Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ich habe den Bundestrojaner -.- Bekomme den nicht weg !

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.08.2012, 09:08   #1
Desert90
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



Jetzt bin ich befallen. Hab mein Laptop seit Nov'09 und bis jetzt hatte ich kein Virus -.- ich ärger mich total, da ich noch wichtige Uni-Blätter ausdrucken udn abschicken muss. Also der kam heute morgen. Davor hatte sich irgendein PDF Dokument geöffnet was aber leer war. Als ich Acrobat Reader per Taskmanager geschlossen habe kam dieser Sch... Komisch war auch das der Acrobat Prozess ca 300 kb groß war. Im abgesicherten modus habe ich bis jetzt nur über quick scan mit Malwarbytes gescannt und er hat nichts gefunden. Ein vollständiger Scan dauert bei mir ca. 12 Stunden .

Was soll ich nur machen?? Ich brauch mein Laptop dringend

Windows neuinstallieren kann ich auf keinem Fall! Da sind noch wichtige Dateien drauf. Über hilfe würde ich mich freuen.

Eigentlich hatte ich über mein Handy ein Bild vom trojaner geschickt aber kam nicht an sonst hätte ich das bild angehängt.

In der Überschrift steht: Der Computer ist für die Verletzung der Gesetze der BRD wurde blockiert (ach was für'n deutsch)

und dann irgendein dummer text und ganz unten ein Feld wo man per Ukash "bezahlen" kann/muss.

Hoffe ihr könnt mir helfen

Alt 06.08.2012, 11:20   #2
markusg
/// Malware-holic
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



hi
neustart, f8 drücken, abgesicherter modus mit netzwerk wählen, dich dort anmelden, inet sollte laufen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 06.08.2012, 12:32   #3
Desert90
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



Hey danke für deine schnelle Antwort

Scan gerade fertig. Hier die Ergebnisse:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.08.2012 12:35:39 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Yahia\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,26 Gb Available Physical Memory | 82,12% Memory free
7,93 Gb Paging File | 7,29 Gb Available in Paging File | 91,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 52,95 Gb Free Space | 17,76% Space Free | Partition Type: NTFS
Drive D: | 9,00 Mb Total Space | 5,24 Mb Free Space | 58,27% Space Free | Partition Type: NTFS
 
Computer Name: YAHIA-PC | User Name: Yahia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.06 12:34:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Yahia\Desktop\OTL.exe
PRC - [2012.05.07 07:17:38 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.07 20:58:02 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012.05.07 07:17:37 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2003.07.11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.03 21:18:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.07.03 21:15:34 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.07 07:17:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.05.15 19:29:03 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.08.13 21:59:52 | 000,100,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.13 06:15:42 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.07.13 06:15:37 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.04.05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.03.16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.02.22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.02.10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.01.07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.08.04 21:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.07.12 04:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.05.07 12:21:50 | 000,072,320 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SCL01164.sys -- (SCL01164)
DRV:64bit: - [2010.04.29 07:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.03.09 05:31:06 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009.08.27 08:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.01.05 08:47:54 | 000,518,272 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerAF15DMBTH64.sys -- (AVerAF15DMBTH64)
DRV:64bit: - [2008.12.26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008.02.18 16:57:38 | 000,031,744 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2007.08.09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011.07.31 01:24:22 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2003.04.04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 CA 75 D9 CF 70 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.8.0191
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {95123F2A-2126-4E2F-9BCB-15AF8813D69A}:1.9.1
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Yahia\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yahia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yahia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012.02.04 15:14:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.07 07:17:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.25 01:40:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Yahia\AppData\Roaming\Move Networks [2010.11.13 22:59:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{95123F2A-2126-4E2F-9BCB-15AF8813D69A}: C:\Users\Yahia\AppData\Local\{95123F2A-2126-4E2F-9BCB-15AF8813D69A}\ [2011.04.14 04:53:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Yahia\AppData\Roaming\5016 [2011.06.08 20:59:45 | 000,000,000 | ---D | M]
 
