Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Backdoor-Server "BDS/Agent.58368.3"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.11.2012, 16:01   #1
DashShorty
 
Backdoor-Server "BDS/Agent.58368.3" - Standard

Backdoor-Server "BDS/Agent.58368.3"



Hallu!
Ich bräuchte Hilfe bei einem fiesem "Backdoor-Server"

Mit diesem habe ich mich am Samstag ca. um 20:00 infiziert und habe ihn per Virenscanner in die Quarantäne verschoben.

Der Virus nennt sich selbst, "Win32/Gamarue.I"


Jenachdem, hat sich meine Startseite im Firefox umgestellt und das zwar ohne meine Erlaubnis. Die Seite nennt sich xvre-search.com, und scheint vom Backdoor-Server zukommen. Die Suchmaschine läuft über die Google Engine und ist Französisch.

Die Startseite stellt sich zwar manchmal beim Neustart des Browsers um, aber auch wenn ich surfe.

Danach in msconfig nachgeschaut, und das hier gefunden:

Diese Datei startet sich über "C:/Users/Shorty/Appdata/Roaming/IM.exe"
IM.exe exestiert aber nicht, habe es über CMD löschen wollen. Ein wenig auffällig war das sie sich in AppData startet, das war schon peinlich genug für den Virus.

Ich habe eine andere Datei in der Appdata gefunden:

Keine Ahnung was das ist, wollte es nicht löschen. Per Virustotal gescannt und keine Gefahr.

Mit dem Programm defrogger gabs keine Fehlermeldung.
Hier sind die Logfiles von OTL:
Code:
ATTFilter
OTL logfile created on: 05.11.2012 15:37:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Shorty\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,52% Memory free
7,96 Gb Paging File | 5,59 Gb Available in Paging File | 70,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 49,69 Gb Free Space | 50,89% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 414,07 Gb Free Space | 49,66% Space Free | Partition Type: NTFS
 
Computer Name: SHORTY-PC | User Name: Shorty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.05 15:34:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.exe
PRC - [2012.11.04 21:37:32 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012.10.18 20:23:34 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.16 17:56:56 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.29 13:46:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.04.25 18:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012.02.03 14:56:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.28 08:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files (x86)\WeGame\WGClientService.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.29 11:55:44 | 002,676,696 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2010.11.17 10:29:38 | 000,287,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.04 21:37:31 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.10.18 20:23:34 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
MOD - [2012.06.15 02:28:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 02:28:54 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.27 00:46:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.27 00:46:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.27 00:46:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.27 00:46:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.27 00:46:20 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.15 01:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012.02.03 14:56:55 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.24 20:01:47 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.29 11:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.08.25 21:28:16 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.07.29 13:46:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.25 18:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.07.28 08:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\WeGame\WGClientService.exe -- (WeGameClientService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.05.11 12:21:26 | 000,415,616 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2010.11.17 10:29:38 | 000,287,024 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.08 09:46:26 | 000,153,808 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.04 12:07:05 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 13:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.20 09:04:02 | 000,276,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011.05.20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.11 12:21:30 | 001,261,440 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 10:01:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.03.07 10:01:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010.12.08 11:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010.12.08 11:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.25 10:42:10 | 000,179,464 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2010.11.24 09:18:16 | 000,119,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.17 10:20:20 | 000,331,368 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.07.08 09:49:08 | 000,079,000 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdisMP)
DRV:64bit: - [2010.07.08 09:49:08 | 000,079,000 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdis)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.03.15 10:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010.03.15 10:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic)
DRV:64bit: - [2010.03.15 10:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV:64bit: - [2010.03.15 10:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010.03.15 10:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5)
DRV:64bit: - [2010.03.15 10:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010.03.15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus)
DRV:64bit: - [2010.02.26 15:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.05.11 18:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV - [2012.08.25 21:28:14 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A2598745-3D49-4215-9CAE-4D12E2B1249E}
IE:64bit: - HKLM\..\SearchScopes\{A2598745-3D49-4215-9CAE-4D12E2B1249E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A2598745-3D49-4215-9CAE-4D12E2B1249E}
IE - HKLM\..\SearchScopes\{A2598745-3D49-4215-9CAE-4D12E2B1249E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.kiebel.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://syb.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.xvre-search.com/
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=2912_5&babsrc=SP_ss&mntrId=daaed600000000000000f46d042ebb3e
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.38
FF - prefs.js..extensions.enabledAddons: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.5
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: ipfuck@p4ul.info:1.0.1
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "109.104.105.69"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "109.104.105.69"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "109.104.105.69"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "109.104.105.69"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.startup.homepage: "hxxp://www.xvre-search.com/" 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.03 14:56:57 | 000,000,000 | ---D | M]
 
