860        IpInIp - ok

17:08:53.0620 4860        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

17:08:53.0651 4860        IPMIDRV - ok

17:08:53.0667 4860        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

17:08:53.0698 4860        IPNAT - ok

17:08:53.0745 4860        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

17:08:53.0776 4860        IRENUM - ok

17:08:53.0807 4860        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

17:08:53.0823 4860        isapnp - ok

17:08:53.0869 4860        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

17:08:53.0885 4860        iScsiPrt - ok

17:08:53.0901 4860        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

17:08:53.0916 4860        iteatapi - ok

17:08:53.0916 4860        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

17:08:53.0932 4860        iteraid - ok

17:08:53.0947 4860        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:08:53.0963 4860        kbdclass - ok

17:08:53.0963 4860        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

17:08:53.0994 4860        kbdhid - ok

17:08:54.0025 4860        KeyIso          (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

17:08:54.0041 4860        KeyIso - ok

17:08:54.0072 4860        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

17:08:54.0088 4860        KSecDD - ok

17:08:54.0150 4860        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

17:08:54.0213 4860        KtmRm - ok

17:08:54.0322 4860        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

17:08:54.0337 4860        LanmanServer - ok

17:08:54.0400 4860        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

17:08:54.0431 4860        LanmanWorkstation - ok

17:08:54.0478 4860        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

17:08:54.0478 4860        lirsgt - ok

17:08:54.0509 4860        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

17:08:54.0540 4860        lltdio - ok

17:08:54.0603 4860        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

17:08:54.0634 4860        lltdsvc - ok

17:08:54.0681 4860        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

17:08:54.0727 4860        lmhosts - ok

17:08:54.0759 4860        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

17:08:54.0759 4860        LSI_FC - ok

17:08:54.0774 4860        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

17:08:54.0790 4860        LSI_SAS - ok

17:08:54.0837 4860        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

17:08:54.0837 4860        LSI_SCSI - ok

17:08:54.0868 4860        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

17:08:54.0883 4860        luafv - ok

17:08:54.0930 4860        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

17:08:54.0930 4860        MBAMProtector - ok

17:08:55.0024 4860        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

17:08:55.0071 4860        MBAMService - ok

17:08:55.0102 4860        mcdbus          (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

17:08:55.0117 4860        mcdbus ( UnsignedFile.Multi.Generic ) - warning

17:08:55.0117 4860        mcdbus - detected UnsignedFile.Multi.Generic (1)

17:08:55.0133 4860        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

17:08:55.0149 4860        Mcx2Svc - ok

17:08:55.0180 4860        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

17:08:55.0195 4860        megasas - ok

17:08:55.0227 4860        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

17:08:55.0258 4860        MegaSR - ok

17:08:55.0305 4860        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

17:08:55.0336 4860        MMCSS - ok

17:08:55.0383 4860        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

17:08:55.0429 4860        Modem - ok

17:08:55.0461 4860        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

17:08:55.0476 4860        monitor - ok

17:08:55.0554 4860        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

17:08:55.0570 4860        mouclass - ok

17:08:55.0585 4860        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

17:08:55.0617 4860        mouhid - ok

17:08:55.0632 4860        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

17:08:55.0632 4860        MountMgr - ok

17:08:55.0663 4860        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

17:08:55.0679 4860        mpio - ok

17:08:55.0695 4860        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

17:08:55.0710 4860        mpsdrv - ok

17:08:55.0741 4860        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

17:08:55.0773 4860        MpsSvc - ok

17:08:55.0804 4860        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

17:08:55.0804 4860        Mraid35x - ok

17:08:55.0835 4860        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

17:08:55.0882 4860        MRxDAV - ok

17:08:55.0913 4860        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:08:55.0944 4860        mrxsmb - ok

17:08:55.0975 4860        mrxsmb10        (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:08:55.0991 4860        mrxsmb10 - ok

17:08:55.0991 4860        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:08:56.0022 4860        mrxsmb20 - ok