[2009.09.22 02:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yahia\AppData\Roaming\mozilla\Extensions
[2012.05.05 18:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions
[2011.03.27 16:18:40 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2009.10.16 05:29:17 | 000,000,000 | ---D | M] ("Acces") -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\acces@zign.info
[2011.05.01 15:01:09 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\DTToolbar@toolbarnet.com
[2010.05.03 06:00:21 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\firefox@tvunetworks.com
[2011.04.09 17:04:33 | 000,000,000 | ---D | M] (Flash AX Control) -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\npfax@microgaming.co.uk
[2011.06.22 14:13:14 | 000,000,933 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\conduit.xml
[2010.03.30 12:26:11 | 000,002,055 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\daemon-search.xml
[2009.11.01 17:37:12 | 000,000,694 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icq-search.xml
[2009.12.21 03:02:17 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-1.xml
[2010.10.29 06:36:43 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-10.xml
[2010.11.02 00:01:32 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-11.xml
[2011.01.31 20:26:01 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-12.xml
[2011.03.04 06:12:35 | 000,000,950 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-13.xml
[2011.03.05 19:25:29 | 000,000,950 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-14.xml
[2011.03.23 07:47:22 | 000,000,950 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-15.xml
[2011.07.22 18:58:42 | 000,000,950 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-16.xml
[2009.12.26 01:39:18 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-2.xml
[2010.02.20 07:55:06 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-3.xml
[2010.03.30 18:53:30 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-4.xml
[2010.06.24 09:58:45 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-5.xml
[2010.07.12 16:17:23 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-6.xml
[2010.09.09 04:34:31 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-7.xml
[2010.09.19 14:37:10 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-8.xml
[2010.10.20 22:15:10 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-9.xml
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin.xml
[2012.01.10 07:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.09.28 15:33:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.14 14:11:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.09.30 04:42:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.05.07 07:17:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 15:07:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 15:07:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 15:07:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 15:07:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 15:07:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 15:07:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Yahia\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Google Mail = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [Quran_AR] C:\Program Files (x86)\Quran_AR\Quran_AR.exe (Search Truth Technologies)
O4 - HKCU..\Run: [alquds] C:\Program Files (x86)\alquds\alquds.exe ()
O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE /FU "C:\Windows\TEMP\E_S6F39.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [WcsPlugInService] C:\Users\Yahia\AppData\Local\Microsoft\Windows\2737\WcsPlugInService.exe ()
O4 - Startup: C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Yahia\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Yahia\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2328F42-55A2-4DB2-ABEB-17372DB7E223}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{67fa34f6-3b85-11df-a35e-002618b2ab41}\Shell - "" = AutoRun
O33 - MountPoints2\{67fa34f6-3b85-11df-a35e-002618b2ab41}\Shell\AutoRun\command - "" = G:\raf-dk_cc.exe
O33 - MountPoints2\{f05ebca0-2b2c-11df-9d22-002618b2ab41}\Shell - "" = AutoRun
O33 - MountPoints2\{f05ebca0-2b2c-11df-9d22-002618b2ab41}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {217AA629-8C1C-9A74-A039-4BE5EAE8B7B0} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {D87C5A77-D260-15BB-AF18-DFDCDB16C702} - Themes Setup
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {E9D19E7E-62FC-ADB1-E746-5C954CE4F58D} - Microsoft Windows Media Player
ActiveX: {ECDDF984-0BF0-606E-9B01-50C953AED3C0} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.06 12:33:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Yahia\Desktop\OTL.exe
[2012.08.06 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\tempdata
[2012.08.06 06:55:53 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\hellomoto
[2012.08.06 01:55:40 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{0EF85470-84F8-4EE8-8EA7-2A4AA797C256}
[2012.08.06 01:55:02 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{823D09EF-7B01-497A-8B39-84A7BCC236EF}
[2012.08.05 10:30:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4281CF80-34B2-4DCA-BC63-6854F7F820D2}
[2012.08.05 10:30:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5FB85774-9EB9-4729-9072-A61D2FF60064}
[2012.08.05 10:30:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B6409F59-9A6F-47B3-9947-C7E4E0D12699}
[2012.08.05 10:30:20 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5FD795C9-CB0D-428A-8EB6-FAD6415349CD}
[2012.08.04 22:29:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8B3EF787-0191-44B5-A421-D3511212A2E5}
[2012.08.04 22:29:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{355A9483-3CFD-41E0-8054-0B64D6375CFE}
[2012.08.04 10:45:50 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\PPD Domination
[2012.08.04 10:29:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{FCE64DFD-BD63-4287-9A26-ACB55CB98467}
[2012.08.04 00:34:21 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\Ds
[2012.08.03 22:21:17 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{E5D74EA4-B01A-4B24-B04B-F3B4FAB5CA00}
[2012.08.03 22:20:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{242A3F63-F329-4D3C-A4D0-3DF815292728}
[2012.08.03 10:20:26 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D5F8BA63-6594-4521-A015-159DD558F360}
[2012.08.03 10:20:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7C91F095-DD1F-4767-A59C-45E366172D73}
[2012.08.03 10:20:03 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BFE3CD26-F768-476B-AB4E-035B4A226ED9}
[2012.08.03 10:19:49 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C1523B29-ACDA-4AF7-A2F6-3156C6EC1478}
[2012.08.03 07:00:36 | 000,969,368 | ---- | C] (Babylon Ltd.) -- C:\Users\Yahia\Desktop\Babylon9_setup.exe
[2012.08.02 22:18:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1288F92D-55B5-4AF7-9A51-4D642E9EEEEC}
[2012.08.02 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8C170C15-BD7B-4869-8C8D-3B837A7F80E2}
[2012.08.02 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A143AA08-D305-4A66-8B45-31FA238FBB42}
[2012.08.02 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{CCEE1E7C-DC3A-4DAC-AC2F-F65B36C9ED53}
[2012.08.02 09:47:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{83D6F901-C925-4728-83CA-9EC086DBEDCE}
[2012.08.02 09:47:22 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{AF286E65-F918-4921-9174-4C7146EFE66E}
[2012.08.02 09:47:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{25E30DF5-0C07-4AA9-93E7-0BE28EB3FFF3}
[2012.08.01 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D60E127F-5F8B-445E-BE4A-A386DB250D1D}
[2012.08.01 21:46:12 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{78C5ABCE-CEB2-4646-9DAA-9636D8EB21DA}
[2012.08.01 08:26:27 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{62027000-D345-4E95-8144-74ED69682E49}
[2012.08.01 08:26:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{10F557E1-FEEE-4D92-AF06-65F9BA7C5FCF}
[2012.07.31 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{50ABB95B-3AE6-4D0C-BD47-321E718F5AED}
[2012.07.31 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{6399F084-FEE5-4754-8B9F-CB1BB7B8AA0A}
[2012.07.31 08:05:53 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{41437DF6-3850-4FEC-A7F8-401667E8E062}
[2012.07.31 08:05:41 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4186686E-C9C7-4C9A-8640-1DB7F8115CB1}
[2012.07.31 08:05:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B571C292-9464-439B-B4ED-D1BC256562DC}
[2012.07.30 20:02:43 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B5C6FA8E-F2C4-4E16-A194-6D58E296430F}
[2012.07.30 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{75F813FC-A354-48FF-A6C6-320869583BAA}
[2012.07.30 08:01:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A426854C-8EC4-40FE-988D-7F5DD602757C}
[2012.07.30 04:11:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Palringo
[2012.07.30 04:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palringo
[2012.07.29 20:01:07 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{FD0365F9-175A-42F9-A996-3038AB8E76B7}
[2012.07.29 20:00:36 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{0BDBB420-2CF0-480C-82A7-5CE1CA41CE85}
[2012.07.29 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1C646F98-F67B-439B-9EC4-22CA9A2FE261}
[2012.07.29 06:50:42 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{339A410F-D3F9-41A9-AE38-CBD20CF786A8}
[2012.07.29 06:50:30 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A2AFE4BB-75CC-4FF2-9355-74B6DA4FFEE5}
[2012.07.29 06:50:18 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C40CE535-6812-4CD0-A139-70013314267D}
[2012.07.29 06:50:05 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8DAFF9E9-430E-4F59-AA02-A1C2E50551A3}
[2012.07.28 18:49:47 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{EE0E51C0-10F9-4D19-8F89-C2460C68376F}
[2012.07.28 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{22CA18DD-033B-4E92-BD94-BC08CAE2C3FB}
[2012.07.28 06:49:19 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4B0405F6-B00F-486A-9E44-96A4C752C46D}
[2012.07.28 06:49:08 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{EAA3F3FA-2190-49EC-B809-1C0B3930C629}
[2012.07.28 06:48:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7E5286B8-4BF4-407F-8E11-84EEA62A76BD}
[2012.07.28 06:48:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1C1D81D1-380E-425E-AE88-D148F6C65581}
[2012.07.27 18:48:05 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B4760DF6-1BC8-4403-AABB-92274F71C7B8}
[2012.07.27 18:47:00 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A783B3E3-050C-4569-B6AF-B9DD7BB88561}
[2012.07.27 11:58:46 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B996EB10-9BEC-4F5F-AA18-48C630530E97}
[2012.07.26 23:49:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{236A9098-C36B-479C-8AE6-925854E3EFFE}
[2012.07.26 23:49:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B60A7FD1-D817-4D95-954F-15ED3B4B7B17}
[2012.07.26 23:46:38 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.07.26 23:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.07.26 23:41:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.07.26 23:40:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.26 23:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.07.26 23:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.07.26 16:52:21 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{2D9F8BCF-50E6-4BE4-AA1B-B214842076F2}
[2012.07.26 16:51:52 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{FBA792FB-276D-4571-B5EB-C998DA747EE2}
[2012.07.26 16:51:36 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{DFA0D7D8-05A1-495F-9A15-82EBB9DE9C80}
[2012.07.26 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{E374012C-B703-4FDC-B13C-7B0CF92E388E}
[2012.07.26 02:43:38 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D2064EC5-52BC-42E8-B4CC-09A6B6B2A50B}
[2012.07.26 02:43:26 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{25B01841-EB11-4A26-96F1-24258F0A4415}
[2012.07.25 14:42:41 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4422EF76-F4D1-4B55-B7E5-4254C19A1D76}
[2012.07.25 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C39A238A-679B-4B07-8CDE-1654BCEC174D}
[2012.07.25 02:18:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{DC5DA61B-3DAD-42D7-BAF3-DF2509DFD26A}
[2012.07.25 02:17:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{97D0D755-E2A1-4AB4-A5A0-AA96E896D67A}
[2012.07.25 02:17:47 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8733D604-5C12-40F3-925C-CEA60B4B15F7}
[2012.07.24 14:17:05 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{45247487-4A6B-460C-AC65-5DB521B6F719}
[2012.07.24 14:16:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C4B92C14-26C0-4595-AB0E-936F11093562}
[2012.07.23 16:09:49 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{85A0D449-3C82-4373-B4A8-E544168AF4B2}
[2012.07.23 16:09:38 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BE9CA443-4D58-405F-A11D-818A0CDB4E9C}
[2012.07.23 16:09:26 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{73FBC1D0-0450-4543-AED7-7FDB5E53BA04}
[2012.07.23 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{69381B03-95B8-4953-9C1F-0BFBA7673A19}
[2012.07.23 04:08:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C1647344-C1A0-4E22-9BCA-D681E387A0C6}
[2012.07.23 04:08:36 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{51C4D296-269C-4D69-A5CD-4841A4E68A92}
[2012.07.23 04:08:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{933818ED-CD77-4725-B4DC-955580D730F1}
[2012.07.23 04:08:12 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{3D2B49C4-4105-47C0-B95C-60F910AB8CE6}
[2012.07.22 16:07:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{06D1ED2C-F0D3-4D04-86EA-ED94AA3FC4EE}
[2012.07.22 16:07:46 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{560252A2-16E5-4EDF-B5D6-2A73ACED3BF7}
[2012.07.22 16:07:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{3C64B2E6-DEA5-4967-9784-3A997CF25A8A}
[2012.07.22 16:07:20 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{94910C7E-AEFF-4ED4-9C74-F106E69C26FD}
[2012.07.22 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{62395136-E8FD-4038-BD12-8769AC1F03E8}
[2012.07.22 03:06:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{446D8950-C4E6-4F6F-9B45-D74F226C67B5}
[2012.07.22 03:06:46 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{67784D1E-77E3-4636-B130-4EDD4F76C1A0}
[2012.07.22 03:06:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{19DE577B-D162-49EB-BD85-ED0A8365FB31}
[2012.07.21 17:48:51 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\sd
[2012.07.21 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5DD3FCF7-A217-44DB-94EB-7ACFE6EB747B}
[2012.07.21 06:18:26 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{9EAFE2DD-C14E-4704-AD53-95E2156E832C}
[2012.07.21 06:17:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{956F5994-547D-46F8-9DF9-E5B1A4C18ECA}
[2012.07.20 12:38:41 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{0123E025-F588-4B9D-BBF1-C626390319F2}
[2012.07.20 12:38:17 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4AC9DABC-3CF6-4166-8296-C61EB2F52B8B}
[2012.07.20 12:37:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D44D9390-2098-4715-98BE-46C0A5FED6A3}
[2012.07.20 12:36:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7382BD5A-894E-4FCF-A573-803ED6F0AC7E}
[2012.07.19 20:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.07.19 13:00:50 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{166D5E31-F480-4764-8651-A2EFB1CE93E8}
[2012.07.19 13:00:39 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{44099E00-731D-471F-AA29-2EC43A40552B}
[2012.07.19 13:00:28 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{2853B45A-5101-4977-A274-BE693F1CE00F}
[2012.07.19 13:00:16 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C39FB423-2DF1-48BF-9EA0-0B0775A8481A}
[2012.07.19 00:59:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{234AD9F4-B138-433D-AC79-8D3A12996646}
[2012.07.19 00:59:37 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{38726207-1422-482C-B16C-58D8C8BC2F66}
[2012.07.19 00:59:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8BEE5514-71F9-4C2D-B16A-9191AB8A8A61}
[2012.07.19 00:59:12 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1C99B0D4-5812-4334-A637-D92B58936E9B}
[2012.07.18 12:58:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BABA9703-1CB9-440C-902F-B532F9905A7E}