[2011.07.22 10:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shorty\AppData\Roaming\mozilla\Extensions
[2012.10.10 19:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\l0jagxva.default\extensions
[2012.09.21 14:39:03 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\l0jagxva.default\extensions\ich@maltegoetz.de
[2012.07.25 15:25:22 | 000,013,447 | ---- | M] () (No name found) -- C:\Users\Shorty\AppData\Roaming\mozilla\firefox\profiles\l0jagxva.default\extensions\ipfuck@p4ul.info.xpi
[2012.10.10 19:59:18 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Shorty\AppData\Roaming\mozilla\firefox\profiles\l0jagxva.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.01.06 08:53:30 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Shorty\AppData\Roaming\mozilla\firefox\profiles\l0jagxva.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.13 19:10:16 | 000,395,157 | ---- | M] () (No name found) -- C:\Users\Shorty\AppData\Roaming\mozilla\firefox\profiles\l0jagxva.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2011.12.22 15:01:47 | 000,773,913 | ---- | M] () (No name found) -- C:\Users\Shorty\AppData\Roaming\mozilla\firefox\profiles\l0jagxva.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
[2012.02.19 21:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.26 20:48:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 21:35:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.03 14:56:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.01 02:18:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.21 10:20:26 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.01 02:18:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.01 02:18:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.01 02:18:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.01 02:18:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.01 02:18:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8172DB39-67BF-4A6D-B20C-0A071D487540}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ce7d018-aa93-11e1-a427-f46d042ebb3e}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce7d018-aa93-11e1-a427-f46d042ebb3e}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.09.01 20:35:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012.11.05 15:34:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.exe
[2012.11.04 22:21:34 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\Achievements
[2012.11.04 22:18:13 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\tf2_diy_kit
[2012.11.04 22:16:31 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Local\Macromedia
[2012.11.04 21:37:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.11.04 20:45:15 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Avira
[2012.11.04 20:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.04 20:39:49 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.04 20:39:49 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.04 20:39:49 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.11.04 20:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.04 20:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.11.03 18:05:42 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Faerie Solitaire
[2012.11.03 00:53:57 | 000,249,868 | -HS- | C] (0hinc) -- C:\Users\Shorty\AppData\Roaming\IM.exe
[2012.11.02 23:50:11 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Local Settings
[2012.10.27 00:06:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.24 19:59:08 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\KillProcess
[2012.10.24 19:57:42 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Documents\KillProcess Kill Lists
[2012.10.24 19:57:42 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillProcess
[2012.10.24 19:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillProcess
[2012.10.24 19:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KillProcess
[2012.10.24 14:13:02 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Local\{D7819ADE-FD68-4DD8-8DAB-4BE2FC62F2F0}
[2012.10.21 22:15:14 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Local\SCE
[2012.10.21 22:15:14 | 000,000,000 | ---D | C] -- C:\Crash
[2012.10.19 18:24:34 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\.minecraft
[2012.10.18 20:23:18 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\puush
[2012.10.18 20:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
[2012.10.18 20:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\puush
[2012.10.16 20:44:34 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Subversion
[2012.10.16 20:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garry's Mod Manager
[2012.10.16 20:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garry's Mod Manager
[2012.10.16 20:40:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.10.13 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\forge
[2012.10.13 12:19:39 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\.minecraft
[2012.10.07 10:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.05 15:34:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.exe
