Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner: Survey says... ! (https://www.trojaner-board.de/128657-trojaner-survey-says.html)

KRaYZieGaMeR 27.12.2012 15:09
Trojaner: Survey says... !
 
Hallo Trojaner Board-Community!
Ich habe mir gestern "versehentlich" einen Trojaner gedownloadet, der mein Win 7-System total blockiert; d.h. der pc bildschirm ist komplett weiß und es öffnet sich ein Fenster mit dem Titel "Survey says...". Darin steht ich solle einen Survey ausfüllen, tue ich dies nicht wird mein System unnützlich gemacht. Es öffnet sich also der Browser, doch die Seite kann nicht zuende geladen werden, schließe ich den Trojaner ohne die richtige Nummer eingegeben zu haben zu bekomme ich eine Ermahnung, bei drei Ermahnungen wird ebenfalls win 7 unnützlich gemacht werden. Ich habe schon bei Neustart mit f8 eine Systemreparatur durchgeführt, doch der Trojaner öffnet sich erneut, jedoch erst nach ein paar Minuten, was mir ermöglicht win7 kurz zu benutzen und sogar pr ogramme zu öffnen. Alles im Bezug auf win7 wird vom trojaner geschlossen, programme bleiben geöffnet, so kann ich zum beispiel mein antivieren-programm (avg) öffnen, welches rund 350 fehler auf meinem pc erkennt und ich habe den kompletten download ordner inhqlt gelösxht. Ich weiß mir nun schon gar nicht mehr zu helfen! Bitte Helft mir, hab versucht so ausführlich wie möglich mein problem darzulegen!

markusg 27.12.2012 15:11
Hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

KRaYZieGaMeR 27.12.2012 19:18
Ok bin wieder da, kann aber etwas dauern, weil die Kopier-Funktion geblockt wird!
Ich kann aber dieses (0/0) nicht schreiben, oder ist das %?
Was soll ich nun machen?

...?

markusg 27.12.2012 19:34
Hi
dann starte neu, drücke f8, wähle abgesicherter Modus mit Netzwerk, melde dich im betroffenen Konto an, und versuchs mit otl erneut

KRaYZieGaMeR 27.12.2012 19:47
ok mach ich!

Is ja doch n % !

Welche Einstellungen sind richtig (OTL) ?
Überall Safelist und Dateialter 7 tage?

...?

markusg 27.12.2012 20:31
was für ein % meinst du?
wie die otl konfig zu machen ist, steht eig oben im link + mein Script

KRaYZieGaMeR 27.12.2012 20:41
Und wo findet man otl.txt und extra.txt ?

markusg 27.12.2012 20:47
Wird automatisch geöffnet

KRaYZieGaMeR 27.12.2012 20:55
OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 27.12.2012 20:35:30 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Tammo\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,81 Gb Available Physical Memory | 80,34% Memory free
11,96 Gb Paging File | 10,79 Gb Available in Paging File | 90,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 170,48 Gb Free Space | 37,83% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: TAMMO-PC | User Name: Tammo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tammo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\Tammo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Tammo\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libglesv2.dll ()
MOD - C:\Users\Tammo\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libegl.dll ()
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Tammo\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Tammo\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Tammo\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Users\Tammo\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Users\Tammo\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Users\Tammo\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe ()
SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AV Engine Scanning Service) -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (AV Watch Service) -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Suite Service) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BASICSCAN SERVICE) -- C:\PROGRAM FILES (X86)\BASICSCAN\BASICSCAN.EXE ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AVFSFilter) -- C:\Windows\SysNative\drivers\avfsfilter.sys ()
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=DE&userid=d11d6828-434d-47fa-8a1c-570f2ce9700b&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=DE&userid=d11d6828-434d-47fa-8a1c-570f2ce9700b&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=DE&userid=d11d6828-434d-47fa-8a1c-570f2ce9700b&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=DE&userid=d11d6828-434d-47fa-8a1c-570f2ce9700b&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=DE&userid=d11d6828-434d-47fa-8a1c-570f2ce9700b&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=DE&userid=d11d6828-434d-47fa-8a1c-570f2ce9700b&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110195&tt=220512_53ctrl&babsrc=SP_ss&mntrId=08927d07000000000000f655f92cc510
IE - HKCU\..\SearchScopes\{269FE48E-DBAF-4B94-896B-DC3ED33D28B5}: "URL" = hxxp://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=e67e98928d434ec0aac887fac6489a04
IE - HKCU\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = hxxp://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE458
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={9F400A1F-CAD6-4AD5-B270-0BE001ED2D68}&mid=a0654eeeb76e47d19147cd3c4e3060a8-db40d31696dd50cfd5c370c895fb6e6c0191a70b&lang=de&ds=cv011&pr=sa&d=2012-06-02 09:56:26&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vbchX8C&i=26
IE - HKCU\..\SearchScopes\{F535FA03-A0DD-4E1B-A327-4AE959A49C20}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=109
IE - HKCU\..\SearchScopes\{F79AF29C-A9DA-4D34-8B7B-DEA431F9E3B7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=30DCA576-B4D8-4308-B03A-BDD4B4227325&apn_sauid=8C770DE9-F248-418A-A09E-4658E09413F8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tammo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tammo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.08.31 18:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012.12.15 20:11:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.08 13:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.31 18:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2012.09.17 18:43:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.23 16:46:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.6.7\FF [2012.09.29 18:44:48 | 000,000,000 | ---D | M]
 