[2012.07.18 12:57:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{72E6D32C-5EB2-4A42-9439-70DF63E82BA2}
[2012.07.18 01:08:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\Quran_Complete_by_Abdul-Sammad
[2012.07.18 00:11:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\Quran_Complete_by_Saad_Al-Ghamdi
[2012.07.18 00:07:09 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\Quran_Complete_By_Al-Sudais
[2012.07.17 15:35:22 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{F91CB384-EC4A-41F9-B67B-03B1A597FC06}
[2012.07.17 15:35:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{97A7D110-3088-4DD3-B262-8CDC107C1CF2}
[2012.07.17 15:34:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{75D02C5E-D93B-49DD-BA36-CCF4BC82B670}
[2012.07.17 15:34:47 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D2A9029D-750A-48FF-B549-F1E023412C97}
[2012.07.17 03:34:18 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4ACBE691-4AD1-4841-B564-2F8E586F1AB0}
[2012.07.17 03:34:07 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{66905453-6128-44E6-B45F-2BC4C82B0877}
[2012.07.16 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{99980CAD-26F9-498B-A039-B85D7A752732}
[2012.07.16 15:32:39 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{36BCBC30-A480-46AA-8BB5-54707775BD22}
[2012.07.16 02:30:07 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{51B90EE8-3C8C-4BA8-B18F-6EF16F3F9210}
[2012.07.16 02:29:55 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5526889E-9EFB-4A44-945C-EEA80AE0BCC4}
[2012.07.16 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{744A922C-5514-479C-8414-B0961A2E0ACF}
[2012.07.16 02:29:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D0BFE2AA-9B66-4488-B90F-77B67CF5C1E1}
[2012.07.15 14:29:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{464004E5-E0C6-4930-987C-9988A695976B}
[2012.07.15 14:29:02 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5EB07B2B-1F3B-449D-A14A-FA073DCA075C}
[2012.07.15 02:28:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8FD693AB-84BD-4AFC-BA57-BE67165BCB4C}
[2012.07.15 02:28:22 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D876108C-F362-44B3-A5BF-618112E42CAD}
[2012.07.14 14:27:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{262FBEC5-716C-4340-A56A-AD333C309D2C}
[2012.07.14 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{6D4EB43A-EDF7-4458-BC57-A3D1FD456C94}
[2012.07.14 14:27:22 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{2E69B23B-B4B4-4524-A9DF-13F3BA22DB13}
[2012.07.14 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B690F67D-35D2-480F-BE3C-E96385192970}
[2012.07.14 12:34:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\CloneCD 5.3.1.4 Final.Crack
[2012.07.14 10:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2012.07.14 02:26:40 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{046C8A56-3878-4AFF-B54B-5F58238F1568}
[2012.07.14 02:26:28 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D8F8C2F5-B6BC-4E0F-A9F0-0BEFC39C0230}
[2012.07.14 02:26:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4CC835D1-3459-4FA6-8560-81201D687BF3}
[2012.07.14 02:26:01 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B76F275E-C599-4D92-85F3-03E16977AD71}
[2012.07.13 14:25:43 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{65C7DF0F-53B0-437B-84B8-F20DE8A32BA6}
[2012.07.13 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{ECAED802-D313-4549-B8AD-52118CFE3227}
[2012.07.13 14:25:13 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{70EA2673-3D7A-4C46-8AC0-2F29A7D5CCA3}
[2012.07.13 14:24:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B81011CF-7016-4D37-8A76-65CE7E8B90A6}
[2012.07.13 02:23:50 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{038B4604-8E1C-40F7-8833-B8954299D025}
[2012.07.13 02:23:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BCDEDB82-778F-47E3-82D2-70886E853C27}
[2012.07.13 02:23:17 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{47E24C52-9CFD-4C4F-AF3A-97DFB9AC34C1}
[2012.07.13 02:23:00 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5ADFB1C9-00BE-448D-9E41-0E24D0F62731}
[2012.07.12 21:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012.07.12 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D26D63F4-56CA-490D-985A-CE59DC3654E1}
[2012.07.12 14:22:27 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4AC56F13-5DBF-4310-88AA-145BF9FF65E8}
[2012.07.12 14:22:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BE6D6BAF-9D4C-4435-96E4-7E7ED475BA17}
[2012.07.12 14:22:01 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{07D2FCAB-43D4-45C2-81BB-3A5DA9781354}
[2012.07.12 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5576951B-69FD-4810-B4E3-83F3EEF0A950}
[2012.07.12 14:07:32 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{42D18238-F56B-4F4F-ABB3-02D457EDECD5}
[2012.07.12 13:46:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{2FD5F4B8-EDD0-4A0D-A057-9C4554025334}
[2012.07.11 20:51:49 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C280B903-453B-4BC3-B869-AA0F80073AB8}
[2012.07.11 20:51:20 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7479A320-6498-4D83-AA9B-B4E2E93689C4}
[2012.07.11 20:50:55 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{77EF14B2-7A0A-4566-878F-9B3D55CFA25B}
[2012.07.11 06:51:50 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{92E4C855-AC95-416A-BA92-686DC7498634}
[2012.07.11 06:51:37 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{0BAA9EEB-95C6-4738-AF8B-8D0CA5FFC4B0}
[2012.07.11 06:51:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1D0268E4-EB4C-438F-9D5E-288204993317}
[2012.07.11 06:51:08 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7F5285FF-5F35-4A85-819B-763ED64840E0}
[2012.07.10 19:44:17 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\XBMC
[2012.07.10 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2012.07.10 19:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2012.07.10 17:59:01 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A8839F81-0F0B-4B02-BF76-45D39C02349F}
[2012.07.10 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7C6DFDE0-6EE9-4592-8478-8ACBB8EA4A86}
[2012.07.09 17:58:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A81815AC-C417-4BC3-BD4B-49398319CB4D}
[2012.07.09 17:58:13 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{405B1AAD-EBDF-429F-B36F-8E766AD4676C}
[2012.07.09 17:58:01 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{649B3ABA-E275-4B7B-81BD-15AB90E8844A}
[2012.07.09 17:57:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{EDECA624-2603-4544-821F-365DB1438859}
[2012.07.09 04:54:31 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{DFBB16DC-1044-4904-AE21-0C461DFF5C67}
[2012.07.09 04:54:19 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{44432D08-C21B-4151-872D-90B36C16738F}
[2012.07.09 04:54:07 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A3B5D7B5-BCC2-48AC-9EA7-54459AC6A73D}
[2012.07.08 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{722AC631-6E20-460D-AD51-DA708BA51DCE}
[2012.07.08 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5E3B9E72-6630-4046-81E7-D5E3D330C000}
[2012.07.08 03:16:08 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D431A7BE-1A0A-470D-897A-02BA69509112}
[2012.07.08 03:15:56 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{58AE1222-2AE2-4593-B751-A4CCF8E9F917}
[2012.07.08 03:15:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{9CC61A9A-07B4-4EC1-A061-517C3F699993}
[2012.07.08 03:15:33 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4D71CA1A-6274-44B9-8964-062D99ADD58F}
[2012.07.07 15:14:55 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{47403F87-7CD8-4C84-BD1B-C53DECEBB61C}
[2012.07.07 15:14:02 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{79D21C90-F86F-41CD-9CCA-B254E1A964D7}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Yahia\AppData\Roaming\*.tmp files -> C:\Users\Yahia\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 12:34:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Yahia\Desktop\OTL.exe
[2012.08.06 12:29:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 12:28:56 | 3193,769,984 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.06 12:24:31 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 11:32:08 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 11:32:07 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 11:31:35 | 103,105,639 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.08.06 06:58:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 06:46:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-799653249-3173222804-4025605599-1001UA.job
[2012.08.06 04:16:34 | 000,521,709 | ---- | M] () -- C:\Users\Yahia\Desktop\yahia2222.jpg
[2012.08.06 02:57:23 | 000,022,145 | ---- | M] () -- C:\Users\Yahia\Desktop\me.jpg
[2012.08.05 13:38:12 | 000,566,478 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.08.05 07:46:03 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-799653249-3173222804-4025605599-1001Core.job
[2012.08.04 11:43:04 | 000,053,647 | ---- | M] () -- C:\Users\Yahia\Desktop\Karma.eBay.pdf
[2012.08.04 10:45:23 | 000,696,284 | ---- | M] () -- C:\Users\Yahia\Desktop\PPD Domination.rar
[2012.08.03 07:00:38 | 000,969,368 | ---- | M] (Babylon Ltd.) -- C:\Users\Yahia\Desktop\Babylon9_setup.exe
[2012.08.02 22:25:21 | 000,002,449 | ---- | M] () -- C:\Users\Yahia\Desktop\Google Chrome.lnk
[2012.07.31 22:22:16 | 000,442,512 | ---- | M] () -- C:\Users\Yahia\Desktop\IMG_20120731_210415.jpg
[2012.07.29 20:03:42 | 000,234,993 | ---- | M] () -- C:\Users\Yahia\Desktop\Earn money with tumblr porn blog Easy and Fun.pdf
[2012.07.29 09:39:33 | 003,180,146 | ---- | M] () -- C:\Users\Yahia\Desktop\Google_Images.pdf
[2012.07.28 20:31:24 | 000,445,009 | ---- | M] () -- C:\Users\Yahia\Desktop\IMG_20120514_154539.jpg
[2012.07.28 02:55:53 | 000,014,462 | ---- | M] () -- C:\Users\Yahia\Desktop\521969_177598859027788_1204092112_n.jpg
[2012.07.27 05:35:55 | 000,004,536 | ---- | M] () -- C:\Users\Yahia\Desktop\p.jpg
[2012.07.26 08:04:36 | 000,103,265 | ---- | M] () -- C:\Users\Yahia\Desktop\weenies_failproof_method.pdf
[2012.07.26 07:22:23 | 000,014,780 | ---- | M] () -- C:\Users\Yahia\Desktop\336840422.jpg
[2012.07.24 01:30:47 | 000,062,671 | ---- | M] () -- C:\Users\Yahia\Desktop\IMG-20120717-WA0003.jpg
[2012.07.22 11:43:18 | 1201,871,052 | ---- | M] () -- C:\Users\Yahia\Desktop\Quran_Complete_By_Al-Sudais.rar
[2012.07.22 04:17:08 | 2615,315,353 | ---- | M] () -- C:\Users\Yahia\Desktop\Quran_Complete_by_Abdul-Sammad.rar
[2012.07.21 20:16:18 | 000,000,501 | ---- | M] () -- C:\Users\Yahia\Desktop\import.REG
[2012.07.21 19:12:23 | 3402,956,854 | ---- | M] () -- C:\Users\Yahia\Desktop\Sar.rar
[2012.07.21 17:20:38 | 1051,286,133 | ---- | M] () -- C:\Users\Yahia\Desktop\sarah.rar
[2012.07.21 17:11:04 | 000,020,313 | ---- | M] () -- C:\Users\Yahia\Desktop\DSC16367854.jpg
[2012.07.18 02:16:26 | 2846,592,934 | ---- | M] () -- C:\Users\Yahia\Desktop\Quran_Complete_by_Saad_Al-Ghamdi.rar
[2012.07.17 02:42:33 | 000,036,876 | ---- | M] () -- C:\Users\Yahia\Desktop\ane.jpg
[2012.07.15 14:25:08 | 000,141,068 | ---- | M] () -- C:\Users\Yahia\Desktop\penis.jpg
[2012.07.14 10:53:55 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2012.07.14 01:40:23 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 01:32:11 | 000,000,048 | ---- | M] () -- C:\Users\Yahia\AppData\Local\YAHIA-PC.cfg
[2012.07.13 06:15:42 | 000,303,616 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2012.07.13 06:15:37 | 000,035,328 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2012.07.12 21:19:36 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.07.12 14:13:36 | 002,916,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 15:13:54 | 000,040,185 | ---- | M] () -- C:\Users\Yahia\Desktop\buli.jpg
[2012.07.09 18:34:35 | 001,002,344 | ---- | M] () -- C:\Users\Yahia\Desktop\img022.jpg
[2012.07.09 18:10:33 | 001,037,769 | ---- | M] () -- C:\Users\Yahia\Desktop\img021.jpg
[2012.07.07 21:27:34 | 000,021,493 | ---- | M] () -- C:\Users\Yahia\Desktop\pic.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Yahia\AppData\Roaming\*.tmp files -> C:\Users\Yahia\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.06 04:16:33 | 000,521,709 | ---- | C] () -- C:\Users\Yahia\Desktop\yahia2222.jpg
[2012.08.06 02:53:42 | 000,022,145 | ---- | C] () -- C:\Users\Yahia\Desktop\me.jpg
[2012.08.04 11:43:01 | 000,053,647 | ---- | C] () -- C:\Users\Yahia\Desktop\Karma.eBay.pdf
[2012.08.04 10:45:11 | 000,696,284 | ---- | C] () -- C:\Users\Yahia\Desktop\PPD Domination.rar
[2012.07.31 22:22:10 | 000,442,512 | ---- | C] () -- C:\Users\Yahia\Desktop\IMG_20120731_210415.jpg
[2012.07.29 20:03:36 | 000,234,993 | ---- | C] () -- C:\Users\Yahia\Desktop\Earn money with tumblr porn blog Easy and Fun.pdf
[2012.07.29 09:37:38 | 003,180,146 | ---- | C] () -- C:\Users\Yahia\Desktop\Google_Images.pdf
[2012.07.28 20:31:18 | 000,445,009 | ---- | C] () -- C:\Users\Yahia\Desktop\IMG_20120514_154539.jpg
[2012.07.28 02:56:16 | 000,014,462 | ---- | C] () -- C:\Users\Yahia\Desktop\521969_177598859027788_1204092112_n.jpg
[2012.07.27 05:35:50 | 000,004,536 | ---- | C] () -- C:\Users\Yahia\Desktop\p.jpg
[2012.07.26 23:44:33 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.07.26 23:43:34 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.07.26 23:42:13 | 000,001,418 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.07.26 08:04:33 | 000,103,265 | ---- | C] () -- C:\Users\Yahia\Desktop\weenies_failproof_method.pdf
[2012.07.26 07:22:19 | 000,014,780 | ---- | C] () -- C:\Users\Yahia\Desktop\336840422.jpg
[2012.07.24 01:30:42 | 000,062,671 | ---- | C] () -- C:\Users\Yahia\Desktop\IMG-20120717-WA0003.jpg
[2012.07.22 04:21:43 | 1201,871,052 | ---- | C] () -- C:\Users\Yahia\Desktop\Quran_Complete_By_Al-Sudais.rar
[2012.07.22 03:40:34 | 2615,315,353 | ---- | C] () -- C:\Users\Yahia\Desktop\Quran_Complete_by_Abdul-Sammad.rar
[2012.07.21 20:16:18 | 000,000,501 | ---- | C] () -- C:\Users\Yahia\Desktop\import.REG
[2012.07.21 18:34:42 | 3402,956,854 | ---- | C] () -- C:\Users\Yahia\Desktop\Sar.rar
[2012.07.21 17:46:41 | 003,182,498 | ---- | C] () -- C:\Users\Yahia\Documents\souria ya 7abebaty.mp3
[2012.07.21 17:11:45 | 1051,286,133 | ---- | C] () -- C:\Users\Yahia\Desktop\sarah.rar
[2012.07.21 17:11:04 | 000,020,313 | ---- | C] () -- C:\Users\Yahia\Desktop\DSC16367854.jpg
[2012.07.18 01:39:37 | 2846,592,934 | ---- | C] () -- C:\Users\Yahia\Desktop\Quran_Complete_by_Saad_Al-Ghamdi.rar
[2012.07.17 02:42:33 | 000,036,876 | ---- | C] () -- C:\Users\Yahia\Desktop\ane.jpg
[2012.07.15 14:25:08 | 000,141,068 | ---- | C] () -- C:\Users\Yahia\Desktop\penis.jpg
[2012.07.14 10:53:55 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2012.07.14 10:37:41 | 000,000,296 | ---- | C] () -- C:\Key.CloneCD
[2012.07.14 01:32:11 | 000,000,048 | ---- | C] () -- C:\Users\Yahia\AppData\Local\YAHIA-PC.cfg
[2012.07.12 21:19:36 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.07.12 21:19:35 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012.07.11 15:13:54 | 000,040,185 | ---- | C] () -- C:\Users\Yahia\Desktop\buli.jpg
[2012.07.09 18:12:40 | 001,002,344 | ---- | C] () -- C:\Users\Yahia\Desktop\img022.jpg
[2012.07.09 18:07:03 | 001,037,769 | ---- | C] () -- C:\Users\Yahia\Desktop\img021.jpg
[2012.07.07 21:27:34 | 000,021,493 | ---- | C] () -- C:\Users\Yahia\Desktop\pic.jpg
[2012.01.03 09:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2011.09.09 18:27:47 | 000,000,001 | ---- | C] () -- C:\ProgramData\flagposition.out
[2011.08.05 02:03:43 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nmapserv.exe
[2011.08.05 02:03:42 | 000,452,096 | ---- | C] () -- C:\Windows\SysWow64\nmap.exe
[2011.07.22 13:29:06 | 000,097,160 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.06.09 04:17:09 | 000,000,013 | ---- | C] () -- C:\Users\Yahia\AppData\Roaming\urhtps.dat
[2011.04.14 04:53:49 | 000,000,120 | ---- | C] () -- C:\Users\Yahia\AppData\Local\Gwiloguqu.dat
[2011.04.14 04:53:49 | 000,000,000 | ---- | C] () -- C:\Users\Yahia\AppData\Local\Xjetafo.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.25 21:26:25 | 000,105,292 | ---- | C] () -- C:\Windows\restart.exe
[2010.09.01 00:12:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2009.12.20 12:19:09 | 000,001,587 | ---- | C] () -- C:\Users\Yahia\.recently-used.xbel
[2009.11.17 23:08:48 | 000,000,123 | ---- | C] () -- C:\Users\Yahia\AppData\Roaming\burnaware.ini
[2009.11.03 08:04:10 | 000,011,264 | ---- | C] () -- C:\Users\Yahia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002.07.01 16:13:30 | 000,000,243 | -HS- | C] () -- C:\ProgramData\system16driver.dat
 