[2012.11.05 15:23:33 | 000,028,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 15:23:33 | 000,028,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.05 15:20:34 | 001,646,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.05 15:20:34 | 000,708,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.05 15:20:34 | 000,661,966 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.05 15:20:34 | 000,153,598 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.05 15:20:34 | 000,125,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.05 15:15:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.05 15:15:39 | 3206,459,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.04 22:31:14 | 000,007,672 | ---- | M] () -- C:\Users\Shorty\Desktop\lowlife.png
[2012.11.04 20:40:15 | 000,001,808 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.11.04 20:39:56 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.03 10:59:04 | 000,249,868 | -HS- | M] (0hinc) -- C:\Users\Shorty\AppData\Roaming\IM.exe
[2012.11.03 01:19:16 | 000,000,201 | ---- | M] () -- C:\Users\Shorty\Desktop\Call of Duty Modern Warfare 3.url
[2012.11.03 01:19:16 | 000,000,201 | ---- | M] () -- C:\Users\Shorty\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.11.03 01:19:16 | 000,000,201 | ---- | M] () -- C:\Users\Shorty\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url
[2012.11.03 00:53:57 | 000,000,013 | ---- | M] () -- C:\Users\Shorty\AppData\Roaming\wxs3e
[2012.10.31 15:54:47 | 001,275,098 | R--- | M] () -- C:\Users\Shorty\Desktop\Essentials.zip
[2012.10.26 20:40:14 | 000,000,201 | ---- | M] () -- C:\Users\Shorty\Desktop\Borderlands 2.url
[2012.10.25 16:12:35 | 000,013,542 | ---- | M] () -- C:\Users\Shorty\Desktop\screwdriver_and_wrench_cutie_mark_by_kinnichi-d4ip39k.png
[2012.10.24 19:57:42 | 000,001,047 | ---- | M] () -- C:\Users\Shorty\Desktop\KillProcess.lnk
[2012.10.24 15:01:56 | 000,000,201 | ---- | M] () -- C:\Users\Shorty\Desktop\Call of Duty Black Ops.url
[2012.10.24 15:01:56 | 000,000,201 | ---- | M] () -- C:\Users\Shorty\Desktop\Call of Duty Black Ops - Multiplayer.url
[2012.10.21 22:15:00 | 000,001,024 | ---- | M] () -- C:\Users\Shorty\Desktop\PlanetSide 2 Beta.lnk
[2012.10.20 14:25:02 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.20 14:25:02 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.20 14:24:39 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.19 14:35:51 | 000,014,117 | ---- | M] () -- C:\Users\Shorty\Desktop\ss (2012-10-19 at 03.33.29).jpg
[2012.10.16 20:43:44 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Garry's Mod Manager.lnk
[2012.10.16 20:43:44 | 000,000,169 | ---- | M] () -- C:\Users\Public\Desktop\Garry's Mod Manager Tutorial.url
[2012.10.16 14:09:54 | 000,000,199 | ---- | M] () -- C:\Users\Shorty\Desktop\Team Fortress 2.url
[2012.10.14 20:33:17 | 005,099,873 | ---- | M] () -- C:\Users\Shorty\Desktop\minecraft_server.jar
[2012.10.11 14:36:09 | 000,001,020 | ---- | M] () -- C:\Users\Shorty\Desktop\Sandboxed Web Browser.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.04 22:31:14 | 000,007,672 | ---- | C] () -- C:\Users\Shorty\Desktop\lowlife.png
[2012.11.04 20:39:56 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.03 01:19:16 | 000,000,201 | ---- | C] () -- C:\Users\Shorty\Desktop\Call of Duty Modern Warfare 3.url
[2012.11.03 01:19:16 | 000,000,201 | ---- | C] () -- C:\Users\Shorty\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2012.11.03 01:19:16 | 000,000,201 | ---- | C] () -- C:\Users\Shorty\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url
[2012.11.03 00:53:57 | 000,000,013 | ---- | C] () -- C:\Users\Shorty\AppData\Roaming\wxs3e
[2012.10.31 15:55:04 | 001,275,098 | R--- | C] () -- C:\Users\Shorty\Desktop\Essentials.zip
[2012.10.26 20:40:13 | 000,000,201 | ---- | C] () -- C:\Users\Shorty\Desktop\Borderlands 2.url
[2012.10.25 16:12:35 | 000,013,542 | ---- | C] () -- C:\Users\Shorty\Desktop\screwdriver_and_wrench_cutie_mark_by_kinnichi-d4ip39k.png
[2012.10.24 19:57:42 | 000,001,047 | ---- | C] () -- C:\Users\Shorty\Desktop\KillProcess.lnk
[2012.10.24 15:01:56 | 000,000,201 | ---- | C] () -- C:\Users\Shorty\Desktop\Call of Duty Black Ops.url
[2012.10.24 15:01:56 | 000,000,201 | ---- | C] () -- C:\Users\Shorty\Desktop\Call of Duty Black Ops - Multiplayer.url
[2012.10.21 22:15:00 | 000,001,024 | ---- | C] () -- C:\Users\Shorty\Desktop\PlanetSide 2 Beta.lnk
[2012.10.21 22:15:00 | 000,001,024 | ---- | C] () -- C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 Beta.lnk
[2012.10.19 14:33:44 | 000,014,117 | ---- | C] () -- C:\Users\Shorty\Desktop\ss (2012-10-19 at 03.33.29).jpg
[2012.10.16 20:40:22 | 000,000,169 | ---- | C] () -- C:\Users\Public\Desktop\Garry's Mod Manager Tutorial.url
[2012.10.16 20:40:21 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Garry's Mod Manager.lnk
[2012.10.14 20:28:23 | 005,099,873 | ---- | C] () -- C:\Users\Shorty\Desktop\minecraft_server.jar
[2012.10.07 10:32:14 | 000,001,020 | ---- | C] () -- C:\Users\Shorty\Desktop\Sandboxed Web Browser.lnk
[2012.10.07 10:32:12 | 000,001,808 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.09.11 20:17:41 | 000,006,752 | ---- | C] () -- C:\Users\Shorty\.recently-used.xbel
[2012.07.29 18:22:38 | 000,007,606 | ---- | C] () -- C:\Users\Shorty\AppData\Local\Resmon.ResmonCfg
[2012.07.25 23:49:30 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.06.04 14:37:28 | 000,000,680 | RHS- | C] () -- C:\Users\Shorty\ntuser.pol
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.04.27 20:20:16 | 000,000,197 | ---- | C] () -- C:\Users\Shorty\AppData\Roaming\S!_Settings.ini