[2012.06.23 09:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tammo\AppData\Roaming\mozilla\Extensions
[2011.05.18 15:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tammo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.02 20:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.04 18:05:25 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tammo\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Tammo\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tammo\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Tammo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Tammo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tammo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Tammo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Tammo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Battlefield 3 = C:\Users\Tammo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni\1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.7\PriceGongIE.dll (PriceGong)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Mp3Tube Toolbar) - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL (Mp3Tube Toolbar)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swprotray.exe (SPAMfighter)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" File not found
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Tammo\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Tammo\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Tammo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [svchost] C:\Users\Tammo\AppData\Roaming\svchost.exe (My Application)
O4 - HKCU..\Run: [Windows Live] C:\Users\Tammo\AppData\Local\Temp\winini.exe (serverhackers Inc.)
O4 - Startup: C:\Users\Tammo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11F85245-32B0-4B42-9191-F74D7A67AD0F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.26 21:56:30 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2012.12.26 21:56:29 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2012.12.26 21:56:29 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2012.12.26 21:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2012.12.26 21:54:18 | 000,000,000 | ---D | C] -- C:\Users\Tammo\AppData\Roaming\AVG
[2012.12.26 21:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012.12.26 21:51:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012.12.26 21:40:59 | 000,000,000 | ---D | C] -- C:\Users\Tammo\AppData\Roaming\TuneUp Software
[2012.12.26 20:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2012.12.26 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\Tammo\AppData\Roaming\Fighters
[2012.12.26 20:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2012.12.26 20:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite
[2012.12.26 20:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2012.12.26 20:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2012.12.26 20:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012.12.26 20:06:28 | 000,000,000 | ---D | C] -- C:\FRST
[2012.12.26 19:37:34 | 000,133,580 | ---- | C] (My Application) -- C:\Users\Tammo\AppData\Roaming\svchost.exe
[2012.12.26 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\Tammo\AppData\Roaming\dclogs
[2012.12.10 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Tammo\AppData\Local\Origin
[2012.12.10 19:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011.10.26 20:21:24 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Tammo\taskmgr.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 19:49:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.27 19:49:20 | 522,604,543 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.27 19:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 19:10:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 19:10:21 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 19:03:50 | 104,392,252 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.12.27 18:56:31 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2207225388-2837944390-3081604064-1000UA.job
[2012.12.27 18:56:31 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2207225388-2837944390-3081604064-1000Core.job
[2012.12.26 21:55:38 | 000,002,233 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2012.12.26 21:55:38 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2012.12.26 20:38:27 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2012.12.26 20:19:36 | 014,247,658 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.26 20:19:36 | 004,767,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.26 20:19:36 | 004,532,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.26 20:19:36 | 004,082,772 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.26 20:19:36 | 000,005,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.26 19:41:23 | 000,309,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.26 19:37:43 | 000,133,580 | ---- | M] (My Application) -- C:\Users\Tammo\AppData\Roaming\svchost.exe
[2012.12.26 16:40:28 | 000,000,017 | ---- | M] () -- C:\Windows\settings.ini
[2012.12.20 14:54:48 | 000,013,720 | ---- | M] () -- C:\Windows\SysNative\drivers\avfsfilter.sys
[2012.12.19 19:32:31 | 000,368,135 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.12.15 20:57:30 | 000,002,491 | ---- | M] () -- C:\Users\Tammo\Desktop\Google Chrome.lnk
[2012.12.15 20:11:33 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2012.12.10 19:49:40 | 000,001,658 | ---- | M] () -- C:\Windows\wininit.ini
[2012.12.10 19:49:31 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.12.08 11:06:24 | 000,003,344 | ---- | M] () -- C:\Users\Tammo\.recently-used.xbel
[2012.11.29 18:26:57 | 548,472,415 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.26 21:55:38 | 000,002,233 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2012.12.26 21:55:38 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2012.12.26 21:55:32 | 000,002,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2012.12.26 20:38:27 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2012.12.20 14:54:48 | 000,013,720 | ---- | C] () -- C:\Windows\SysNative\drivers\avfsfilter.sys
[2012.12.10 19:49:31 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.12.08 11:06:24 | 000,003,344 | ---- | C] () -- C:\Users\Tammo\.recently-used.xbel
[2012.11.22 16:36:22 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.22 16:36:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.11 13:02:25 | 000,000,017 | ---- | C] () -- C:\Windows\settings.ini
[2012.05.12 21:27:43 | 000,001,658 | ---- | C] () -- C:\Windows\wininit.ini
[2012.05.11 20:49:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\06669fb4a391bb0b0706de151cbb3641_c
[2012.01.28 16:52:28 | 000,088,462 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.09.17 14:06:47 | 000,103,016 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.09.04 13:07:52 | 000,006,144 | ---- | C] () -- C:\Users\Tammo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.18 15:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.10 16:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.10 16:19:31 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.12.10 20:09:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.22 16:52:06 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\.minecraft
[2012.09.25 20:45:06 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Anthropics
[2011.11.20 20:19:57 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Ashampoo
[2012.12.26 21:54:18 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\AVG
[2011.05.18 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\AVG10
[2012.06.02 20:59:38 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Babylon
[2012.12.27 19:03:58 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\dclogs
[2012.10.06 18:16:41 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\DesktopIconForAmazon
[2011.08.05 01:17:15 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\DVDVideoSoft
[2011.08.05 01:33:55 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.26 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Fighters
[2012.10.13 20:18:17 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\gtk-2.0
[2012.10.14 11:41:59 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Image-Line
[2011.11.24 21:26:57 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Jens Lorek
[2011.09.14 17:51:33 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\LolClient
[2012.05.27 17:55:35 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\LolClient2
[2012.07.02 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Media Finder
[2011.05.29 09:39:38 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\OpenOffice.org
[2012.12.17 16:36:31 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Origin
[2011.05.18 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\PowerCinema
[2012.11.24 10:52:16 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Smart PC Solutions
[2012.03.25 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\SplitMediaLabs
[2012.12.27 20:22:18 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Spotify
[2012.11.24 21:05:11 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Spotydl
[2012.06.03 08:01:21 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\systweak
[2011.05.18 15:01:47 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Thunderbird
[2012.11.30 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\TS3Client
[2012.12.26 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\TuneUp Software
[2012.07.16 20:18:45 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Unity
[2012.07.24 08:45:09 | 000,000,000 | ---D | M] -- C:\Users\Tammo\AppData\Roaming\Usenet.nl
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.10.26 20:22:38 | 000,000,000 | -H-D | M] -- C:\$AVG
[2011.09.29 18:38:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.23 17:58:58 | 000,000,000 | ---D | M] -- C:\63d41e343dd634bac22db878
[2012.07.17 10:19:20 | 000,000,000 | ---D | M] -- C:\76289a77a3e78d860dc9ade4e4b8b7
[2011.03.10 16:25:04 | 000,000,000 | ---D | M] -- C:\book
[2012.12.26 21:56:35 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.18 13:19:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.19 19:17:28 | 000,000,000 | ---D | M] -- C:\e10637ffab4c7b0cee8e
[2011.07.31 18:23:40 | 000,000,000 | -HSD | M] -- C:\found.000
[2012.12.26 20:06:30 | 000,000,000 | ---D | M] -- C:\FRST
[2010.12.10 20:00:43 | 000,000,000 | ---D | M] -- C:\Intel
[2011.05.18 13:21:05 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.24 10:58:06 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.12.26 20:37:48 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.26 21:52:00 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.05.18 13:19:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.27 05:23:42 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.26 21:53:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.18 13:19:52 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.26 21:51:43 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.02 14:11:44 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.06.02 20:37:53 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2207225388-2837944390-3081604064-1000Core.job
[2012.06.02 20:37:54 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2207225388-2837944390-3081604064-1000UA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.17 20:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.17 20:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.07.17 20:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.17 20:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.09.14 02:18:16 | 000,353,304 | ---- | M] (Intel Corporation) MD5=F4F4CBC7F6C7CB940AA9F0AAF3EF1104 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
[2010.09.14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.12.08 11:06:24 | 000,003,344 | ---- | M] () -- C:\Users\Tammo\.recently-used.xbel
[2012.12.27 20:49:15 | 004,456,448 | -HS- | M] () -- C:\Users\Tammo\NTUSER.DAT
[2012.12.27 20:49:15 | 000,262,144 | -HS- | M] () -- C:\Users\Tammo\ntuser.dat.LOG1
[2011.05.18 13:19:57 | 000,000,000 | -HS- | M] () -- C:\Users\Tammo\ntuser.dat.LOG2
[2011.05.18 13:25:04 | 000,065,536 | -HS- | M] () -- C:\Users\Tammo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.05.18 13:25:04 | 000,524,288 | -HS- | M] () -- C:\Users\Tammo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.05.18 13:25:04 | 000,524,288 | -HS- | M] () -- C:\Users\Tammo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.11.19 15:58:32 | 000,065,536 | -HS- | M] () -- C:\Users\Tammo\NTUSER.DAT{74ef2a6f-0d19-11e1-b4aa-1c7508d4895b}.TM.blf
[2011.11.19 15:58:32 | 000,524,288 | -HS- | M] () -- C:\Users\Tammo\NTUSER.DAT{74ef2a6f-0d19-11e1-b4aa-1c7508d4895b}.TMContainer00000000000000000001.regtrans-ms
[2011.11.19 15:58:32 | 000,524,288 | -HS- | M] () -- C:\Users\Tammo\NTUSER.DAT{74ef2a6f-0d19-11e1-b4aa-1c7508d4895b}.TMContainer00000000000000000002.regtrans-ms
[2011.05.18 13:19:57 | 000,000,020 | -HS- | M] () -- C:\Users\Tammo\ntuser.ini
[2009.07.14 02:39:47 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Users\Tammo\taskmgr.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---