========== LOP Check ==========
 
[2009.10.16 05:53:08 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\.ABC
[2010.06.03 23:32:01 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\4BF6A55B4842BB8C1B483A5DF7A54EAC
[2011.06.08 20:59:45 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\5016
[2012.07.13 21:43:02 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\abgx360
[2011.07.20 18:19:10 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Abolnu
[2011.04.23 14:40:33 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Absolute Poker
[2011.07.29 07:48:27 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\AVG10
[2010.11.12 00:43:25 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Avnex
[2009.09.27 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Betraiser
[2011.07.22 13:36:39 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\BitDefender
[2012.07.13 06:31:52 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\BOM
[2012.02.17 21:35:03 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\CasinoOnNet
[2010.03.30 12:27:40 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\DAEMON Tools Lite
[2010.03.09 05:40:57 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\DAEMON Tools Pro
[2009.09.24 00:27:18 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\DeepBurner
[2011.12.11 20:00:38 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\EPSON
[2011.06.12 22:57:35 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ESET
[2012.07.22 11:32:06 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\FileZilla
[2010.08.25 10:05:37 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Foxit Software
[2009.12.20 12:19:15 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\gtk-2.0
[2012.08.06 06:56:04 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\hellomoto
[2012.08.02 22:41:35 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ICQ
[2009.12.10 00:31:05 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ImgBurn
[2009.09.24 20:21:17 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\IrfanView
[2011.06.08 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\kock
[2009.12.22 02:48:44 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Leadertech
[2012.06.18 16:47:58 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Lern-o-Mat
[2011.01.31 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ManyCam
[2009.11.17 20:57:26 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\MessengerDiscovery 2
[2011.04.08 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Microgaming
[2011.05.05 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\mkvtoolnix
[2011.10.27 03:35:25 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Notepad++
[2009.10.29 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\OpenOffice.org
[2011.12.23 21:32:12 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\PacificPoker
[2010.09.09 04:56:08 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Paltalk
[2011.07.31 01:27:15 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\PC Suite
[2009.10.17 00:39:32 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Pharaohs Secret
[2011.04.05 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\pokerth
[2011.07.22 13:30:00 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\QuickScan
[2011.08.28 21:57:39 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Samsung
[2010.05.20 10:33:23 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ScummVM
[2010.12.05 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\SlySoft
[2010.02.21 10:36:26 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Sony
[2010.02.21 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Sony Setup
[2011.04.22 13:52:20 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\SparVoip
[2010.03.30 11:57:51 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Sports Interactive
[2009.10.13 03:08:45 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\StoneLoops
[2010.07.10 18:03:13 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1
[2012.01.21 23:10:50 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\TeamViewer
[2010.08.16 14:30:45 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\temp
[2010.07.22 15:12:15 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Tific
[2011.06.08 21:43:01 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\UAs
[2012.07.19 01:13:41 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\uTorrent
[2010.12.01 02:38:07 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\VoipBuster
[2010.12.01 02:50:59 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\VoipCheapCom
[2010.03.01 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\VoipStunt
[2010.01.23 10:34:29 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Weaverslave
[2011.07.20 18:25:30 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Wobo
[2012.07.10 20:04:49 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\XBMC
[2011.10.18 20:03:52 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\xmldm
[2012.03.16 17:49:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.07.31 01:49:20 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.04.03 01:25:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.26 01:02:39 | 000,000,000 | ---D | M] -- C:\Betfair JPC
[2009.09.22 12:29:53 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.03.12 21:56:27 | 000,000,000 | ---D | M] -- C:\Casino
[2012.07.30 06:44:05 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.22 02:39:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.10 17:50:26 | 000,000,000 | -HSD | M] -- C:\found.000
[2009.09.22 23:55:12 | 000,000,000 | ---D | M] -- C:\Intel
[2012.02.20 17:13:59 | 000,000,000 | ---D | M] -- C:\Microgaming
[2011.08.01 11:17:04 | 000,000,000 | ---D | M] -- C:\Nexon
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.01.23 10:34:14 | 000,000,000 | ---D | M] -- C:\phpkid
[2012.06.28 20:34:00 | 000,000,000 | ---D | M] -- C:\Poker
[2011.04.23 14:37:35 | 000,000,000 | ---D | M] -- C:\Poker Application
[2012.08.06 11:30:30 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.08.05 10:45:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.07.09 16:22:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.09.22 02:39:49 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.13 06:56:01 | 000,000,000 | ---D | M] -- C:\Programs
[2009.09.22 02:39:50 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.13 18:19:32 | 000,000,000 | ---D | M] -- C:\RedKings JPC
[2010.07.22 01:32:51 | 000,000,000 | ---D | M] -- C:\SIERRA
[2012.07.28 01:10:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.12.05 04:04:39 | 000,000,000 | ---D | M] -- C:\Team17
[2011.06.07 16:53:35 | 000,000,000 | ---D | M] -- C:\Temp
[2009.11.09 02:32:05 | 000,000,000 | R--D | M] -- C:\Users
[2010.02.15 04:18:42 | 000,000,000 | ---D | M] -- C:\usf
[2011.01.02 09:18:12 | 000,000,000 | ---D | M] -- C:\UT2004
[2012.07.26 23:46:38 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2009.12.20 12:19:09 | 000,001,587 | ---- | M] () -- C:\Users\Yahia\.recently-used.xbel
[2012.08.06 12:39:49 | 010,223,616 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT
[2012.08.06 12:39:49 | 000,262,144 | -HS- | M] () -- C:\Users\Yahia\ntuser.dat.LOG1
[2009.09.22 02:40:12 | 000,000,000 | -HS- | M] () -- C:\Users\Yahia\ntuser.dat.LOG2
[2009.09.22 02:59:07 | 000,065,536 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.09.22 02:59:07 | 000,524,288 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.09.22 02:59:07 | 000,524,288 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.09.22 02:40:12 | 000,000,020 | -HS- | M] () -- C:\Users\Yahia\ntuser.ini
[2011.09.20 17:04:20 | 000,000,000 | ---- | M] () -- C:\Users\Yahia\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Files - Unicode (All) ==========
[2012.04.27 22:51:49 | 000,000,076 | ---- | M] ()(C:\Users\Yahia\Desktop\???? ??? ???.html) -- C:\Users\Yahia\Desktop\رامز ابو خرا.html
[2012.02.27 00:04:13 | 000,000,076 | ---- | C] ()(C:\Users\Yahia\Desktop\???? ??? ???.html) -- C:\Users\Yahia\Desktop\رامز ابو خرا.html
[2011.11.18 21:05:46 | 000,480,056 | ---- | M] ()(C:\Users\Yahia\Desktop\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_18_11_2011@20_04_55.wav) -- C:\Users\Yahia\Desktop\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_18_11_2011@20_04_55.wav
[2011.11.18 21:05:46 | 000,480,056 | ---- | C] ()(C:\Users\Yahia\Desktop\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_18_11_2011@20_04_55.wav) -- C:\Users\Yahia\Desktop\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_18_11_2011@20_04_55.wav
[2011.01.05 13:44:20 | 000,473,656 | ---- | M] ()(C:\Users\Yahia\Documents\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_05_01_2011@12_28_23.wav) -- C:\Users\Yahia\Documents\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_05_01_2011@12_28_23.wav
[2011.01.05 13:44:20 | 000,473,656 | ---- | C] ()(C:\Users\Yahia\Documents\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_05_01_2011@12_28_23.wav) -- C:\Users\Yahia\Documents\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_05_01_2011@12_28_23.wav
[2011.01.05 13:44:13 | 000,416,056 | ---- | M] ()(C:\Users\Yahia\Documents\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_05_01_2011@12_35_12.wav) -- C:\Users\Yahia\Documents\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_05_01_2011@12_35_12.wav
[2011.01.05 13:44:13 | 000,416,056 | ---- | C] ()(C:\Users\Yahia\Documents\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_05_01_2011@12_35_12.wav) -- C:\Users\Yahia\Documents\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_05_01_2011@12_35_12.wav
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >
         