[2011.12.20 22:44:52 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.12.03 17:33:34 | 000,005,632 | ---- | C] () -- C:\Users\Shorty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.02 16:32:42 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.08.19 13:34:44 | 000,000,094 | ---- | C] () -- C:\Users\Shorty\AppData\Local\fusioncache.dat
[2011.08.18 19:27:11 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.08.04 22:16:48 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\DriveInfo.dll
[2011.07.22 14:07:05 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.22 14:07:04 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.07.22 14:07:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.29 10:09:00 | 001,629,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.29 09:31:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.04 17:49:26 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\.minecraft
[2011.12.18 17:05:25 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\.Nitrous
[2012.05.28 14:53:36 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\.platinum
[2012.09.16 12:45:04 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\.Spoutcraft
[2012.11.04 19:25:53 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\.techniclauncher
[2012.07.20 20:13:23 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\.terasology
[2011.11.23 20:40:28 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\.Version-Changer
[2012.07.15 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Artweaver Free
[2012.06.03 12:54:33 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Audacity
[2012.06.03 15:31:56 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\avidemux
[2012.10.08 20:06:05 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Awesomium
[2012.07.21 10:20:22 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Babylon
[2012.07.21 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\BabylonToolbar
[2011.12.25 15:34:38 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Beonadryt
[2012.10.11 14:37:59 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Blockscape
[2012.04.08 23:14:06 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012.04.30 21:10:54 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Downloaded Installations
[2011.10.31 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Dyyno
[2012.11.03 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Faerie Solitaire
[2012.08.19 14:44:51 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\FileZilla
[2012.08.14 16:08:13 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\gtk-2.0
[2011.06.29 10:06:01 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\InfraRecorder
[2012.05.14 09:06:59 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\inkscape
[2012.10.24 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\KillProcess
[2012.09.11 14:03:31 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Lansoftware
[2012.10.26 12:56:26 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Minecraft Version Changer
[2011.11.27 14:17:38 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Mumble
[2012.07.21 09:50:29 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\MW2 FoV Changer
[2012.07.17 15:48:46 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\naan studio, Inc
[2011.11.12 19:14:53 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Opera
[2012.08.11 21:37:50 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Origin
[2011.11.13 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\PCToolsFirewallPlus
[2012.10.06 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Play withSIX
[2012.10.18 20:23:18 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\puush
[2012.08.06 21:40:07 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Rainmeter
[2012.03.02 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\RotMG.Production
[2012.01.09 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Screaming Bee
[2012.08.14 19:33:18 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\six-zsync
[2012.10.24 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\SoftGrid Client
[2012.10.16 20:44:34 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Subversion
[2012.01.17 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\TeamViewer
[2011.08.05 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Teeworlds
[2011.09.16 10:40:35 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\TP
[2012.10.23 23:28:08 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\TS3Client
[2012.04.06 12:25:20 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\TuneUp Software
[2012.04.03 10:09:05 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\uTorrent
[2012.05.30 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\wargaming.net
[2011.10.03 14:36:05 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Windows Live Writer
[2012.07.21 10:20:16 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 05.11.2012 15:37:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Shorty\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,52% Memory free
7,96 Gb Paging File | 5,59 Gb Available in Paging File | 70,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 49,69 Gb Free Space | 50,89% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 414,07 Gb Free Space | 49,66% Space Free | Partition Type: NTFS
 