KRaYZieGaMeR 27.12.2012 20:56
Extra.txt:

OTL Extras logfile created on: 27.12.2012 20:35:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tammo\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,98 Gb Total Physical Memory | 4,81 Gb Available Physical Memory | 80,34% Memory free
11,96 Gb Paging File | 10,79 Gb Available in Paging File | 90,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 170,48 Gb Free Space | 37,83% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TAMMO-PC | User Name: Tammo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D84C835-A2AB-4883-9F10-C0B3C30F0D35}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{32D88249-914C-49AC-8EAD-6B735A129A2E}" = lport=139 | protocol=6 | dir=in | app=system |
"{37C2641F-C3D9-4434-A100-849365A2033E}" = rport=445 | protocol=6 | dir=out | app=system |
"{42018894-0B1D-40E8-9DC6-C6AD3C5A37EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{5EBC3AE6-5B9E-41D8-A1B3-A9326B2A6D28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72512386-1CFD-4C6B-8DAD-3F248FAA6000}" = rport=137 | protocol=17 | dir=out | app=system |
"{8DB0CC56-E83B-4705-819C-186AE8E842D7}" = lport=137 | protocol=17 | dir=in | app=system |
"{9D49F672-1A6A-4EAD-B2A7-D23AF20F7FC5}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1161494-FA84-45E7-BA46-68511436AAE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C71408F1-2760-4DBB-BEA5-93DF170D7356}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9A924D6-6B9D-46D4-8469-B6936004A5EB}" = rport=138 | protocol=17 | dir=out | app=system |
"{E33A6C99-71B1-4470-BCAB-D13EA22550CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ED1AB8A4-5B20-47B9-ADF8-1A9C09899F83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6D80069-A520-43C4-A04A-08AB96151108}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000E7141-09F2-458E-8990-07E03D99AC0E}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{0755E3A0-6953-43E6-96FA-7726D34AC20A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{07FFF922-4585-498B-8CF7-F5FCADEFF1A4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{08A8C6F3-59F8-4194-9B94-974A5FF8B72C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0D2A6E85-EC85-43B9-8FF5-AFC0DADEF95D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe |
"{161E5E66-8BB1-489F-8282-C1A4C88DA407}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1B7E8426-E36F-4CF2-892C-4C298C66F33B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1D7666A2-D752-45B2-85FE-43D9383539FF}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |
"{26A8694E-C024-4D20-9BD6-A605CCC2AD94}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2C740C30-7A92-4512-9043-05E8635D27AC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{382EECC6-39DB-4361-9786-1F035588445D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{39E79FBF-2DA0-4EB2-B2C3-DA2628AD44E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3DBC3AA2-FB69-4D8C-994F-E555A31F49F5}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe |
"{421FEABC-CA88-4FF6-A5E5-A55622F8DB3E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{4EEFDA9C-B22F-448C-9329-E9607E5A8C70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50797324-45E9-4969-90B0-1DC72106D42B}" = protocol=6 | dir=in | app=c:\users\administrator\games\call.of.duty.4.germanpostmortem\mss32.dll\facemoods.exe |
"{50E33445-B4A2-4FC6-96A9-43B8387D6B66}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{54C65662-3E65-49D6-870F-EF649BDA5753}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{578ADE26-39E6-4EA5-BE18-542119D7C61E}" = protocol=17 | dir=in | app=c:\program files\mobileforces\system\mobileforces.exe |
"{5A168311-BF82-4A16-A8F7-8C0D80A0C1F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CAF965F-A7FD-4CEA-B3C2-5A8B61256536}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5E059189-1251-4DAC-9E85-CF5026892EF9}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{60A01ACB-EE4E-442A-8D3C-7A9997DD52F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69B0D7A2-A716-4166-807D-45B9EC81C31D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{74A35FD2-AD46-4F58-83EE-8EFEBFC3D101}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{7947207F-AA84-4D29-AEE3-80A0DADFF72A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{7E5AD7F4-3383-49BF-AF5A-53F3A0988343}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe |
"{7F2C49F5-01C6-440F-AD17-CA3FC68ACFED}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{8109C4FD-42AF-4F62-8E2A-F4122ADA3318}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{856D030D-7BD0-4024-84E3-7962475EDE58}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |
"{85E8C5D3-C77B-470F-99D3-64D9C58AC22B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{862F796C-B12D-402B-B4DD-F3EF4A4BE4AD}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8C9F2D0E-0FC1-4FBB-B07F-DC545100C468}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{8DE6A392-DA19-4A75-AA72-02E4837B2E4B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8FF2BF77-F7F5-4B51-A169-CE066549152F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{901C4076-A28A-436A-B2F2-326A00815A06}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{906A5F06-A28D-4C74-90D1-63245C1F54E5}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{916664B1-9ED0-438B-B692-03E98FE443DD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{92D44510-B199-4F2D-B304-C299AF217101}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{94DBF2A0-EF2E-40ED-B25B-4B323836043A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{986AE10A-35A8-4303-8448-C85479F29326}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{99CF0385-993B-429F-A217-9303A2CDB256}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5DBE75C-DE66-4C6E-A091-85D2F0C69C38}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9024E1F-3446-4678-AE79-E360C58A620A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A9294077-DD0A-4ED8-AF5B-7C7D0D45738A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{B2399E40-4A39-418F-8071-C43BBD5CFD93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B79371FF-48AB-47CF-A890-3A847FC7CE11}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B883265B-EA30-4148-B784-3B13006AF76D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B9C5DE62-B337-4C0D-ABAE-6502508D062B}" = protocol=17 | dir=in | app=c:\users\tammo\appdata\local\microsoft\windows\temporary internet files\content.ie5\8gs47nk5\sweetimsetup[1].exe |