--- --- ---

Die Extra Logfile ist irgendwie verschwunden und ich finde die nicht mehr -.-
Ist sie denn notwendig oder reicht das erstmal?
Kann man die irgendwo wiederfinden?
__________________

Alt 06.08.2012, 12:34   #4
Desert90
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



Hab die Extra Datei doch.
Muss leider ein neuen Post erstellen weil die auch zu lange ist und passt nicht in ein Post:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.08.2012 12:35:39 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Yahia\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,26 Gb Available Physical Memory | 82,12% Memory free
7,93 Gb Paging File | 7,29 Gb Available in Paging File | 91,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 52,95 Gb Free Space | 17,76% Space Free | Partition Type: NTFS
Drive D: | 9,00 Mb Total Space | 5,24 Mb Free Space | 58,27% Space Free | Partition Type: NTFS
 
Computer Name: YAHIA-PC | User Name: Yahia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0445B75C-BD2B-484E-8D06-2C4842F98BEA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{07AB8B0D-36C9-44EF-BC44-D731E5669A1B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0B2E7DAC-7647-466E-BAA2-9D0FFE61F250}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{0F81791E-BB99-41BF-8BFB-B2C67D1043EA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0FF5BDEF-6E5A-40D8-A80F-CA89008D3A07}" = rport=137 | protocol=17 | dir=out | app=system | 
"{15B299D4-7E01-4064-B9C4-91A5EAF15C4B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D3B279E-DA59-4658-9EDC-4DB22602B0F3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2085200E-28A2-4D59-8259-B642D20FB24F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20B65218-9C34-4CEC-AB2B-7CE2DFC35BD2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2369A081-3756-44B2-9D53-98F8AB6AA994}" = lport=57941 | protocol=6 | dir=in | name=pando media booster | 
"{2421EBF1-CBA6-4B19-941E-C74710F41626}" = lport=445 | protocol=6 | dir=in | app=system | 
"{251C6917-FBA1-4D5D-80F4-90B992BCD130}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{2CCB3B1C-8092-4BCC-982E-B00D3F89DE88}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2DA2A0E2-2C5B-4601-AEB4-A670991822E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{36D1E2EB-6A19-4E8B-B578-CC38A95E7E7A}" = lport=56892 | protocol=17 | dir=in | name=pando media booster | 
"{44166B80-D1A5-49C1-9F82-619C3105829C}" = lport=56892 | protocol=6 | dir=in | name=pando media booster | 
"{50CB0492-9859-4214-90E4-3C2C597AA79D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{54BC19A3-2731-4EFA-99A5-C8B78A0F1124}" = lport=56892 | protocol=6 | dir=in | name=pando media booster | 
"{6477B067-735C-4C6D-B98E-15B787471A7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65CE6C92-42F2-453E-A05E-536B8580C2B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73C4E78F-089F-45DF-964D-5DB9B31B387D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75DAD874-8A7E-4EF9-A110-F24D4A1A29EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{77C5CF8C-790A-428A-9822-4ED4F32492FA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7AE99D17-8B08-4F84-8F35-A02DA7E728D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7EC8758A-ED4A-4213-99FE-5366D369BF8C}" = lport=56892 | protocol=17 | dir=in | name=pando media booster | 
"{878BA028-8ECE-4E30-8620-D55D49C87CDF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8ECDF3E1-CE8A-414D-B724-6D3EF58B7661}" = lport=57941 | protocol=17 | dir=in | name=pando media booster | 
"{9013DD22-525C-416F-8814-6D4CB734D8A2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{924951B4-1ED4-48DC-8A87-16096523BC72}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{93FF78F0-67A2-44A4-8951-D3BE4235C1E5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9544F285-2BD2-4D4C-A2DE-78CE1C6E218C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{973B160A-18C9-4B54-B9C3-722EB92D48E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A97E23F-5DA7-4B59-8339-998C9C1BCF88}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BB24774C-590C-4E93-8EB3-E0BE6983D269}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BC9573D1-298D-4AF8-891A-81031A82172B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C3143E4C-BBF1-4B82-A38F-7FD7DF84AABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D100BDC8-1666-46D7-89B9-A893468B51CF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D3A7E4EE-514F-4DF5-B724-706618158067}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D5E0F4C1-16ED-419C-9E58-A84B680CEEA8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D637F99A-5333-490C-A507-644BB7A3DFB6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F5BEA72B-0C96-4124-AFC1-42B2C10AE374}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F703DFB2-5FBD-4757-8EFA-3227D34F21EC}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B45D25-8A76-436C-AEFF-A552BCC53B59}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{031BD252-7BC5-4253-835B-03F846352F1B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{06AC5EE1-A01C-406C-819A-280229BEA880}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{0CC70176-74A7-4357-8D86-D26A56D83259}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0D0B4341-5B3C-40DF-99C2-588979489B52}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0D6D3CC4-F296-4A5F-A02D-8874DB5E9011}" = protocol=6 | dir=out | app=system | 
"{0F24377A-A3B2-4A5F-AA00-062C6C8ED202}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{1037BF77-D6E8-4F56-B2D1-7108DFB81E99}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{11559A5A-A5E7-4E74-8DA6-E72C304FEBCF}" = protocol=17 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe | 
"{17406F65-8A58-4992-87B2-C3DF808BEF46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{18B3E30D-D242-45E8-909C-78F1D88EA7B3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{1A6770B9-72FA-4C37-A905-F30E0A8A1755}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{1BA5A4F4-8E68-40F9-9BF3-6CED005D100A}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe | 
"{1E211A7D-5663-45A1-B42C-4AD503740E6F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{1F85D470-E2E3-426F-ADD6-7694A5DA1ACD}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{22884BC2-635E-46AA-A491-58D98246DDD0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{25D2F567-BD98-4810-8607-F0C799AF8B99}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{2AC5AE88-1D85-4FDF-BBC7-7CDD1A69BFB7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{2C34A84D-8E4F-408C-9AA4-41166D6D44E1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{2DABB980-B6EA-4B2E-AFA1-239EBD8D5D32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2ED5DA90-4972-4271-AF86-8B9485BEA322}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{3D02AD43-2EC2-464F-9378-E66137C902A6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{4343BA95-48C0-42E4-B4F3-0CE7DFA27B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{48FC7940-6D7B-4513-B719-503973A04E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{4CACECC5-80D1-4B0E-8C47-896B9FB1E1E8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4EFBFA8C-6162-4878-A122-6AC4FE31E604}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52486898-8EE8-4CAD-81DF-5F07916EEE54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5519E4D3-1E48-476C-870B-8EAB59040B18}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{5C25C10E-98F4-4FCC-BA8E-FF03A7A523BF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{5C547EF6-A661-47AC-BB58-C0A1F798D134}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{5E5AAA25-72E0-47C7-B3ED-ABF5FEE1C31D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{60EAC052-B184-48C0-978C-DF583FEA6192}" = protocol=6 | dir=in | app=c:\program files (x86)\sparvoip.de\sparvoip\sparvoip.exe | 
"{611DFD46-954B-4F9B-BDA6-766BD0A72FD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{65A45144-9CE1-465D-814D-14AB9907A33A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6DA1B26C-AFD4-4769-955F-CA2B7AB72695}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F35AD37-1A14-4239-AF6F-E62684BEDA62}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe | 
"{704CE0D0-D90C-40AF-8740-A25F0FA3D3C0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{737B04D0-B5C5-4311-A8A8-4B83596A3E10}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{73E65259-8700-4463-A592-FA5271BC9807}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{7723B42F-83C3-43B2-98A0-2DF0CFEBA888}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{79B2E33B-6A46-45A8-B8D1-717B79136CE4}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{7FBA304F-2122-4F6E-A5D1-7329060F59CC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{83E2C78C-3585-4AA9-B846-A904AF3F0E49}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8AA717FF-0F70-4B83-AC37-E408450A1230}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{8E08E903-F5CC-45E0-B8EA-D4DAD6753A15}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{90D32B87-81CE-4863-822F-54C4C1D47745}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{920E0066-15F8-459E-B991-83C9BE4F6338}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"{94152AB5-193D-4153-BD44-D50766A97336}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{94169E5D-481A-4BC5-BAF8-3EE43DD8250F}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{96900142-96D8-40F9-BB67-480D390E7DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{97BD11B1-F592-462C-B990-A97D1BD99422}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9949FFEB-75DB-4FC8-8C55-B5EDEF3519CB}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2009\fm.exe | 
"{9F61A96F-61FC-4D8B-B073-1DB565AEC251}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A0DAD4DE-BF9C-401D-ADC1-8E90E6A74C6D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{A5CF4DB5-E536-430F-BFB9-7C648CB7966A}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe | 
"{A6BE591A-716E-4774-8FAA-CDFDE038CCBD}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe | 
"{A706DFED-EBAA-45BA-8D16-761D75C03CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{A87249BC-D9E8-486E-A206-DA1FA145ADAA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{A8F442C3-BB7D-4407-881B-FD1DE30B2440}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{AC54239E-6EA9-4849-864C-CAAA1142AD02}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{AD50F690-332A-4225-A42A-9A2966DB53C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{AE03AD7B-1ECD-43B4-AF97-FE730F35F9AB}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe | 
"{B02407ED-0B21-46AD-885D-084F7C683D50}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B3574082-A788-4DC0-B28B-2889AB3BE064}" = protocol=17 | dir=in | app=c:\program files (x86)\sparvoip.de\sparvoip\sparvoip.exe | 
"{B381A9A7-68D5-4593-B990-1D2973D16A89}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{BE4E23AA-39BA-49F2-A0E8-C1019F57C09A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BF90A388-3CEE-49C6-806A-8C42722B701A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{BFD807ED-B05E-4199-B7AB-DF031E68243A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BFFE0378-26A0-490D-A49E-639DDCF14453}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{C275E693-55DE-4F82-BAEA-BE935EC01DC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C4067050-6E59-43B5-80D5-B707735218ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CB79DE5B-8995-49B1-9A11-518C61507BAD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CD3F69F6-D4D3-458D-A34C-4C36739045ED}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe | 
"{D24CB0E0-4DE7-4644-95C3-0406F28D445C}" = protocol=6 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe | 
"{D291AD79-E153-4DFC-BA4C-43EE5B856D43}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe | 
"{D83CAA74-0F0C-49D9-88F7-CD460D83C66B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAD02018-953D-4BF3-813A-4545808BA822}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2009\fm.exe | 
"{DDB5AE5F-15C7-4638-9417-856BC14FE850}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DE3A0045-8189-4061-BD2F-F8E837A313CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EFA78EED-130C-444E-AB71-4B7C2CF24202}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | 
"{F08519E0-999A-40F4-A5A3-A87190A5E4A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F65B7715-92DB-4A0A-8BE3-420C67E3EAF6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F9521EC0-1760-4344-AD76-A995288FF88A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FC616B65-E5FE-4000-ACAC-AB09E5446A6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FE006EB0-EDA7-4D7E-A29C-902AB6628F01}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{1B4DEB6C-463F-49D2-AAEF-36F93329C519}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{1C3F4A72-0AB3-40B8-978F-A7DF9C95BE2D}C:\program files (x86)\zbattle.net\zbattle.net.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zbattle.net\zbattle.net.exe | 
"TCP Query User{2909E1E6-75FD-4DB9-B28B-C5F61558B000}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{50259529-DA3F-4D01-8861-F5A46EEE258B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{53818D93-4931-478F-BF1A-69F8C87780D2}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{5607CD25-2617-401F-BE6F-E84C33535AF9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{5B8DA503-B1B4-46CB-959D-979A14AD1CF4}C:\program files (x86)\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cain\cain.exe | 
"TCP Query User{5DE5A2D6-77C7-4E20-91B2-75BAE9DB297C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{65F392C2-8BE5-4A1F-84CF-350890C01241}C:\users\gast\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{70F24F6F-9F12-40CB-ADBB-003F4CB63255}C:\casino\casinoclub\casino.exe" = protocol=6 | dir=in | app=c:\casino\casinoclub\casino.exe | 
"TCP Query User{7260F15F-ABE0-468B-AFBC-EE446AE1F329}C:\program files (x86)\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe | 
"TCP Query User{76BD267D-57E1-46D2-A787-E33964EAD1D3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{76EDDE69-A3B7-4652-92E8-7417E93D8B32}C:\program files (x86)\net tools\ircserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\ircserver.exe | 
"TCP Query User{85DB01C3-0A8D-44BF-A288-BFBB84D5E0BE}C:\users\yahia\desktop\zbattle\zsnesw.exe" = protocol=6 | dir=in | app=c:\users\yahia\desktop\zbattle\zsnesw.exe | 
"TCP Query User{8619F0A9-0721-459C-8C07-C8E474086158}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"TCP Query User{88FBBF9E-6D41-4E95-B6AA-B99E943B1211}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
"TCP Query User{8F4A102B-E9F9-47BD-B42C-DC90BDE49B96}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe | 
"TCP Query User{96949CB0-9412-4C3A-A182-DD88883F4C43}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{98D7C299-AE3E-4D88-9FD3-AD184AD1D7EF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{9AA6B252-410D-496A-A965-C8B930B3CC5F}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe | 
"TCP Query User{A99F3446-CE61-49AA-BE2F-4EADF5328811}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{ACA3D7CB-7494-495B-9F49-626596B18998}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{C28CBDC0-2DDF-424E-92C8-4AA960715B4F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{C4AADFB5-A651-4354-836A-BBD7E0A7BD26}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{C91F30BF-1045-4064-AB91-95B60A5A8695}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{D831B9F5-514C-42A8-B2B1-12240BC05C2A}C:\program files (x86)\google\google earth pro\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth pro\googleearth.exe | 
"UDP Query User{122FCECD-196B-44DF-B575-CF6F1A86F316}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe | 
"UDP Query User{14AD7B9E-29DE-4C7D-A04B-B83B25603DE7}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{26620F5C-F3D4-4061-9E92-5DD901978ED9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{29E0DBFF-5215-42D8-9CF3-25F3C79DF548}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{4AAB92E1-C6CE-41C4-ACC7-AC4D1ED525E2}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{4EC78529-E98C-4F8C-9F1B-AECB3F5F9CD3}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{4F5A55E6-5DB6-4964-A621-1A41752743C5}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{508BAC2A-6E1C-4C42-ACDC-14CECE2387F7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{56431449-3DB7-4A48-B6D5-6905ED2038D3}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
"UDP Query User{6A363C60-F4EB-4246-BAA4-89B52C7E2EF7}C:\casino\casinoclub\casino.exe" = protocol=17 | dir=in | app=c:\casino\casinoclub\casino.exe | 
"UDP Query User{6F52DC0F-721A-4D21-95AC-8AC3A975EF3B}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe | 
"UDP Query User{75C80C0D-B35B-41F8-B71F-8E07A79CCD99}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{8356504D-67FF-472B-B4B2-BAE13010A6A3}C:\program files (x86)\net tools\ircserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\ircserver.exe | 
"UDP Query User{8DEEBC79-2D89-4D92-8E68-FBB79CC1C901}C:\program files (x86)\google\google earth pro\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth pro\googleearth.exe | 
"UDP Query User{8DFA94F2-1B40-4CF3-B191-E9F45A11CDB0}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{90DFA3B7-F7ED-434D-B294-2B5DA35514D9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{999A2C94-E6AF-4864-84C6-5CB844A7A6F8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{9E953FD9-0F56-4328-970B-D47D5EFCABCF}C:\users\yahia\desktop\zbattle\zsnesw.exe" = protocol=17 | dir=in | app=c:\users\yahia\desktop\zbattle\zsnesw.exe | 
"UDP Query User{A30405E0-CFF2-4A6B-9554-DA8DE8EC5F9E}C:\program files (x86)\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cain\cain.exe | 
"UDP Query User{AFD0209D-CEDD-45B9-8399-21A43CDFD708}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{DA9899CF-4EFF-4B71-AA35-CDCFB5F4BBAC}C:\program files (x86)\zbattle.net\zbattle.net.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zbattle.net\zbattle.net.exe | 
"UDP Query User{E10018B4-0629-4003-B0D4-D35FF0897157}C:\users\gast\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{E26191B2-B44C-4C2F-B8A2-F55346EA3757}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"UDP Query User{F63F8EBE-F56D-4CA7-A08D-DE40C0C83912}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{F757C84E-EE01-47DE-9608-B1A87F35BBBE}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{FBE62B94-2D70-44D6-B735-F79B8A3F632B}C:\program files (x86)\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{7D4CEDA5-DF94-45A1-A893-C8779C781236}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EA9D3111-5B72-4B44-9DC0-9D76EEA2329F}" = SmartFTP Client
"{EADFC7AB-08FD-4D14-A5EC-898B1693BFDB}" = SmartFTP Client German (Germany) MUI
"AVG" = AVG 2011
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{101A21B2-E102-4F64-A7FA-CEF7182D0E2D}" = SCL011 Contactless Reader
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24EEBC42-E244-452E-81C8-7998CAD9F6C3}" = Lern-o-Mat
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{293c8461-5817-46ce-936e-6d326e961de0}" = Casino Titan
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66FDDF31-084D-49D7-99C2-0D3FE8A27763}_is1" = Dungeon Keeper Complete Collection
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{88D047FF-73DD-44B9-A3D5-59CA93C28333}" = Ticketinfo
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{aa87f2f2-911b-440b-be0a-7d086651d8ff}" = Club World Euro German
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3D-Fahrschule" = 3D-Fahrschule
"5513-1208-7298-9440" = JDownloader 0.9
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"888casino" = 888casino
"888poker" = 888poker
"ABC" = ABC (remove only)
"abgx360" = abgx360 v1.0.6
"Access 97rt PAN EURO G" = Access 97rt PAN EURO G
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe
"Athan" = Athan Basic 4.2
"Atlantis Quest" = Atlantis Quest (remove only)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"bet365poker" = Poker at bet365
"Betfair Poker JPC_is1" = Betfair Poker JPC 1.0.0
"BGroom" = BGroom
"Cain & Abel v4.9.41" = Cain & Abel v4.9.41
"Cake Poker 2.0" = Cake Poker 2.0
"Call of Atlantis 1.00" = Call of Atlantis 1.00
"Camera" = SPYC@M 300 VOICE
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"CloneCD" = CloneCD
"CodInstl" = Intel A/V Codecs V2.0
"conduitEngine" = Conduit Engine
"Counter-Strike 1.6" = Counter-Strike 1.6
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Debut" = Debut Video Capture Software
"DF CrcSfv_is1" = DF CrcSfv 1.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DriverTools" = DriverTools 1.0
"EADM" = EA Download Manager
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"FileZilla Client" = FileZilla Client 3.5.3
"Fontboard Arabic Keyboards_is1" = Fontboard Arabic Keyboards
"Foxit Creator" = Foxit Creator
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"GamersFirst LIVE!" = GamersFirst LIVE!
"gowild" = Go Wild Casino
"HL2 DZ ADDON" = HL2 DZ ADDON 2008
"ImgBurn" = ImgBurn
"IndustrieGigant 2" = IndustrieGigant 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManyCam" = ManyCam 2.4 (remove only)
"Mermaid Poker" = Mermaid Poker
"Messenger Plus!" = Messenger Plus! 5
"MicroDicom" = MicroDicom 0.5.4
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 4.7.0
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My Program_is1" = LANPoker Version 0.07.11.15c
"NetTools_is1" = NetTools 5.0
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Palringo" = Palringo
"PalTalk8.2" = Paltalk Messenger
"PartyPoker" = PartyPoker
"Pharaoh's Secret FINAL 1.00" = Pharaoh's Secret FINAL 1.00
"PlexUtil" = SmartPack 1.20.5
"Poker_is1" = Poker
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Postal 2 Apocalypse Weekend Expansion Pack" = Postal 2 Apocalypse Weekend Expansion Pack
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"Quran_AR" = Quran Auto Reciter 2.7
"QuranReciter" = QuranReciter 4.0 beta 3
"RealAlt_is1" = Real Alternative 2.0.1
"RedKings Poker JPC_is1" = RedKings Poker JPC 1.0.0
"ScummVM_is1" = ScummVM 1.1.1
"ServeZip_is1" = ServeZip
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"SopCast" = SopCast 3.0.3
"StartEd" = StartEd 5.10
"StoneLoops Of Jurassica1.05" = StoneLoops Of Jurassica
"TeamViewer 7" = TeamViewer 7
"The Rise of Atlantis" = The Rise of Atlantis (remove only)
"ToolBox" = NCH Toolbox
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.9.1
"unibetpoker (Poker)" = Unibet
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.8
"WeArabChat" = WeArabChat 3.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"zbattle.net_is1" = zbattle.net 1.09 SR-1 beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"CarbonPoker" = CarbonPoker
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"XBMC" = XBMC
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2012 12:16:13 | Computer Name = Yahia-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 10.01.2012 12:19:07 | Computer Name = Yahia-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12.01.2012 01:14:18 | Computer Name = Yahia-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 12.01.2012 01:52:52 | Computer Name = Yahia-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 12.01.2012 10:57:19 | Computer Name = Yahia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1370    Startzeit:
 01ccd138d5b012ad    Endzeit: 41    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ab40dc73-3d2d-11e1-b676-002618b2ab41  
 