17:08:56.0038 4860        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

17:08:56.0053 4860        msahci - ok

17:08:56.0069 4860        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

17:08:56.0085 4860        msdsm - ok

17:08:56.0116 4860        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

17:08:56.0163 4860        MSDTC - ok

17:08:56.0194 4860        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

17:08:56.0225 4860        Msfs - ok

17:08:56.0256 4860        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

17:08:56.0256 4860        msisadrv - ok

17:08:56.0303 4860        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

17:08:56.0319 4860        MSiSCSI - ok

17:08:56.0334 4860        msiserver - ok

17:08:56.0365 4860        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

17:08:56.0397 4860        MSKSSRV - ok

17:08:56.0412 4860        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

17:08:56.0443 4860        MSPCLOCK - ok

17:08:56.0459 4860        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

17:08:56.0490 4860        MSPQM - ok

17:08:56.0521 4860        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

17:08:56.0537 4860        MsRPC - ok

17:08:56.0537 4860        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

17:08:56.0553 4860        mssmbios - ok

17:08:56.0599 4860        MSSQL$SQLEXPRESS - ok

17:08:56.0631 4860        MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

17:08:56.0646 4860        MSSQLServerADHelper100 - ok

17:08:56.0662 4860        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

17:08:56.0693 4860        MSTEE - ok

17:08:56.0740 4860        MTOnlPktAlyX    (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS

17:08:56.0740 4860        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning

17:08:56.0740 4860        MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)

17:08:56.0771 4860        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

17:08:56.0787 4860        Mup - ok

17:08:56.0802 4860        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

17:08:56.0833 4860        napagent - ok

17:08:56.0865 4860        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

17:08:56.0880 4860        NativeWifiP - ok

17:08:56.0927 4860        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

17:08:56.0958 4860        NDIS - ok

17:08:57.0005 4860        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

17:08:57.0036 4860        NdisTapi - ok

17:08:57.0067 4860        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

17:08:57.0083 4860        Ndisuio - ok

17:08:57.0114 4860        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:08:57.0130 4860        NdisWan - ok

17:08:57.0145 4860        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

17:08:57.0161 4860        NDProxy - ok

17:08:57.0286 4860        Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

17:08:57.0317 4860        Nero BackItUp Scheduler 3 - ok

17:08:57.0379 4860        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

17:08:57.0426 4860        NetBIOS - ok

17:08:57.0442 4860        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

17:08:57.0473 4860        netbt - ok

17:08:57.0489 4860        Netlogon        (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

17:08:57.0504 4860        Netlogon - ok

17:08:57.0535 4860        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

17:08:57.0567 4860        Netman - ok

17:08:57.0645 4860        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

17:08:57.0645 4860        NetMsmqActivator - ok

17:08:57.0660 4860        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

17:08:57.0660 4860        NetPipeActivator - ok

17:08:57.0691 4860        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

17:08:57.0723 4860        netprofm - ok

17:08:57.0723 4860        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

17:08:57.0738 4860        NetTcpActivator - ok

17:08:57.0738 4860        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

17:08:57.0754 4860        NetTcpPortSharing - ok

17:08:57.0785 4860        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

17:08:57.0785 4860        nfrd960 - ok

17:08:57.0816 4860        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

17:08:57.0847 4860        NlaSvc - ok

17:08:57.0957 4860        NMIndexingService (cd4326bc339f98de21aa07b208a305ae) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

17:08:57.0988 4860        NMIndexingService - ok

17:08:58.0019 4860        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

17:08:58.0035 4860        Npfs - ok

17:08:58.0050 4860        npggsvc - ok

17:08:58.0066 4860        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

17:08:58.0097 4860        nsi - ok

17:08:58.0144 4860        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

17:08:58.0159 4860        nsiproxy - ok

17:08:58.0237 4860        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

17:08:58.0284 4860        Ntfs - ok

17:08:58.0315 4860        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:08:58.0347 4860        ntrigdigi - ok

17:08:58.0378 4860        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:08:58.0409 4860        Null - ok

17:08:58.0471 4860        NVHDA           (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys

17:08:58.0471 4860        NVHDA - ok

17:08:58.0815 4860        nvlddmkm        (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:08:59.0064 4860        nvlddmkm - ok

17:08:59.0158 4860        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

17:08:59.0173 4860        nvraid - ok

17:08:59.0189 4860        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

17:08:59.0205 4860        nvstor - ok

17:08:59.0220 4860        nvstor32        (4876e7c3184bdf50ede043fef616b867) C:\Windows\system32\DRIVERS\nvstor32.sys