"{BAFF04A9-B40E-44D7-8FE1-0CE3FA11018F}" = protocol=6 | dir=in | app=c:\users\tammo\appdata\local\microsoft\windows\temporary internet files\content.ie5\8gs47nk5\sweetimsetup[1].exe |
"{C61EB9DF-2F9B-4584-BE5E-7D60F6306365}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{C625F38F-7F94-495E-BB7A-859CB4092ADD}" = protocol=17 | dir=in | app=c:\users\administrator\games\call.of.duty.4.germanpostmortem\mss32.dll\facemoods.exe |
"{C843E56A-90A4-4812-A090-E76C706F74F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CA09A281-A5DF-4EE1-8895-517A345578AE}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CBB0384A-3654-41E1-A49E-03C4DBC2B9EF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CE6B9528-FE43-4856-A8EF-8AD4F08E8DE3}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |
"{D19FC2C7-DFB9-4940-BC02-C3900B0ED7A7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{D585D739-A57D-423C-9EB3-FA92DBB7F7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{DAC55044-82D2-4198-9DFB-1237C9649877}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{DBB2BCBA-0FC0-4484-ADA8-81F33D8794CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E13BEBC2-FDA6-44D2-993C-67DA7B62F182}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2B33EFB-C4E0-400E-93FB-493F7A67CA2F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{E42981C3-34DB-4854-9DB1-5B1F8C348C41}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{E76C0969-B327-47E4-9CC3-F1893FD2DAB5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E90F7F81-5D6F-4DD2-8556-5C25BEAD28EF}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{EC0DE1B4-E42C-40DA-822C-95C3FB631707}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{EC6B9F61-DC96-48DC-BA6F-1EAFEACB2E11}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{ECA24702-7419-487C-8A8F-A315BA8F02B2}" = protocol=6 | dir=in | app=c:\program files\mobileforces\system\mobileforces.exe |
"{EF0902CD-928B-4227-AB75-5B66027939AA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FA2A2F98-CB8C-4215-B591-FF3721F9346D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FF9E48C1-925A-4421-8D96-3B16A1EC462C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{0C275EBB-9CCB-4224-8564-D70C147ACCC9}C:\program files (x86)\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\far cry 2\bin\farcry2.exe |
"TCP Query User{136BD057-4E5D-4636-9B96-51817A805EBF}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"TCP Query User{154A986C-40C6-4BF9-9A05-A7756605049A}C:\program files (x86)\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty black ops\blackopsmp.exe |
"TCP Query User{1D5E23F9-786A-47CE-AAA5-6AFAE364D9F5}C:\users\tammo\desktop\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\diablo-iii-8370-engb-installer-downloader.exe |
"TCP Query User{20C423A3-72A1-49D4-98EC-C3CC2E7AA2E6}C:\program files (x86)\steam\steamapps\tammo97\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tammo97\team fortress 2\hl2.exe |
"TCP Query User{2628F7D3-DC77-400A-8181-3135CCD878B7}C:\users\tammo\desktop\crysis wars\bin64\crysis.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\crysis wars\bin64\crysis.exe |
"TCP Query User{32912821-3E8F-4317-8B65-A973D19ED80E}C:\program files (x86)\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battlefield 1942\bf1942.exe |
"TCP Query User{44956FDB-DA65-4476-8C47-6842A1F3F16C}F:\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=f:\left 4 dead 2\left4dead2.exe |
"TCP Query User{4C7FE93B-FA4B-4905-BF1B-D8F4DC03FB45}C:\users\tammo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tammo\appdata\roaming\spotify\spotify.exe |
"TCP Query User{525BFB4C-C2B7-4C11-8329-AAECAE923CF6}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{5367F42C-CC21-4B2F-93A5-49AD7427D322}C:\users\tammo\desktop\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\call of duty black ops\blackops.exe |
"TCP Query User{5CCFC590-870F-4727-9F21-41A656DB1EF7}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{63F32406-EB42-4A72-9F4F-231530C5778C}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"TCP Query User{68A6DE14-1CE1-49D0-83D9-3D5DAF3B64DD}C:\program files (x86)\starcraft ii\test\versions\base19595\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\test\versions\base19595\sc2.exe |
"TCP Query User{6A9FA5F3-8F0F-4C40-83BA-80101C49E005}C:\users\tammo\desktop\teamspeak3-server_win32-3.0.0\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\teamspeak3-server_win32-3.0.0\teamspeak3-server_win32\ts3server_win32.exe |
"TCP Query User{6CB5A676-2FD1-4809-B698-2CB33EF2969C}C:\users\administrator\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\administrator\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{7052732F-CC03-481D-BDBE-7AC252FEC54C}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"TCP Query User{79B5D642-5932-44DE-A17F-CD180A6CA457}C:\users\tammo\appdata\local\temp\temp1_teamspeak3-server_win64-3.0.0-rc1.zip\teamspeak3-server_win64\tsdns\tsdnsserver_win64.exe" = protocol=6 | dir=in | app=c:\users\tammo\appdata\local\temp\temp1_teamspeak3-server_win64-3.0.0-rc1.zip\teamspeak3-server_win64\tsdns\tsdnsserver_win64.exe |