Error - 13.01.2012 00:57:07 | Computer Name = Yahia-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 13.01.2012 13:58:32 | Computer Name = Yahia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 9.0.1.4371,
 Zeitstempel: 0x4ef15e07  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x74b04f0d  ID des fehlerhaften
 Prozesses: 0x1438  Startzeit der fehlerhaften Anwendung: 0x01ccd21aa1a9cd94  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 34327819-3e10-11e1-a05b-002618b2ab41
 
Error - 13.01.2012 14:46:50 | Computer Name = Yahia-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 14.01.2012 07:40:05 | Computer Name = Yahia-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 15.01.2012 03:34:04 | Computer Name = Yahia-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 15.01.2012 15:27:40 | Computer Name = Yahia-PC | Source = Windows Activation Technologies | ID = 3
Description = Fehler bei Integritätsprüfung:    hr = 0x8004FE22, Integritätsstatus:
 0x0000000000002800
 
Error - 16.01.2012 03:44:23 | Computer Name = Yahia-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
[ System Events ]
Error - 06.08.2012 06:30:05 | Computer Name = Yahia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.08.2012 06:30:05 | Computer Name = Yahia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.08.2012 06:30:05 | Computer Name = Yahia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.08.2012 06:30:05 | Computer Name = Yahia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.08.2012 06:30:07 | Computer Name = Yahia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.08.2012 06:30:07 | Computer Name = Yahia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.08.2012 06:30:07 | Computer Name = Yahia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.08.2012 06:30:09 | Computer Name = Yahia-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.08.2012 06:30:11 | Computer Name = Yahia-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.08.2012 06:30:11 | Computer Name = Yahia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---


Push

sorry aber es ist schon auf seite 2

sonst siehts keiner ...