17:08:59.0236 4860        nvstor32 - ok

17:08:59.0283 4860        nvsvc           (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe

17:08:59.0298 4860        nvsvc - ok

17:08:59.0454 4860        nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

17:08:59.0595 4860        nvUpdatusService - ok

17:08:59.0751 4860        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

17:08:59.0766 4860        nv_agp - ok

17:08:59.0766 4860        NwlnkFlt - ok

17:08:59.0782 4860        NwlnkFwd - ok

17:08:59.0860 4860        odserv          (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

17:08:59.0891 4860        odserv - ok

17:08:59.0938 4860        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

17:08:59.0985 4860        ohci1394 - ok

17:09:00.0031 4860        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:09:00.0047 4860        ose - ok

17:09:00.0094 4860        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

17:09:00.0156 4860        p2pimsvc - ok

17:09:00.0172 4860        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

17:09:00.0265 4860        p2psvc - ok

17:09:00.0297 4860        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

17:09:00.0343 4860        Parport - ok

17:09:00.0375 4860        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

17:09:00.0375 4860        partmgr - ok

17:09:00.0390 4860        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

17:09:00.0437 4860        Parvdm - ok

17:09:00.0453 4860        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

17:09:00.0484 4860        PcaSvc - ok

17:09:00.0515 4860        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

17:09:00.0515 4860        pci - ok

17:09:00.0546 4860        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

17:09:00.0546 4860        pciide - ok

17:09:00.0577 4860        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

17:09:00.0593 4860        pcmcia - ok

17:09:00.0640 4860        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:09:00.0702 4860        PEAUTH - ok

17:09:00.0749 4860        phmcd           (635b51b680014b22df8030e57a4ea2c0) C:\Windows\system32\DRIVERS\phmcd.sys

17:09:00.0765 4860        phmcd - ok

17:09:00.0811 4860        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

17:09:00.0905 4860        pla - ok

17:09:00.0999 4860        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe

17:09:01.0014 4860        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning

17:09:01.0014 4860        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)

17:09:01.0045 4860        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

17:09:01.0077 4860        PlugPlay - ok

17:09:01.0108 4860        PnkBstrA        (a1dd33d16f277ce34124ee52ab2c0f14) C:\Windows\system32\PnkBstrA.exe

17:09:01.0108 4860        PnkBstrA - ok

17:09:01.0139 4860        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

17:09:01.0201 4860        PNRPAutoReg - ok

17:09:01.0201 4860        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

17:09:01.0248 4860        PNRPsvc - ok

17:09:01.0295 4860        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

17:09:01.0342 4860        PolicyAgent - ok

17:09:01.0373 4860        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:09:01.0404 4860        PptpMiniport - ok

17:09:01.0451 4860        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

17:09:01.0467 4860        Processor - ok

17:09:01.0498 4860        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

17:09:01.0529 4860        ProfSvc - ok

17:09:01.0529 4860        ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

17:09:01.0545 4860        ProtectedStorage - ok

17:09:01.0576 4860        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

17:09:01.0607 4860        PSched - ok

17:09:01.0623 4860        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys

17:09:01.0623 4860        PxHelp20 - ok

17:09:01.0685 4860        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

17:09:01.0732 4860        ql2300 - ok

17:09:01.0763 4860        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:09:01.0779 4860        ql40xx - ok

17:09:01.0810 4860        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

17:09:01.0825 4860        QWAVE - ok

17:09:01.0841 4860        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:09:01.0857 4860        QWAVEdrv - ok

17:09:01.0857 4860        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:09:01.0903 4860        RasAcd - ok

17:09:01.0966 4860        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

17:09:01.0997 4860        RasAuto - ok

17:09:01.0997 4860        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:09:02.0044 4860        Rasl2tp - ok

17:09:02.0059 4860        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

17:09:02.0075 4860        RasMan - ok

17:09:02.0106 4860        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

17:09:02.0122 4860        RasPppoe - ok

17:09:02.0137 4860        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

17:09:02.0137 4860        RasSstp - ok

17:09:02.0200 4860        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

17:09:02.0231 4860        rdbss - ok

17:09:02.0247 4860        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:09:02.0278 4860        RDPCDD - ok

17:09:02.0325 4860        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

17:09:02.0356 4860        rdpdr - ok

17:09:02.0356 4860        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:09:02.0371 4860        RDPENCDD - ok