Computer Name: SHORTY-PC | User Name: Shorty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A7EEA9B-E725-4A53-884A-6051B98AC9FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{14C7CB76-F37D-460B-9B6C-2E26BEFA0E7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{217D6469-098D-4150-84B6-014D611CBB9C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2A793A75-173C-43D2-BB26-2ED743A1D937}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2B68C07F-899F-46C1-8798-2088B77FEDFF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64DB6ABC-82CD-4EA2-90D0-B160FF001385}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73D74C1F-8C76-4D23-B139-44E5452FE03B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7BEAB0E8-2F79-4C82-A977-4AAA0C2BFB76}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D8ED365-4097-4086-8FB0-F56D1B1F2C8C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7E3E7FB9-EA48-4233-8832-205588332525}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{83C12929-ACA0-4E6E-90EB-D88F15AB0656}" = lport=25565 | protocol=6 | dir=in | name=minecraft | 
"{8A194091-1167-426C-B5A0-AF77C4223C74}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{94BD5E1C-3524-4BEA-95F0-F9D15FCF863A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{95D37CB0-9F4D-43A8-839F-744E068280F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9885173F-17EE-4983-81E7-35D4E072FEAC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A29B794C-29C8-48E7-82BC-A0AE3A826480}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B9D5DAE3-A2D4-4FC3-8537-3FFD88040378}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C051DEC1-6F1F-484C-AE4C-153381C071BF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C55E7C7B-FCC2-41CD-AE4E-37C181191D75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA386EF5-CE43-4452-941F-B6F6979646B3}" = lport=27000 | protocol=17 | dir=in | name=cod 8 multi | 
"{DEDB02A5-F482-4A37-AA1E-623DA16DC983}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E26B0047-ADEE-4768-952E-78F915AD5DAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E30880D1-F58A-49A8-9A94-129C35713250}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{E40240BC-EA58-4300-B693-4987B722CEC5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F53C3D04-21C1-4234-9392-7C7A523395C5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FBDE554D-66BE-47A0-A11A-DAD4B24580F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8AED3-653E-4B36-B5D8-4AC5439A7563}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{04C29B02-3F45-4EAA-B3FF-A6EC7BB73942}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{089DECF3-10CD-45A8-B1B7-C7CC6BAEDB85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{0CF9281F-B2B6-4896-A9C2-57CE321A89D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0D372245-2657-4A87-9709-ED3AA6B411FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11F4AD42-F321-4682-BFDB-47A30C07C17F}" = protocol=17 | dir=in | app=d:\steam\steamapps\fburtf\garrysmod\hl2.exe | 
"{12873BBB-DCE6-4972-A8D3-16BB22A6AA24}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{1365A91F-7528-4EDA-8910-6B15E0754ACE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{17964DF1-4A19-4B2C-84CE-D97DD7DD256F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{18293AD5-97E3-4C0C-8776-F765A5B690EB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{1C4F8D08-8847-4DBC-8901-47B0D44ECF2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fburtf\garrysmod\hl2.exe | 
"{1C7DE26B-1A6E-4017-BA4C-C7311418D8E0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1EC95375-AA88-4F81-9D1C-EA3E36FB1845}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{1F5AF31F-6E94-4989-8B9D-AAE7086116AA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{26959185-9E6B-4A34-8985-15512E5B476A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{287427B7-60F7-466F-BA45-098D44EF4B5A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{28827E38-7A13-4272-B32C-F523E4B0E77D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe | 
"{2A8D37D0-CF30-43AA-B4EA-971D3DD90D96}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2CD16A23-66CC-48A5-A359-CCF11FD5081E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fburtf\garrysmod\hl2.exe | 
"{2E0C6359-7FB2-45D7-AECA-1F607A0D2F7B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{31408130-7AE9-4D8D-A664-1FFA5EF07848}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{3CC8D3E4-BCC9-4360-A36E-99A53ECDB4A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3DEF6C92-E90F-4DA5-9146-E6317B576E1F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{3E27C573-A712-4DBE-8CA2-AC4CA3FBB729}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2.exe | 
"{3E85C832-652C-40EF-82A3-CCE1B74FB326}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3EDCC762-3C2A-43B8-B251-B927569D5F66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3F4FE954-C5FF-4CBC-82B1-AE394957A576}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F67E5DB-56B7-4657-B54B-68F680B99FE3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe | 
"{50C781C8-91E6-493B-81A4-809AD80CDB0C}" = protocol=17 | dir=in | app=d:\fraps\battlefield 3\bf3.exe | 
"{51236939-E191-4ABC-B3CA-7161B1D31C01}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{51EBE89D-C6A2-4576-B6BA-D6A3E6DDF6F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57963BA9-FEC2-4C35-8E84-77F5199BE660}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5993C27A-1339-4985-920F-2C43DE8F34F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5AB81061-5972-407C-8369-CCFA0725D84F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5F953E0E-E85F-44AE-BC87-74EE09894EEE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{642DAFAB-A262-4676-8B60-37A84F99BADD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{6604B958-B6D2-4597-ADB0-03D2B1F6A592}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{69D482F7-0A44-4465-AA55-F19B76ECA493}" = protocol=6 | dir=in | app=d:\steam\steamapps\fburtf\garrysmod\hl2.exe | 
"{6BF951AB-2A46-45BE-B133-F8B4252D914A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6FA036A0-D608-46FD-935B-CFFE773AD831}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7213929B-7BF8-4C54-9E72-4D9E3FB61737}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{72CD9405-7BCA-436E-BB95-98FE08D21537}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{73C6518E-768B-4767-847A-04948D59007A}" = protocol=17 | dir=in | app=d:\steam\steamapps\fburtf\garry's mod beta\hl2.exe | 
"{74790BFD-AB5C-47A0-95D2-2852FD5AA217}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{798FA0A0-F864-4098-B518-7CEF7A894263}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fburtf\garrysmod\hl2.exe | 
"{7F5B3312-61BD-45E1-A087-4CA0557176BF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe | 
"{7FB51565-B541-48DF-B3F2-E5131DD4FE1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81ECFCEE-B473-47E9-8923-E3D7850611D4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{86911550-FD82-4A99-A1E2-E8300C87FD71}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{8A55DE79-CD26-4A79-B4FA-760DF40CD218}" = protocol=6 | dir=in | app=d:\fraps\battlefield 3\bf3.exe | 