Alt 06.08.2012, 17:31   #5
markusg
/// Malware-holic
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [WcsPlugInService] C:\Users\Yahia\AppData\Local\Microsoft\Windows\2737\WcsPlugInService.exe ()
 :Files
C:\Users\Yahia\AppData\Local\Microsoft\Windows\2737
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.08.2012, 22:45   #6
Desert90
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



Also ich habe das Script eingefügt und fixxen lassen.
Asl ich dann im noramlen modus gestartet habe, erschien zwar der bundestrojaner nicht mehr dafür bekam ich ein virus namen "live securty premium" ein angeblicher viren scanner -.-

udn eine datei finde ich leider auch nicht
vllt weil ich wieder im abgesicherten modus bin?

werde erstma versuchen den virus per Malwarebytes zu löschen

edit: ich habe die dateien hochgeladen aber ich weiß nicht wo sie sind?

und hier der log von malwarebytes, es waren 12 infizierte datein:

Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.06.12

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Yahia :: YAHIA-PC [Administrator]

06.08.2012 23:47:39
mbam-log-2012-08-06 (23-47-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224913
Laufzeit: 15 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|0C1CFB13005B338C1BB77E1C4F147C45 (Trojan.Lameshield) -> Daten: C:\ProgramData\0C1CFB13005B338C1BB77E1C4F147C45\0C1CFB13005B338C1BB77E1C4F147C45.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6
C:\ProgramData\0C1CFB13005B338C1BB77E1C4F147C45\0C1CFB13005B338C1BB77E1C4F147C45.exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Yahia\AppData\Local\Temp\~!#BEFE.tmp (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{06128eea-3ff6-b2e3-75a8-19a689102123}\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Yahia\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Yahia\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
edit 3: der virus ist weg und habe jetzt auch internet im normalen modus.
doch komischerweise funktioneirt die windows fireall garnicht mehr? da steht nur noch: firewalleinstellungen aktualisieren sonst nix..
wenn ich draufklicke kommt ne fehlermeldung !

Geändert von Desert90 (06.08.2012 um 23:19 Uhr)

Alt 06.08.2012, 23:24   #7
markusg
/// Malware-holic
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



hi
bitte lasse keine außerder angeordneten programme laufen.
Versteckte Ordner einblenden in Windows
versteckte dateien und ordner einblenden, dann cache erneut versuchen hochzuladen, wobei bei "name" dein nutzername einzusetzen ist.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.08.2012, 23:46   #8
Desert90
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



also ich hatte keine programme laufen ...

ich hab das im abgesicherten modus gemacht also das fixxen oder geht das nur im normalen?

hmm und die datei habe ich versucht wieder hochzuladen aber es gab keine meldung als er fertig war die seite hat sich neugeladen

gehts denn ejtzt? achja mein AVG anti virus geht auch nicht mehr
kein firewall , kein aV, nix alles leer in der benutzerfläche

Alt 06.08.2012, 23:47   #9
markusg
/// Malware-holic
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



hi
File-Upload.net - Ihr kostenloser File Hoster!
dort mal hochladen, link als private nachicht an mich
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.08.2012, 23:52   #10
Desert90
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



Zitat:
Zitat von markusg Beitrag anzeigen
hi
File-Upload.net - Ihr kostenloser File Hoster!
dort mal hochladen, link als private nachicht an mich
PN gesendet !

Alt 07.08.2012, 00:08   #11
markusg
/// Malware-holic
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



danke
du hast das zero access rootkit auf dem pc.
wenn du onlinebanking machst, lasse es sperren.
am ende, alle passwörter endern.
da wir das rootkit nicht mit 100 %iger sicherheit entfernen können:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.08.2012, 00:10   #12
Desert90
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



Danke das macht mir jetzt ein bisschen Angst ^^

Heißt ich habe ein Keylogger bei mir ???

Kann ich meine Festplatte C teilen und meine dateien die ich bruache dann dahin kopiere und dann festplatte C neuformatieren oder muss alles gelöscht werden? es gibt einige wichtige daten!

welche passwörter alles? online banking komplett löschen? brauch ich aber ...

Alt 08.08.2012, 20:22   #13
markusg
/// Malware-holic
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



hi
alle passwörter.
daten sichern steht ja oben wie es geht
und festplatte muss dann formatiert werden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.08.2012, 21:09   #14
Desert90
 
Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Standard

Ich habe den Bundestrojaner -.- Bekomme den nicht weg !



hi habe windows neuinstalliert

habe davor die festplatte partioniert und paar daten gesichert
oder sind alle infiziert?

die meisten PW habe ich schon geändert, auch vom online banking....

hmm komisch es gibt keine edit funktion...

ich wollte sagen das dieses "Root-Kit" wieder von Avast erkannt wurde und wahrscheinlich auch gelöscht....muss ich wieder was befürchtne? PW ändern?

Ich habe nochmal ein OTL Scan gemacht:

OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.08.2012 03:36:59 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Yahia\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,81% Memory free
7,93 Gb Paging File | 6,66 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 262,68 Gb Total Space | 240,49 Gb Free Space | 91,55% Space Free | Partition Type: NTFS
Drive D: | 35,40 Gb Total Space | 3,32 Gb Free Space | 9,37% Space Free | Partition Type: NTFS
Drive E: | 9,00 Mb Total Space | 3,68 Mb Free Space | 40,86% Space Free | Partition Type: NTFS
 
Computer Name: YAHIA-PC | User Name: Yahia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.09 03:35:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Yahia\Desktop\OTL.exe
PRC - [2012.08.08 15:19:22 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\Yahia\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012.07.24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012.07.03 18:21:52 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.06.27 22:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 D3 E9 80 62 75 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yahia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yahia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.08 22:02:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.08 15:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.08 14:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yahia\AppData\Roaming\mozilla\Extensions
[2012.08.08 16:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\s85tne85.default\extensions
[2012.08.08 15:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.08 16:50:38 | 000,043,131 | ---- | M] () (No name found) -- C:\USERS\YAHIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S85TNE85.DEFAULT\EXTENSIONS\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.XPI
[2012.08.08 15:54:10 | 000,066,283 | ---- | M] () (No name found) -- C:\USERS\YAHIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S85TNE85.DEFAULT\EXTENSIONS\YETANOTHERSMOOTHSCROLLING@KATAHO.XPI
[2012.06.01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Yahia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B314F31-CA05-4E52-8113-3DA9C34B7AA4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.08 08:30:58 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.09 03:35:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Yahia\Desktop\OTL.exe
[2012.08.09 03:22:05 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Yahia\Desktop\tdsskiller.exe
[2012.08.09 03:11:32 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D96D33CA-A5AD-46CD-BDBB-C58776684861}
[2012.08.09 03:11:18 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B54AAA05-3B46-495B-AA70-92255DC8D7A4}
[2012.08.08 22:46:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.08.08 22:04:27 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.08.08 22:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.08.08 22:04:26 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.08.08 22:04:14 | 000,142,128 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.08.08 22:03:45 | 000,266,776 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.08.08 22:03:43 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.08.08 22:03:42 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.08.08 22:03:41 | 000,019,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012.08.08 22:03:36 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.08.08 22:03:35 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.08.08 22:03:03 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.08.08 22:02:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.08.08 22:02:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.08 16:40:54 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.08.08 16:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.08.08 16:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.08.08 16:35:06 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\Avast-Internet-Security-7.0.1426.0
[2012.08.08 16:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.08.08 16:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.08 16:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.08 16:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.08 16:06:38 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\WinRAR
[2012.08.08 16:06:37 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.08 16:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.08 16:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.08.08 15:30:33 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\Macromedia
[2012.08.08 15:15:35 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.08.08 15:14:50 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.08.08 15:14:11 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\Google
[2012.08.08 15:10:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{89177B4F-7EC2-4FD4-AFA9-869E55C9EBBB}
[2012.08.08 15:10:27 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Documents\Messenger Plus
[2012.08.08 15:10:16 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7E47CA77-523D-469A-ACE9-0D76BCE9A706}
[2012.08.08 15:10:03 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Tracing
[2012.08.08 15:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2012.08.08 15:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yuna Software
[2012.08.08 14:54:50 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.08.08 14:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.08.08 14:49:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.08.08 14:49:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.08.08 14:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.08.08 14:48:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.08.08 14:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.08.08 14:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.08.08 14:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.08.08 14:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.08.08 14:46:04 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\Windows Live
[2012.08.08 14:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.08.08 14:41:52 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Malwarebytes
[2012.08.08 14:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 14:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 14:41:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.08 14:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.08 14:39:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Mozilla
[2012.08.08 14:39:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\Mozilla
[2012.08.08 14:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.08.08 14:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.08 14:39:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.08.08 14:37:56 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Macromedia
[2012.08.08 14:37:55 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Adobe
[2012.08.08 14:37:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.08.08 14:37:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.08.08 14:30:50 | 000,000,000 | R--D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.08 14:30:50 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Searches
[2012.08.08 14:30:50 | 000,000,000 | R--D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.08 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Identities
[2012.08.08 14:30:34 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Contacts
[2012.08.08 14:30:32 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\VirtualStore
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Vorlagen
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\AppData\Local\Verlauf
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\AppData\Local\Temporary Internet Files
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Startmenü
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\SendTo
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Recent
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Netzwerkumgebung
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Lokale Einstellungen
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Documents\Eigene Videos
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Documents\Eigene Musik
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Documents\Eigene Bilder
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Druckumgebung
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Cookies
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\AppData\Local\Anwendungsdaten
[2012.08.08 14:30:25 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Anwendungsdaten
[2012.08.08 14:30:24 | 000,000,000 | --SD | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Videos
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Saved Games
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Pictures
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Music
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Links
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Favorites
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Downloads
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Documents
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\Desktop
[2012.08.08 14:30:24 | 000,000,000 | R--D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.08 14:30:24 | 000,000,000 | -HSD | C] -- C:\Users\Yahia\Eigene Dateien
[2012.08.08 14:30:24 | 000,000,000 | -H-D | C] -- C:\Users\Yahia\AppData
[2012.08.08 14:30:24 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\Temp
[2012.08.08 14:30:24 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\Microsoft
[2012.08.08 14:30:24 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Media Center Programs
[2012.08.08 14:30:12 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.08.08 14:29:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.08.08 14:19:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.08.08 14:17:24 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.08.08 14:16:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.09 03:35:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Yahia\Desktop\OTL.exe
[2012.08.09 03:24:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2401461625-2781535952-362301639-1000UA.job
[2012.08.09 03:22:10 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Yahia\Desktop\tdsskiller.exe
[2012.08.09 03:01:26 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.09 03:01:26 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.09 03:01:26 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.09 03:01:26 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.09 03:01:26 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.09 03:00:59 | 000,023,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 03:00:59 | 000,023,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 02:54:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.09 02:54:48 | 3193,769,984 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.08 22:04:27 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.08.08 22:03:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.08 15:44:22 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.08 15:24:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2401461625-2781535952-362301639-1000Core.job
[2012.08.08 15:15:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.08.08 15:14:52 | 000,002,356 | ---- | M] () -- C:\Users\Yahia\Desktop\Google Chrome.lnk
[2012.08.08 14:51:32 | 000,000,020 | ---- | M] () -- C:\Windows\lúK
[2012.08.08 14:41:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.08 14:29:35 | 000,000,768 | ---- | M] () -- C:\Windows\SysWow64\Settings.ini
[2012.08.08 14:19:51 | 000,000,771 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.08.08 14:19:51 | 000,000,771 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2012.08.08 22:04:27 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.08.08 16:40:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.08.08 15:15:37 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.08.08 15:15:35 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012.08.08 15:14:52 | 000,002,356 | ---- | C] () -- C:\Users\Yahia\Desktop\Google Chrome.lnk
[2012.08.08 15:14:13 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2401461625-2781535952-362301639-1000UA.job
[2012.08.08 15:14:12 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2401461625-2781535952-362301639-1000Core.job
[2012.08.08 14:52:11 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.08.08 14:51:50 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.08.08 14:51:32 | 000,000,020 | ---- | C] () -- C:\Windows\lúK
[2012.08.08 14:51:02 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.08.08 14:50:32 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.08.08 14:41:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.08 14:39:25 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.08 14:39:25 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.08 14:30:57 | 000,001,405 | ---- | C] () -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.08.08 14:30:53 | 000,001,439 | ---- | C] () -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.08 14:29:35 | 000,000,768 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini
[2012.08.08 14:16:49 | 3193,769,984 | -HS- | C] () -- C:\hiberfil.sys
 