17:09:02.0403 4860        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

17:09:02.0434 4860        RDPWD - ok

17:09:02.0481 4860        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

17:09:02.0496 4860        RemoteAccess - ok

17:09:02.0512 4860        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

17:09:02.0527 4860        RemoteRegistry - ok

17:09:02.0574 4860        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

17:09:02.0590 4860        RFCOMM - ok

17:09:02.0637 4860        ROOTMODEM       (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

17:09:02.0668 4860        ROOTMODEM - ok

17:09:02.0699 4860        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

17:09:02.0730 4860        RpcLocator - ok

17:09:02.0777 4860        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

17:09:02.0824 4860        RpcSs - ok

17:09:02.0886 4860        RsFx0103        (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys

17:09:02.0886 4860        RsFx0103 - ok

17:09:02.0917 4860        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:09:02.0964 4860        rspndr - ok

17:09:02.0980 4860        RTL8169         (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys

17:09:03.0027 4860        RTL8169 - ok

17:09:03.0042 4860        SamSs           (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe

17:09:03.0058 4860        SamSs - ok

17:09:03.0073 4860        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:09:03.0089 4860        sbp2port - ok

17:09:03.0120 4860        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

17:09:03.0136 4860        SCardSvr - ok

17:09:03.0167 4860        SCDEmu          (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys

17:09:03.0183 4860        SCDEmu ( UnsignedFile.Multi.Generic ) - warning

17:09:03.0183 4860        SCDEmu - detected UnsignedFile.Multi.Generic (1)

17:09:03.0229 4860        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

17:09:03.0292 4860        Schedule - ok

17:09:03.0307 4860        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

17:09:03.0323 4860        SCPolicySvc - ok

17:09:03.0354 4860        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

17:09:03.0370 4860        SDRSVC - ok

17:09:03.0401 4860        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:09:03.0432 4860        secdrv - ok

17:09:03.0479 4860        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

17:09:03.0510 4860        seclogon - ok

17:09:03.0541 4860        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

17:09:03.0588 4860        SENS - ok

17:09:03.0635 4860        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

17:09:03.0666 4860        Serenum - ok

17:09:03.0697 4860        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

17:09:03.0729 4860        Serial - ok

17:09:03.0760 4860        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:09:03.0775 4860        sermouse - ok

17:09:03.0807 4860        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

17:09:03.0838 4860        SessionEnv - ok

17:09:03.0853 4860        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

17:09:03.0869 4860        sffdisk - ok

17:09:03.0885 4860        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

17:09:03.0916 4860        sffp_mmc - ok

17:09:03.0931 4860        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

17:09:03.0947 4860        sffp_sd - ok

17:09:03.0963 4860        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:09:03.0994 4860        sfloppy - ok

17:09:04.0025 4860        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

17:09:04.0072 4860        SharedAccess - ok

17:09:04.0087 4860        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

17:09:04.0134 4860        ShellHWDetection - ok

17:09:04.0150 4860        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

17:09:04.0165 4860        sisagp - ok

17:09:04.0181 4860        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

17:09:04.0197 4860        SiSRaid2 - ok

17:09:04.0212 4860        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

17:09:04.0228 4860        SiSRaid4 - ok

17:09:04.0337 4860        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

17:09:04.0446 4860        slsvc - ok

17:09:04.0571 4860        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

17:09:04.0602 4860        SLUINotify - ok

17:09:04.0649 4860        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

17:09:04.0665 4860        Smb - ok

17:09:04.0680 4860        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

17:09:04.0696 4860        SNMPTRAP - ok

17:09:04.0711 4860        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:09:04.0727 4860        spldr - ok

17:09:04.0743 4860        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

17:09:04.0774 4860        Spooler - ok

17:09:04.0836 4860        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

17:09:04.0836 4860        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

17:09:04.0836 4860        sptd ( LockedFile.Multi.Generic ) - warning

17:09:04.0836 4860        sptd - detected LockedFile.Multi.Generic (1)

17:09:04.0914 4860        SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

17:09:04.0945 4860        SQLAgent$SQLEXPRESS - ok

17:09:04.0977 4860        SQLBrowser      (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

17:09:04.0977 4860        SQLBrowser - ok

17:09:05.0008 4860        SQLWriter       (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