"TCP Query User{7BD3ECE4-24E5-4F56-AB1D-F032A142C039}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{7C89B9CB-3958-4E97-A169-35B9542CD286}C:\program files (x86)\starcraft ii\starcraft ii public test.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"TCP Query User{7D60FDE9-1419-4660-AD45-2BE3085E90DB}C:\users\tammo\desktop\teamspeak3-server_win32\tsdns\tsdnsserver_win32.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\teamspeak3-server_win32\tsdns\tsdnsserver_win32.exe |
"TCP Query User{8A29EB77-9D49-42EB-B0FC-03272ABC0095}C:\program files (x86)\steam\steamapps\tammo97\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\tammo97\team fortress 2\hl2.exe |
"TCP Query User{8F7ABE84-40EB-4100-A746-86F2C2764CE7}C:\users\tammo\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{922196B7-309A-422C-BC19-2C54E8462470}C:\program files (x86)\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 4\iw3mp.exe |
"TCP Query User{9A76ED16-E6CA-4108-8A5C-3BD2B458005B}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe |
"TCP Query User{9B8B12D3-4815-4491-BD3F-EA18A30E44C4}C:\users\tammo\desktop\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\far cry 2\bin\farcry2.exe |
"TCP Query User{9EFDD7C9-0891-4158-9BD3-317C2BFA0997}C:\users\tammo\desktop\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe |
"TCP Query User{A0E99DBD-5721-4B30-9500-09272DAC81E5}C:\users\tammo\downloads\starcraft_2_tw_zh-tw.exe" = protocol=6 | dir=in | app=c:\users\tammo\downloads\starcraft_2_tw_zh-tw.exe |
"TCP Query User{A52B70F0-B76A-4583-85D2-27D9D37225DA}C:\program files (x86)\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty 4\iw3mp.exe |
"TCP Query User{A5B5050C-DCAA-437D-A82B-F52F39B38874}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{AC795863-1B38-43DB-A573-235AA0E9AF8B}C:\users\tammo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tammo\appdata\roaming\spotify\spotify.exe |
"TCP Query User{B65F880C-E6D3-4EFB-BE53-5F25A5B7737A}C:\program files\mobileforces\system\mobileforces.exe" = protocol=6 | dir=in | app=c:\program files\mobileforces\system\mobileforces.exe |
"TCP Query User{B6892C62-1817-4B9D-8FAA-13F9BFB358BE}C:\users\tammo\desktop\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\tsdns\tsdnsserver_win32.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\tsdns\tsdnsserver_win32.exe |
"TCP Query User{BCA1E471-36FC-4D87-9478-B5B2C14CD56A}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{BE9FD94F-1FA9-4FCF-BB58-841175BD7126}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{C1896F2F-1D56-4B09-8CCC-19DBBB71C2BA}C:\program files (x86)\crysis wars\bin64\crysis.exe" = protocol=6 | dir=in | app=c:\program files (x86)\crysis wars\bin64\crysis.exe |
"TCP Query User{C2B4EBCC-3F96-4994-B6EE-207D0447381F}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"TCP Query User{CA428072-B4E3-4AD5-AC5C-2C93039A40D9}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{CB1E1890-90C0-4561-A8E8-40D3C0218C23}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{D4CAD170-DEA6-4810-A1E1-85B0472BE3A1}F:\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=f:\borderlands\binaries\borderlands.exe |
"TCP Query User{D5A0FB3F-361A-424C-9498-B22395B420B5}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{D61DC21B-DBD9-4C5F-8E4E-7EDB5AE76EFE}C:\users\administrator\games\call.of.duty.4.germanpostmortem\call of duty 4 - modern warfare\setup\data\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\administrator\games\call.of.duty.4.germanpostmortem\call of duty 4 - modern warfare\setup\data\iw3mp.exe |
"TCP Query User{D83BAC7D-5235-499E-A13D-240AD340DEE3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{DE439C82-65F6-468D-A0E0-DFC15330BE56}C:\program files (x86)\brink\brink.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brink\brink.exe |
"TCP Query User{E6A3A712-E573-4E35-82D8-56A815C2FB8F}C:\users\tammo\desktop\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\tammo\desktop\call of duty 4\iw3mp.exe |
"TCP Query User{E8BE338A-F227-4C1D-84EA-E01461D19201}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{E9207A04-FFDB-41D2-8B4A-EA0A0826D3AD}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{EBA819F6-AEC0-41CF-AC34-A97ED5F4772C}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{08A458F1-65F6-4EF7-AA5B-EC25F76C2BBF}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{0DCEB031-8E8F-4E5B-BACA-1AC731CE7DDB}C:\users\administrator\games\call.of.duty.4.germanpostmortem\call of duty 4 - modern warfare\setup\data\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\administrator\games\call.of.duty.4.germanpostmortem\call of duty 4 - modern warfare\setup\data\iw3mp.exe |
"UDP Query User{0E91E613-012F-4F9D-8093-BCF6E3DA2F33}C:\users\tammo\desktop\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe |
"UDP Query User{173EDB4E-A725-4B90-B4AB-FCD8D1BF2583}C:\users\tammo\desktop\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\call of duty black ops\blackops.exe |
"UDP Query User{1F9FFE3C-4FF9-4B65-B707-11DFCF40215A}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{21B28240-94E8-4132-926A-247FB549179C}F:\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=f:\left 4 dead 2\left4dead2.exe |
"UDP Query User{29DC1AFA-C9DC-4E78-B883-C4291251C717}C:\program files\mobileforces\system\mobileforces.exe" = protocol=17 | dir=in | app=c:\program files\mobileforces\system\mobileforces.exe |