"{8C9787A5-1B17-4F84-BB53-DAB63AFBDE32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{921D72F4-BFA6-48E1-823C-4888D6C5AEB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{98E4F6DD-0689-41F1-8F51-07731DB9E7D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9C5AA49C-B2CB-4FB6-992A-3CC610C37DD6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{9C6C6F27-2700-42BE-B7D4-4645CF3B163F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{9F2D6441-CD61-494A-829C-A6B76F4EBE0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{A98A6291-B0BA-49D7-B4AD-D8950BC661B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AD39E369-F5AC-4F46-AC15-0C407B9A3165}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B152B78E-4094-4B9A-8726-DB94E69DA0C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B1A3BA94-0872-4434-AF0B-241A6F5C2F6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B8876B8B-7D66-4B2D-BECB-6722142FBCA2}" = protocol=6 | dir=in | app=d:\steam\steamapps\fburtf\garry's mod beta\hl2.exe | 
"{B9F44A48-47FA-4164-B8B5-8F9A44D6E6B7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{BA384E64-89A1-4F3A-B983-EBB1FD60A0F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BA9EEACE-C9A0-45FE-BE27-08660DEEBECD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fburtf\garrysmod\hl2.exe | 
"{BAE34E3C-CA02-4FC3-9E94-240E873BEBAD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{BB36C1AD-316C-4412-A3AC-E989A47842C5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{BC9DBF8E-D4AF-4D66-B831-CDE800FFF2B3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{C7A73493-3E97-4247-B7CF-52F7D3E38601}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CDE55186-FE67-40BC-B4E1-C88467FFBC65}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{D5CC6CE9-0B6C-4788-8470-DA7534096103}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{D6727E05-8FBE-484A-B217-7D1DA2B5B075}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D7665BC9-A62D-44F8-9021-56A5DEDCC80E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{D7F56C86-A8A1-44DF-85E5-3C7F6BBC76E1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{DD7A8180-6F71-40BB-9CD9-AB53EEE2CB32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{E418344A-4745-4C57-ABB5-C3E5D6E91D89}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{E5A1ED64-7413-49C5-A362-707B9E2D5F84}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{E90CE4DB-9147-432F-88FE-7A124FD703D0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{EB462D46-AFD3-4936-AD3E-B0CF4602F72D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2.exe | 
"{EFA02BFC-3212-45EC-A038-FF4C91F9AA7D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\faerie solitaire\faeriesolitaire.exe | 
"{EFD940DB-A7A7-4CC7-8812-7818FD71B888}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{F39BA1A5-6A1F-4F3C-AA45-B2E2AEE18C7B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F3B75F21-DC10-422C-8141-BE9BCEF19CB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{F47BC964-1BD2-4D33-AE0B-3FD55D1FB4AC}" = protocol=6 | dir=out | app=system | 
"{FAB41D85-0D22-4B6D-9738-8A12ABCAA5A1}" = protocol=58 | dir=in | app=system | 
"{FAC24427-EBF4-4A31-BC5E-8218D4AA279A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{FB878C3D-4400-41E6-926F-2343272FC92E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{FBFF6FC1-7476-4B29-9BEE-36F364691C1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{FE9DB7CF-B9CA-4229-92EE-CB47652698C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{64F70599-4381-4AC3-8771-CF2E42C10B45}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{8841D59B-8FFA-48C2-9EC7-0B16615949E6}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{B284804A-3830-4EED-86FA-2832B8B22336}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{E4E93188-A274-47FA-9800-89171E98E769}C:\windows\syswow64\ftp.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ftp.exe | 
"UDP Query User{2E693645-C9D7-45D1-A4C6-85465D58FB70}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{ADE9C652-6C14-42B0-BA70-FA6C728A38DB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D5C2266D-E978-40BD-91A0-343E0AAC8B44}C:\windows\syswow64\ftp.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ftp.exe | 
"UDP Query User{EAD060B4-1F03-414F-AADA-6CC2BAA7B494}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Blender" = Blender
"CCleaner" = CCleaner
"cFosSpeed" = cFosSpeed v6.60
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Sandboxie" = Sandboxie 3.74 (64-bit)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1" = tConfig version 0.27.2
"{25D56EF8-ED54-41F2-B3AB-C62F76A54E1E}" = KCService.de Fernwartung
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E634921-4547-4CA9-AF79-08B735431C12}" = Play withSIX
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B451B75F-358C-4902-9477-4B30B68CFF49}" = COMPUTERBILD-Abzockschutz
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D25E16F9-902D-4B08-B6AD-C28882C6EBFE}" = Garry's Mod Manager
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{DC1F4DB8-FC61-4669-93D3-80722348102D}" = DayZ Commander
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.00.146
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD2EE96D-F1DE-4009-AE9D-DD8849FA3E5C}" = TweetDeck
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"Blockscape_is1" = Blockscape Phase 1 (beta)
"Dxtory2.0_is1" = Dxtory 2.0.104
"ESN Sonar-0.70.4" = ESN Sonar
"Garry's Mod Manager 8.30.0000" = Garry's Mod Manager
"Inkscape" = Inkscape 0.48.2
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"KillProcess" = KillProcess 2.44
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"Polipo" = Polipo 1.0.4.1
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"RocketDock_is1" = RocketDock 1.3.5
"StarCraft II" = StarCraft II
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 104700" = Super Monday Night Combat
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding Of Isaac
"Steam App 24240" = PAYDAY: The Heist
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 38600" = Faerie Solitaire
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13 Beta
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 570" = Dota 2
"Steam App 630" = Alien Swarm
"Terraria Game Launcher GUI_is1" = Terraria Game Launcher GUI version 1.2.2
"Tor" = Tor 0.2.2.35
"Vidalia" = Vidalia 0.2.15
"VLC media player" = VLC media player 2.0.1
"WhatPulse" = WhatPulse 1.7.1
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"SOE-PlanetSide 2 Beta" = PlanetSide 2 Beta
"wxWidgets_is1" = wxWidgets 2.9.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.11.2012 12:45:53 | Computer Name = Shorty-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.11.2012 12:46:09 | Computer Name = Shorty-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hamachi-2-ui.exe, Version: 2.1.0.215,
 Zeitstempel: 0x503de88c  Name des fehlerhaften Moduls: hamachi-2-ui.exe, Version:
 2.1.0.215, Zeitstempel: 0x503de88c  Ausnahmecode: 0x40000015  Fehleroffset: 0x000b6bd6
ID
 des fehlerhaften Prozesses: 0xfcc  Startzeit der fehlerhaften Anwendung: 0x01cdb850599a4a70
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
Berichtskennung:
 a2e12108-2443-11e2-be35-f46d042ebb3e
 