17:09:05.0008 4860        SQLWriter - ok

17:09:05.0101 4860        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

17:09:05.0179 4860        srv - ok

17:09:05.0211 4860        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

17:09:05.0257 4860        srv2 - ok

17:09:05.0304 4860        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

17:09:05.0304 4860        srvnet - ok

17:09:05.0335 4860        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

17:09:05.0367 4860        SSDPSRV - ok

17:09:05.0398 4860        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

17:09:05.0413 4860        ssmdrv - ok

17:09:05.0445 4860        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

17:09:05.0460 4860        SstpSvc - ok

17:09:05.0491 4860        Steam Client Service - ok

17:09:05.0523 4860        Stereo Service  (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

17:09:05.0538 4860        Stereo Service - ok

17:09:05.0585 4860        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

17:09:05.0616 4860        stisvc - ok

17:09:05.0632 4860        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:09:05.0632 4860        swenum - ok

17:09:05.0663 4860        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

17:09:05.0679 4860        swprv - ok

17:09:05.0710 4860        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:09:05.0710 4860        Symc8xx - ok

17:09:05.0741 4860        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:09:05.0741 4860        Sym_hi - ok

17:09:05.0757 4860        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:09:05.0757 4860        Sym_u3 - ok

17:09:05.0803 4860        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

17:09:05.0850 4860        SysMain - ok

17:09:05.0881 4860        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

17:09:05.0897 4860        TabletInputService - ok

17:09:05.0913 4860        tap0901         (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys

17:09:05.0944 4860        tap0901 - ok

17:09:05.0959 4860        tap0901t        (b7aee68d2e867cbf69b649b18fcedbbb) C:\Windows\system32\DRIVERS\tap0901t.sys

17:09:05.0975 4860        tap0901t - ok

17:09:06.0022 4860        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

17:09:06.0053 4860        TapiSrv - ok

17:09:06.0084 4860        TBPanel         (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys

17:09:06.0084 4860        TBPanel - ok

17:09:06.0115 4860        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

17:09:06.0147 4860        TBS - ok

17:09:06.0193 4860        Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

17:09:06.0225 4860        Tcpip - ok

17:09:06.0240 4860        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

17:09:06.0271 4860        Tcpip6 - ok

17:09:06.0318 4860        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

17:09:06.0365 4860        tcpipreg - ok

17:09:06.0396 4860        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:09:06.0427 4860        TDPIPE - ok

17:09:06.0474 4860        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:09:06.0505 4860        TDTCP - ok

17:09:06.0521 4860        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

17:09:06.0552 4860        tdx - ok

17:09:06.0568 4860        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

17:09:06.0568 4860        TermDD - ok

17:09:06.0615 4860        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

17:09:06.0630 4860        TermService - ok

17:09:06.0677 4860        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

17:09:06.0693 4860        Themes - ok

17:09:06.0708 4860        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

17:09:06.0739 4860        THREADORDER - ok

17:09:06.0817 4860        TOSHIBA Bluetooth Service (ac88d258f20909eeb91796f490cfbb73) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

17:09:06.0833 4860        TOSHIBA Bluetooth Service - ok

17:09:06.0849 4860        tosporte        (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys

17:09:06.0864 4860        tosporte - ok

17:09:06.0895 4860        Tosrfbd         (00371ce4da09b68ba0ff953e61820981) C:\Windows\system32\DRIVERS\tosrfbd.sys

17:09:06.0895 4860        Tosrfbd - ok

17:09:06.0927 4860        tosrfbnp        (74392bab3f0d4810da8436ec79d6955d) C:\Windows\system32\Drivers\tosrfbnp.sys

17:09:06.0927 4860        tosrfbnp - ok

17:09:06.0958 4860        Tosrfcom        (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys

17:09:06.0958 4860        Tosrfcom - ok

17:09:06.0973 4860        Tosrfhid        (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys

17:09:06.0989 4860        Tosrfhid - ok

17:09:07.0020 4860        tosrfnds        (b2a1a6538245fd69578224bbf2fd4677) C:\Windows\system32\DRIVERS\tosrfnds.sys

17:09:07.0020 4860        tosrfnds - ok

17:09:07.0051 4860        TosRfSnd        (f1ca74cca8241d8b8a024aecc643c547) C:\Windows\system32\drivers\tosrfsnd.sys