"UDP Query User{2CA2AF80-6A7A-4048-A74E-8DADFFE34D60}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{3F600BE5-92E0-4FEF-85A6-75CAABFDD3BA}C:\users\tammo\desktop\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\far cry 2\bin\farcry2.exe |
"UDP Query User{40B26DE0-D906-42F2-B620-E524F7D5AADC}C:\program files (x86)\starcraft ii\test\versions\base19595\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\test\versions\base19595\sc2.exe |
"UDP Query User{480B3696-773E-4F39-A98F-60CE68438D3A}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{4B915591-24A1-4DBC-8235-668531544020}C:\users\tammo\desktop\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\tsdns\tsdnsserver_win32.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\tsdns\tsdnsserver_win32.exe |
"UDP Query User{54F14540-751A-4889-B370-536F8BE61015}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{551AE502-1C64-4F80-B4E2-5B94C9479CF9}C:\users\tammo\desktop\crysis wars\bin64\crysis.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\crysis wars\bin64\crysis.exe |
"UDP Query User{564BEB50-78E4-49D2-B0A7-23ECCBE4830B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5D9849D9-03F9-4EBB-BCB2-76360954CF8A}C:\program files (x86)\starcraft ii\starcraft ii public test.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"UDP Query User{5EB21886-6C14-4C55-8F72-4971D812AFB5}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{5F965106-DEFD-4A7D-8CEF-7FB4C1DFD853}C:\users\tammo\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{607E50F7-9DF2-4473-AC21-6CC5D2CB0C07}C:\program files (x86)\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty black ops\blackopsmp.exe |
"UDP Query User{67B14427-822C-4036-89CE-B14F2B8CE13D}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe |
"UDP Query User{67BABE44-FD3A-47D0-8A40-9E81FC3688EB}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"UDP Query User{7F8B0AAC-E83D-48B0-BD66-CBA7F7056BBE}C:\program files (x86)\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 4\iw3mp.exe |
"UDP Query User{81447F9C-1412-4930-914E-A8DFF1F684F8}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"UDP Query User{8527B837-16CE-4175-B229-34AE296BC133}C:\program files (x86)\steam\steamapps\tammo97\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tammo97\team fortress 2\hl2.exe |
"UDP Query User{878749DD-2BBB-4305-8544-DF36CC76830B}C:\users\tammo\desktop\teamspeak3-server_win32-3.0.0\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\teamspeak3-server_win32-3.0.0\teamspeak3-server_win32\ts3server_win32.exe |
"UDP Query User{8D364BAB-922A-4D47-AA1A-4C029DD2A49B}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"UDP Query User{90269C55-A579-430A-8377-DC8C46595DD6}C:\program files (x86)\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty 4\iw3mp.exe |
"UDP Query User{9231C907-4CE9-4DC0-99F5-D486FDD41B27}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{9F157550-CFBA-4CE8-9140-3A00133C43F2}C:\users\tammo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tammo\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A1B70AEC-8823-4C65-A4E0-F405183BAAC3}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{B1260B71-5E9E-4D6B-8AFA-28AFDBA6099B}C:\users\tammo\desktop\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\diablo-iii-8370-engb-installer-downloader.exe |
"UDP Query User{B4383AD1-16F3-4752-A134-DA23EED79A7B}C:\program files (x86)\brink\brink.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brink\brink.exe |
"UDP Query User{BE54500D-3F14-4859-B4B1-4C6A87D06B4A}C:\users\tammo\appdata\local\temp\temp1_teamspeak3-server_win64-3.0.0-rc1.zip\teamspeak3-server_win64\tsdns\tsdnsserver_win64.exe" = protocol=17 | dir=in | app=c:\users\tammo\appdata\local\temp\temp1_teamspeak3-server_win64-3.0.0-rc1.zip\teamspeak3-server_win64\tsdns\tsdnsserver_win64.exe |
"UDP Query User{BEEA5B01-733D-4B0A-8483-0A699F41D620}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{C4BB5BEF-15C0-47BE-A614-E6F1EB57290C}C:\program files (x86)\crysis wars\bin64\crysis.exe" = protocol=17 | dir=in | app=c:\program files (x86)\crysis wars\bin64\crysis.exe |
"UDP Query User{C4E7724F-8B78-4390-8FA0-DF95CB565AD6}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"UDP Query User{D02F80D0-0CCB-4812-9295-A74CCB164E2F}C:\program files (x86)\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\far cry 2\bin\farcry2.exe |
"UDP Query User{D29A8D58-B8C5-4310-8D60-F2EFB9286C63}C:\program files (x86)\steam\steamapps\tammo97\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\tammo97\team fortress 2\hl2.exe |
"UDP Query User{D53866A9-BB94-4C50-A3C1-A83E20F0469E}C:\program files (x86)\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battlefield 1942\bf1942.exe |
"UDP Query User{DC5B9174-8C3E-4E47-A887-8049D7A58CEC}C:\users\administrator\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\administrator\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{DDADA426-7689-4C52-8E13-659F693CE913}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{DDB348AE-016B-4E2B-A302-700F19CD957E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E8768D36-1A03-439F-A97C-4547CBD14F55}C:\users\tammo\desktop\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\call of duty 4\iw3mp.exe |
"UDP Query User{EA778C98-C1C8-4BEF-A14C-13811D7AC2AA}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{ED6811DB-2170-4751-8D6F-94DDD4D54E04}F:\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=f:\borderlands\binaries\borderlands.exe |
"UDP Query User{EE28C7BF-F3CF-4310-A44C-1722D73219B4}C:\users\tammo\desktop\teamspeak3-server_win32\tsdns\tsdnsserver_win32.exe" = protocol=17 | dir=in | app=c:\users\tammo\desktop\teamspeak3-server_win32\tsdns\tsdnsserver_win32.exe |