Error - 02.11.2012 10:39:51 | Computer Name = Shorty-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 02.11.2012 16:52:10 | Computer Name = Shorty-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x50892fd6  Name des fehlerhaften Moduls: client.dll, Version: 1.0.0.1, Zeitstempel:
 0x5092d033  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003518e0  ID des fehlerhaften Prozesses:
 0x15e0  Startzeit der fehlerhaften Anwendung: 0x01cdb93b461dbc1f  Pfad der fehlerhaften
 Anwendung: d:\steam\steamapps\fburtf\garrysmod\hl2.exe  Pfad des fehlerhaften Moduls:
 d:\steam\steamapps\fburtf\garrysmod\garrysmod\bin\client.dll  Berichtskennung: 2b26e421-252f-11e2-be35-f46d042ebb3e
 
Error - 03.11.2012 12:46:36 | Computer Name = Shorty-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GameOverlayUI.exe, Version: 1.32.20.50,
 Zeitstempel: 0x4f46a9bf  Name des fehlerhaften Moduls: libcef.dll, Version: 1.989.464.0,
 Zeitstempel: 0x502d6408  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00705320  ID des fehlerhaften
 Prozesses: 0x1290  Startzeit der fehlerhaften Anwendung: 0x01cdb9e0adc5a31e  Pfad der
 fehlerhaften Anwendung: D:\Steam\GameOverlayUI.exe  Pfad des fehlerhaften Moduls:
 D:\Steam\bin\libcef.dll  Berichtskennung: 0797a68c-25d6-11e2-be35-f46d042ebb3e
 