17:09:07.0067 4860        TosRfSnd - ok

17:09:07.0083 4860        Tosrfusb        (f400fb9616261a1b66e6d2e04b6c3538) C:\Windows\system32\DRIVERS\tosrfusb.sys

17:09:07.0083 4860        Tosrfusb - ok

17:09:07.0129 4860        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

17:09:07.0161 4860        TrkWks - ok

17:09:07.0192 4860        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

17:09:07.0207 4860        TrustedInstaller - ok

17:09:07.0239 4860        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:09:07.0254 4860        tssecsrv - ok

17:09:07.0348 4860        TuneUp.UtilitiesSvc (06569e1e2f7eb137abcebf753ceaac20) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

17:09:07.0395 4860        TuneUp.UtilitiesSvc - ok

17:09:07.0473 4860        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

17:09:07.0473 4860        TuneUpUtilitiesDrv - ok

17:09:07.0566 4860        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:09:07.0613 4860        tunmp - ok

17:09:07.0629 4860        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

17:09:07.0644 4860        tunnel - ok

17:09:07.0722 4860        TunngleService  (4a531079746d39026d975d3b02f7e452) C:\Program Files\Tunngle\TnglCtrl.exe

17:09:07.0738 4860        TunngleService - ok

17:09:07.0785 4860        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

17:09:07.0800 4860        uagp35 - ok

17:09:07.0816 4860        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

17:09:07.0847 4860        udfs - ok

17:09:07.0878 4860        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

17:09:07.0894 4860        UI0Detect - ok

17:09:07.0909 4860        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

17:09:07.0909 4860        uliagpkx - ok

17:09:07.0956 4860        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

17:09:07.0956 4860        uliahci - ok

17:09:07.0987 4860        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:09:08.0003 4860        UlSata - ok

17:09:08.0019 4860        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:09:08.0034 4860        ulsata2 - ok

17:09:08.0050 4860        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:09:08.0081 4860        umbus - ok

17:09:08.0097 4860        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

17:09:08.0143 4860        upnphost - ok

17:09:08.0175 4860        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

17:09:08.0190 4860        usbaudio - ok

17:09:08.0206 4860        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

17:09:08.0237 4860        usbccgp - ok

17:09:08.0253 4860        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:09:08.0284 4860        usbcir - ok

17:09:08.0331 4860        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

17:09:08.0346 4860        usbehci - ok

17:09:08.0377 4860        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

17:09:08.0409 4860        usbhub - ok

17:09:08.0440 4860        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

17:09:08.0455 4860        usbohci - ok

17:09:08.0471 4860        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

17:09:08.0518 4860        usbprint - ok

17:09:08.0533 4860        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:09:08.0549 4860        USBSTOR - ok

17:09:08.0565 4860        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

17:09:08.0596 4860        usbuhci - ok

17:09:08.0611 4860        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

17:09:08.0627 4860        UxSms - ok

17:09:08.0658 4860        UxTuneUp        (c400fee3b8c966685c6f6865a25a85a1) C:\Windows\System32\uxtuneup.dll

17:09:08.0674 4860        UxTuneUp - ok

17:09:08.0689 4860        VClone          (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys

17:09:08.0721 4860        VClone - ok

17:09:08.0736 4860        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

17:09:08.0799 4860        vds - ok

17:09:08.0830 4860        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

17:09:08.0861 4860        vga - ok

17:09:08.0877 4860        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:09:08.0908 4860        VgaSave - ok

17:09:08.0970 4860        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

17:09:08.0986 4860        viaagp - ok

17:09:09.0001 4860        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

17:09:09.0017 4860        ViaC7 - ok

17:09:09.0033 4860        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

17:09:09.0048 4860        viaide - ok

17:09:09.0064 4860        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:09:09.0064 4860        volmgr - ok

17:09:09.0095 4860        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

17:09:09.0111 4860        volmgrx - ok

17:09:09.0142 4860        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

17:09:09.0142 4860        volsnap - ok

17:09:09.0189 4860        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

17:09:09.0204 4860        vsmraid - ok

17:09:09.0267 4860        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

17:09:09.0345 4860        VSS - ok

17:09:09.0360 4860        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

17:09:09.0391 4860        W32Time - ok

17:09:09.0438 4860        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:09:09.0485 4860        WacomPen - ok