"UDP Query User{F787AAC2-7C72-4975-A7A5-9E3C320BF698}C:\users\tammo\downloads\starcraft_2_tw_zh-tw.exe" = protocol=17 | dir=in | app=c:\users\tammo\downloads\starcraft_2_tw_zh-tw.exe |
"UDP Query User{FA3B3E28-8918-4601-8194-E940B7081C2F}C:\users\tammo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tammo\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10940C91-59FD-48D4-BE53-1A30A0C3235B}" = AVG 2011
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E308612-4678-40BC-99A5-C95E7E6135DA}" = AVG 2011
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982C480E-5BE0-2714-E584-83E88F8A31C3}" = ccc-utility64
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C263ED32-78DB-40EB-8B12-2925C8213E28}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E69F8CE0-7EA0-63A9-5A5B-D8FD9BDCC219}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"WNLT" = Web Optimizer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{063541C9-B4CA-CD49-080C-AEDE45067CEB}" = CCC Help Portuguese
"{07580AC7-1B74-92E7-F405-9AD4019CA577}" = CCC Help Thai
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{10AD2C1F-9825-F220-7870-CD7B946D367E}" = CCC Help Spanish
"{13F59927-CFBE-44D1-8417-7203AD4F1795}" = Gothic 3
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E26695-3815-012F-1CAF-C6C3564DBCBF}" = ccc-core-static
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29A4502B-1FA5-72E0-92F1-AC8F2EF16D51}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{320795BA-446B-C1F7-9560-CC171192DC21}" = CCC Help Turkish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334BEF1F-EE5B-295F-BED0-728F7F45328B}" = CCC Help Polish
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{47772E7F-6942-B7A3-1B31-74D30343064B}" = CCC Help Norwegian
"{485E3D4A-35FB-CED2-3CF5-FAD4CCFE46BD}" = CCC Help Hungarian
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6D25EA-5390-CEE6-305E-F28B192C806C}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557018DC-309C-5BCC-0587-B2D86BA20613}" = CCC Help Greek
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{704ED517-BB7F-7654-2185-627ACCB20179}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BCF416-AA53-4F70-B253-88DFDE19B84B}" = Snap.Do
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7B0D3494-9AB1-43AE-80B0-FD00E9516E55}" = Fighters
"{7B284AC2-4756-6779-9274-FE20EE9216B7}" = Catalyst Control Center InstallProxy
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800BE8AA-C912-E42D-E97F-BA533A2C851F}" = CCC Help Korean
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{83429F57-1A80-EB5B-8E60-C215D025A18B}" = CCC Help Italian
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3119BF5-2502-B6A6-45AA-A1FE5D82FFD7}" = CCC Help Russian
"{B4C7BC58-3914-9EF9-E2B9-52216DFE899D}" = Catalyst Control Center Graphics Previews Vista
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B722FA60-A6EF-A3F5-DD4B-C826CDA16114}" = CCC Help Japanese
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{BF6C70DB-7E1E-4A85-B668-F4E80C3CA349}" = Condemned - Criminal Origins Demo
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CC7BBA77-7C6F-115C-4B47-0E3EE2610C13}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DBCCC93B-F646-EB40-4AB1-55D4BE0E5D30}" = CCC Help Dutch
"{DBD55196-4BE4-CAAC-1447-4AF6657EEAD6}" = CCC Help Czech
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1161FE3-E090-512B-BE20-AA276C2766CA}" = CCC Help Swedish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B8B8A6-BBD9-0B5F-1AA1-A95161C16247}" = CCC Help Chinese Traditional
"{E5F1F9B2-90C3-83E2-888F-2725AACA93BD}" = CCC Help French
"{E87C0C8B-82D6-7C51-B1A3-01EAF3314F7F}" = CCC Help English
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E90747-42A1-E42F-C104-48239458946A}" = CCC Help Chinese Standard
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG PC TuneUp" = AVG PC TuneUp
"AVG Secure Search" = AVG Security Toolbar
"BasicScan" = BasicScan 1.0 build 114
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"FL Studio 10" = FL Studio 10
"Freemake Video Downloader_is1" = Freemake Video Downloader version 1.1.15
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"incredibar" = Incredibar Toolbar on IE and Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"IspAssistant-Mp3Tube" = IspAssistant-Mp3Tube
"Mafia II_is1" = Mafia II
"Mozilla Thunderbird (3.1.17)" = Mozilla Thunderbird (3.1.17)
"Origin" = Origin
"Pixillion" = Pixillion Image Converter
"PortraitProfessional10Trial_is1" = Portrait Professional 10.8 Test
"PriceGong" = PriceGong 2.6.7
"PricePeep" = PricePeep for Internet Explorer
"Saints Row The Third_is1" = Saints Row The Third
"Softonic" = Softonic toolbar on IE
"Spotydl_is1" = Spotydl 0.5.0
"SPYWAREfighter" = SPYWAREfighter
"StarCraft II" = StarCraft II
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Usenetnl" = Usenet.nl
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22.12.2012 11:56:09 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 22.12.2012 11:56:10 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 22.12.2012 11:56:20 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 22.12.2012 11:56:21 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 22.12.2012 11:56:21 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 22.12.2012 11:56:21 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 22.12.2012 11:56:32 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 22.12.2012 11:56:32 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 22.12.2012 11:56:33 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 22.12.2012 11:56:33 | Computer Name = Tammo-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