Error - 03.11.2012 17:01:19 | Computer Name = Shorty-PC | Source = Application Hang | ID = 1002
Description = Programm hl2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1870    Startzeit:
 01cdba0550312dfb    Endzeit: 242    Anwendungspfad: d:\steam\steamapps\fburtf\garrysmod\hl2.exe

Berichts-ID:
 9898a668-25f9-11e2-be35-f46d042ebb3e  
 
Error - 04.11.2012 16:36:12 | Computer Name = Shorty-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2012 16:37:04 | Computer Name = Shorty-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hamachi-2-ui.exe, Version: 2.1.0.215,
 Zeitstempel: 0x503de88c  Name des fehlerhaften Moduls: hamachi-2-ui.exe, Version:
 2.1.0.215, Zeitstempel: 0x503de88c  Ausnahmecode: 0x40000015  Fehleroffset: 0x000b6bd6
ID
 des fehlerhaften Prozesses: 0xdfc  Startzeit der fehlerhaften Anwendung: 0x01cdbacc16d50961
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
Berichtskennung:
 6419ea1e-26bf-11e2-a155-f46d042ebb3e
 
Error - 05.11.2012 10:04:31 | Computer Name = Shorty-PC | Source = Application Hang | ID = 1002
Description = Programm hl2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1178    Startzeit:
 01cdbb5a8e450de6    Endzeit: 291    Anwendungspfad: d:\steam\steamapps\fburtf\garrysmod\hl2.exe

Berichts-ID:
 b3299510-2751-11e2-a155-f46d042ebb3e  
 
Error - 05.11.2012 10:16:28 | Computer Name = Shorty-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 15.10.2011 09:22:05 | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 15:22:05 - Fehler beim Herstellen der Internetverbindung.  15:22:05 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 04.11.2012 16:37:06 | Computer Name = Shorty-PC | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 04.11.2012 16:37:06 | Computer Name = Shorty-PC | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 04.11.2012 16:38:15 | Computer Name = Shorty-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 04.11.2012 16:38:15 | Computer Name = Shorty-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 05.11.2012 10:16:56 | Computer Name = Shorty-PC | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 05.11.2012 10:16:56 | Computer Name = Shorty-PC | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 05.11.2012 10:16:56 | Computer Name = Shorty-PC | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 05.11.2012 10:16:56 | Computer Name = Shorty-PC | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 05.11.2012 10:18:32 | Computer Name = Shorty-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 05.11.2012 10:18:32 | Computer Name = Shorty-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
[ TuneUp Events ]
Error - 09.06.2012 09:50:03 | Computer Name = Shorty-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 09.06.2012 09:50:03 | Computer Name = Shorty-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 09.06.2012 09:50:03 | Computer Name = Shorty-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
Danke für die Hilfe, falls es welche gibt.
Shorty

Geändert von DashShorty (05.11.2012 um 16:09 Uhr)

Alt 06.11.2012, 22:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdoor-Server "BDS/Agent.58368.3" - Standard

Backdoor-Server "BDS/Agent.58368.3"



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Zitat:
Backdoor-Server "BDS/Agent.58368.3"
Ich bräuchte Hilfe bei einem fiesem "Backdoor-Server"
Bitte beachten und umsetzen => http://www.trojaner-board.de/125889-...tml#post941520
__________________

__________________

Antwort

Themen zu Backdoor-Server "BDS/Agent.58368.3"
7-zip, ahnung, anhang, babylontoolbar, black, bräuchte, cmd, datei, firefox, google, infiziert, install.exe, launch, logfiles, löschen, microsoft office starter 2010, neustart, nexus, nvidia update, origin, plug-in, programm, quarantäne, richtlinie, scan, scanner, seite, startet, startseite, suchmaschine, super, virenscan, virenscanner, virus, virustotal, win




Ähnliche Themen: Backdoor-Server "BDS/Agent.58368.3"


  1. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  4. "EXP/CVE-2011-3402' [exploit]" heute gefunden und (bereits länger) "Server ist ausgelastet" Meldung
    Log-Analyse und Auswertung - 17.12.2013 (3)
  5. "Server ist ausgelastet" - "Dieser Vorgang kann nicht ausgeführt werden,da die andere Anwendung aktiv ist.
    Log-Analyse und Auswertung - 29.11.2013 (23)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. "Server ist ausgelastet" - "Dieser Vorgang kann nicht ausgeführt werden,da die andere Anwendung aktiv ist.
    Diskussionsforum - 30.07.2013 (7)
  8. Malwarebytes hat "Winlogon|Shell (Backdoor.Agent)" - Was soll ich tun?
    Log-Analyse und Auswertung - 06.01.2012 (1)
  9. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  10. TR/Agent.ruo im Ordner "windows/system32" in der Datei "d3stez.dll"
    Plagegeister aller Art und deren Bekämpfung - 27.03.2010 (1)
  11. "BDS/Backdoor.Gen" in "C:\Windows\Installer\MSI7D1E.tmp"
    Plagegeister aller Art und deren Bekämpfung - 08.02.2010 (1)
  12. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)
  13. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  14. Hilfe! "Trojan.Agent" und "Rogue.Residue" auf dem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 02.05.2009 (13)
  15. Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"
    Log-Analyse und Auswertung - 21.10.2008 (14)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. "Backdoor BDS/Agent.AY"
    Log-Analyse und Auswertung - 13.12.2004 (4)

Zum Thema Backdoor-Server "BDS/Agent.58368.3" - Hallu! Ich bräuchte Hilfe bei einem fiesem "Backdoor-Server" Mit diesem habe ich mich am Samstag ca. um 20:00 infiziert und habe ihn per Virenscanner in die Quarantäne verschoben. Der Virus - Backdoor-Server "BDS/Agent.58368.3"...
Archiv
Du betrachtest: Backdoor-Server "BDS/Agent.58368.3" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.