17:09:09.0501 4860        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:09:09.0516 4860        Wanarp - ok

17:09:09.0532 4860        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:09:09.0547 4860        Wanarpv6 - ok

17:09:09.0563 4860        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

17:09:09.0625 4860        wcncsvc - ok

17:09:09.0688 4860        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

17:09:09.0719 4860        WcsPlugInService - ok

17:09:09.0766 4860        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

17:09:09.0766 4860        Wd - ok

17:09:09.0797 4860        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

17:09:09.0813 4860        Wdf01000 - ok

17:09:09.0844 4860        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

17:09:09.0875 4860        WdiServiceHost - ok

17:09:09.0875 4860        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

17:09:09.0906 4860        WdiSystemHost - ok

17:09:09.0953 4860        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

17:09:09.0969 4860        WebClient - ok

17:09:09.0984 4860        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

17:09:10.0015 4860        Wecsvc - ok

17:09:10.0047 4860        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

17:09:10.0078 4860        wercplsupport - ok

17:09:10.0109 4860        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

17:09:10.0125 4860        WerSvc - ok

17:09:10.0187 4860        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

17:09:10.0203 4860        WinDefend - ok

17:09:10.0218 4860        WinHttpAutoProxySvc - ok

17:09:10.0265 4860        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

17:09:10.0296 4860        Winmgmt - ok

17:09:10.0343 4860        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

17:09:10.0405 4860        WinRM - ok

17:09:10.0468 4860        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

17:09:10.0515 4860        Wlansvc - ok

17:09:10.0577 4860        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:09:10.0593 4860        WmiAcpi - ok

17:09:10.0639 4860        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

17:09:10.0655 4860        wmiApSrv - ok

17:09:10.0749 4860        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

17:09:10.0811 4860        WMPNetworkSvc - ok

17:09:10.0827 4860        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

17:09:10.0858 4860        WPCSvc - ok

17:09:10.0889 4860        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

17:09:10.0936 4860        WPDBusEnum - ok

17:09:11.0076 4860        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

17:09:11.0154 4860        WPFFontCache_v0400 - ok

17:09:11.0217 4860        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:09:11.0263 4860        ws2ifsl - ok

17:09:11.0295 4860        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

17:09:11.0310 4860        wscsvc - ok

17:09:11.0310 4860        WSearch - ok

17:09:11.0404 4860        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

17:09:11.0497 4860        wuauserv - ok

17:09:11.0607 4860        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:09:11.0638 4860        WUDFRd - ok

17:09:11.0669 4860        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

17:09:11.0716 4860        wudfsvc - ok

17:09:11.0794 4860        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:09:11.0965 4860        \Device\Harddisk0\DR0 - ok

17:09:11.0965 4860        Boot (0x1200)   (be59a3d3ddb7b3e33df394f5ce29595e) \Device\Harddisk0\DR0\Partition0

17:09:11.0965 4860        \Device\Harddisk0\DR0\Partition0 - ok

17:09:11.0965 4860        ============================================================

17:09:11.0965 4860        Scan finished

17:09:11.0965 4860        ============================================================

17:09:11.0981 1484        Detected object count: 11

17:09:11.0981 1484        Actual detected object count: 11

17:10:11.0479 1484        Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0479 1484        Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0479 1484        BazisVirtualCDBus ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0479 1484        BazisVirtualCDBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0479 1484        ETService ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0479 1484        ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0479 1484        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0479 1484        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0479 1484        hamachi_oem ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0479 1484        hamachi_oem ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0495 1484        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0495 1484        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0495 1484        mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0495 1484        mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0495 1484        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0495 1484        MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0495 1484        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0495 1484        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0495 1484        SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

17:10:11.0495 1484        SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:10:11.0495 1484        sptd ( LockedFile.Multi.Generic ) - skipped by user

17:10:11.0495 1484        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Zitat:

kannst du denn jetzt schon genaueres sagen womit ichs vielleicht zu tun habe? wär nett wenn du die frage beantwortest

Genau sagen was vielleicht los sein könnte? Sry das macht so keinen Sinn :D
Ich kann sagen was los sein könnte, aber das macht eine Aussage nicht genau

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.