[ System Events ]
Error - 27.12.2012 15:46:51 | Computer Name = Tammo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.12.2012 15:47:49 | Computer Name = Tammo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.12.2012 15:47:49 | Computer Name = Tammo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.12.2012 15:47:49 | Computer Name = Tammo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.12.2012 15:48:57 | Computer Name = Tammo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.12.2012 15:48:57 | Computer Name = Tammo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 27.12.2012 15:48:57 | Computer Name = Tammo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

markusg 28.12.2012 15:39
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [Windows Live] C:\Users\Tammo\AppData\Local\Temp\winini.exe (serverhackers Inc.)
O4 - HKCU..\Run: [svchost] C:\Users\Tammo\AppData\Roaming\svchost.exe (My Application)
 :Files
C:\Users\Tammo\AppData\Local\Temp\winini.exe
C:\Users\Tammo\AppData\Roaming\svchost.exe
:Commands
[EMPTYFLASH]
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

KRaYZieGaMeR 28.12.2012 19:24
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Live deleted successfully.
C:\Users\Tammo\AppData\Local\Temp\winini.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.
C:\Users\Tammo\AppData\Roaming\svchost.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Tammo
->Flash cache emptied: 1536 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tammo
->Temp folder emptied: 7320954551 bytes
->Temporary Internet Files folder emptied: 556543798 bytes
->Java cache emptied: 1 bytes
->Google Chrome cache emptied: 295812937 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 4032 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 384254825 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3141310 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.164,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12282012_191628

Files\Folders moved on Reboot...
File move failed. C:\Users\Tammo\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

markusg 28.12.2012 19:31
Hi, upload fehlt

KRaYZieGaMeR 28.12.2012 19:35
Ok habe die Datei hochgeladen!
Vielen, vielen Dank, dass du mir geholfen hast.
KRaYZieGaMeR

markusg 28.12.2012 19:39
Ich danke,
schau sie mir mal an.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:59 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19