========== LOP Check ==========
 
[2009.07.14 07:08:49 | 000,005,166 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.08.08 14:30:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.08.08 15:15:35 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.08.08 14:29:25 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.08.08 16:39:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.08.08 16:28:36 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.08.08 16:39:43 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.08.08 14:29:25 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.08.08 14:29:25 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.08.09 03:38:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.08.08 14:30:21 | 000,000,000 | R--D | M] -- C:\Users
[2012.08.08 22:02:33 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.08.09 03:47:39 | 001,048,576 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT
[2012.08.09 03:47:39 | 000,262,144 | -HS- | M] () -- C:\Users\Yahia\ntuser.dat.LOG1
[2012.08.08 14:30:24 | 000,000,000 | -HS- | M] () -- C:\Users\Yahia\ntuser.dat.LOG2
[2012.08.08 16:43:15 | 000,065,536 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.08.08 16:43:15 | 000,524,288 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.08.08 16:43:15 | 000,524,288 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.08.08 14:30:25 | 000,000,020 | -HS- | M] () -- C:\Users\Yahia\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
         
--- --- ---


Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.08.2012 03:36:59 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Yahia\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,81% Memory free
7,93 Gb Paging File | 6,66 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 262,68 Gb Total Space | 240,49 Gb Free Space | 91,55% Space Free | Partition Type: NTFS
Drive D: | 35,40 Gb Total Space | 3,32 Gb Free Space | 9,37% Space Free | Partition Type: NTFS
Drive E: | 9,00 Mb Total Space | 3,68 Mb Free Space | 40,86% Space Free | Partition Type: NTFS
 
Computer Name: YAHIA-PC | User Name: Yahia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33E32D92-7AE3-4443-8A0B-A6D8A6DA9E33}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{36EDB7F5-AD1B-4D68-B969-6E365ADFCAA4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{421DB0A2-C357-4A9C-A08B-C3C3D46EF472}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6DCE88E7-6143-492C-8227-5AEB62A5FB95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{776C8D8D-65BD-4317-A032-D1BFD90A25A6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8018D6CF-7119-41F2-B1FF-C9467D6197BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{880F0098-81C1-485A-97FF-165DB6D7E9B2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93F3C46D-CDCA-4126-A050-91EFB3C3A479}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9D8ACB0B-B8C1-40FF-889F-B86EC286A2B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ADB1E2F8-FE00-49AF-B52C-C47D771F8C22}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B2F117ED-438F-481F-9C0E-97F445FF8C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B38DA192-DCF4-40C0-97E4-8ED99DAFCFA9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B56BBBA5-428C-4294-98FD-7A348AB0BE03}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B850DC62-85F3-481D-A86A-F5D76607A470}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BB988AE9-6642-4670-A364-44B690BD2A3F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BCFFE368-9516-487C-822D-54FFCB441F22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C08CDA66-CEA0-40F2-ACF5-54AD29F6CAF8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CC5911D1-4B99-432F-9AD7-5BABF6A0C1FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CE82D4D6-1605-4A4D-9601-DB750C369A42}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D15410E5-50BC-4B99-B98B-460BDFEC18F0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E05E63AF-DCBD-4026-A146-3372E6DD59CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3B41F55-678E-41E7-9A48-A3CC45D831B4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FE8C3721-6A61-4349-872E-C51BAE3168D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060D2063-C92F-4AB3-8E5D-7CCCEA203AA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B3498C2-6E41-47D3-B385-0CEBC76D93EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F9EF2F4-3A39-48D5-B672-6987024856A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{319E4A97-F9EC-4163-BE06-F65B827A56FB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{33741EE9-0EDB-4A78-9026-9B835744C57B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3E5F827B-8030-4FB7-B798-21F16A202B48}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{67ACD593-97CF-4D70-9831-C9BAD6B1A75F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6EA9AE16-CFD4-4444-8FFA-FE3C9C7E40C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77B3FCE9-E79E-47F1-975B-B971F237693F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8A9D120E-0957-44F6-B103-713EC0A0B2BD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B389D4F-0E12-4081-AC62-6CEF3C78515F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A6736532-520A-4AC7-A787-9106A1DAE456}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AFA3ADA5-6967-4AE2-9342-F35AA947FA2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B0CAFD49-B99E-40C5-941F-48D6BE4E712A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B65A50B7-AA7F-49E8-B575-712D85B04D24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B807E892-6128-416E-AC01-48B7EF8DCDFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CF6A8341-DEE8-42F1-BFC2-D30D074BB66D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7E886F6-4E6D-4FC1-9504-E3D294E54FFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDC09177-1387-443A-921E-7C2C3F83140C}" = protocol=6 | dir=out | app=system | 
"{E045F610-7E0E-46C6-A46F-FA195998641E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FB294E03-B373-4B6D-9B66-99404698BC75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF7E8D38-0B5F-4AE2-B12A-4457E47F2596}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Internet Security
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2012 08:28:06 | Computer Name = Yahia-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.08.2012 08:16:49 | Computer Name = WIN-BVVDOMM8FUM | Source = Ntfs | ID = 262281
Description = Auf dem Volume "E:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
 
< End of report >
         
--- --- ---

Ich hoffe du kannst mir helfen
Das regt mich so auf. Firefox ruckelt übel !!
Nichtmals Doppelklick auf ein Ordner geht ...
Ich glaub der Virus wird niemals weggehen.
Hängt es was damit zusammen das ich paar Dateien auf einer anderen Festplatte kopiert habe? Können die infiziert sein?

Antwort

Themen zu Ich habe den Bundestrojaner -.- Bekomme den nicht weg !
abgesicherten, acrobat, bild, blockiert, brauch, bundestrojaner, computer, dateien, der computer ist für die verletzung, deutsch, dokument, dringend, geschlossen, gesetze der brd, handy, laptop, leer, modus, nichts, pdf, prozess, scan, taskmanager, total, trojaner, virus




Ähnliche Themen: Ich habe den Bundestrojaner -.- Bekomme den nicht weg !


  1. Ich habe schon seit einigen Wochen das TR/Patched.Ren.Gen auf dem Pc und bekomme es nicht weg
    Plagegeister aller Art und deren Bekämpfung - 07.08.2015 (24)
  2. Habe mir Viren eingefangen und bekomme sie nicht weg!
    Log-Analyse und Auswertung - 24.04.2015 (10)
  3. ich habe NoScript und Search Protect ausversehen installiert und bekomme es nicht deinstalliert
    Plagegeister aller Art und deren Bekämpfung - 14.07.2014 (15)
  4. Habe mir wohl was eingefangen und bekomme es nicht in den Griff
    Log-Analyse und Auswertung - 14.06.2013 (27)
  5. HILFE habe mir den Bundestrojaner eingefangen. Kann mich nicht mehr anmelden. Abgesicherter Modus geht auch nicht
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (21)
  6. Ich habe einen Virus und weiss nicht wie ich Ihn weg bekomme
    Log-Analyse und Auswertung - 09.11.2012 (30)
  7. Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg
    Log-Analyse und Auswertung - 29.12.2011 (9)
  8. Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg
    Log-Analyse und Auswertung - 27.12.2011 (1)
  9. Hallo habe iexplorer.exe auf meinen PC und bekomme es nicht runter.
    Mülltonne - 15.01.2010 (2)
  10. Habe mir AntiVirPlus eingefangen und bekomme ihn nicht mehr weg!
    Plagegeister aller Art und deren Bekämpfung - 13.11.2009 (3)
  11. Habe mehrere Plagegeister auf dem Rechner bekomme sie aber nicht weg
    Mülltonne - 20.11.2006 (1)
  12. Habe TROJANER oder VIRUS nd bekomme ihn nicht weg
    Plagegeister aller Art und deren Bekämpfung - 08.08.2005 (7)
  13. habe drei trojaner drauf und bekomme sie nicht weg
    Mülltonne - 02.06.2005 (2)
  14. Habe eine trojaner drauf und bekomme ihn nicht weg HILFE !!!!
    Plagegeister aller Art und deren Bekämpfung - 09.02.2005 (16)
  15. Hilfe ich habe einen Trojaner den ich nicht weg bekomme
    Plagegeister aller Art und deren Bekämpfung - 11.01.2005 (4)
  16. Hilfe ich habe einen Trojaner den ich nicht weg bekomme
    Antiviren-, Firewall- und andere Schutzprogramme - 11.01.2005 (1)
  17. Habe CAB.dialer.dll Trojaner und bekomme ihn nicht weg! HIIILFEE!
    Log-Analyse und Auswertung - 29.08.2004 (1)

Zum Thema Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! - Jetzt bin ich befallen. Hab mein Laptop seit Nov'09 und bis jetzt hatte ich kein Virus -.- ich ärger mich total, da ich noch wichtige Uni-Blätter ausdrucken udn abschicken muss. - Ich habe den Bundestrojaner -.- Bekomme den nicht weg !...
Archiv
Du betrachtest: Ich habe den Bundestrojaner -.- Bekomme den nicht weg ! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.