Decrypt / Encrypter Trojaner / Virus.

chazinho · 24.05.2013, 19:34

Habe das selbe Problem mit dem Decrypt Virus wie sehr viele immoment.
Habe Gelesen der Trojaner ist recht aktuell... ich hoffe dennoch mir kann geholfen werden ich habe nämlich keine backups von den Bildern oder einen Wiederherstellungspunkt @ Win 7 32bit

hijackthis sagt....

O4 - HKCU\..\Run: [DirtyDecrypt] "C:\Users\cZPEEDHACK\AppData\Roaming\Dirty\DirtyDecrypt.exe" /hide

... komme allerdings nicht in den ordner um es manuel zu löschen, nichtmal im abgesicherten Modus der rechner rebootet automatisch, selten sowas hartnäckiges gesehen.

markusg · 24.05.2013, 19:36

hi, und unsere angepinnten Themen sagen kein Hijackthis :-)
wegen der entschlüsselung könen wir noch nichts sagen, da sind noch weitere nachforsungen nötig, aber das machen wir schon, wenn da was möglich ist

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

chazinho · 24.05.2013, 20:55

Erledigt. Konnte es allerdings nicht auf file-Upload hochladen. Bittesehr hxxp://www.dateiupload.net/download.php?file=4e88ac618d8849260eb66ab76d7516e4

markusg · 24.05.2013, 21:02

bitte das log hier reinkopieren.

chazinho · 24.05.2013, 21:16

Zitat:

Zitat von markusg

bitte das log hier reinkopieren.

Der Text, den Sie eingegeben haben, besteht aus 147403 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.

OTLOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.05.2013 21:29:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\cZPEEDHACK\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 58,66% Memory free
6,50 Gb Paging File | 4,98 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 8,71 Gb Free Space | 17,83% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 1,39 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
 
Computer Name: CZ | User Name: chaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\cZPEEDHACK\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - D:\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
PRC - D:\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
PRC - D:\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\EasyLife\sprotector.dll ()
MOD - c:\Programme\BrowseToSave\sprotector.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Desura Install Service) -- C:\Programme\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (PSUAService) -- D:\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- D:\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WajamUpdater) -- C:\Programme\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva401) -- C:\Windows\system32\XDva401.sys File not found
DRV - (XDva400) -- C:\Windows\system32\XDva400.sys File not found
DRV - (XDva399) -- C:\Windows\system32\XDva399.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tizeqdrv) -- C:\Users\chaz\AppData\Roaming\TZAC2\tizeq32.sys ()
DRV - (NNSHTTPS) -- C:\Windows\System32\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV - (NNSSTRM) -- C:\Windows\System32\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV - (NNSPIHSW) -- C:\Windows\System32\drivers\NNSPihsw.sys (Panda Security, S.L.)
DRV - (NNSSMTP) -- C:\Windows\System32\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV - (NNSTLSC) -- C:\Windows\System32\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV - (NNSPROT) -- C:\Windows\System32\drivers\NNSProt.sys (Panda Security, S.L.)
DRV - (NNSPRV) -- C:\Windows\System32\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV - (NNSPOP3) -- C:\Windows\System32\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV - (NNSPICC) -- C:\Windows\System32\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV - (NNSIDS) -- C:\Windows\System32\drivers\NNSIds.sys (Panda Security, S.L.)
DRV - (NNSHTTP) -- C:\Windows\System32\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV - (NNSALPC) -- C:\Windows\System32\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (PSKMAD) -- C:\Windows\System32\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (NNSNAHSL) -- C:\Windows\System32\drivers\NNSNAHSL.sys (Panda Security, S.L.)
DRV - (PsBoot) -- C:\Windows\System32\drivers\PsBoot.sys (Panda Security, S.L.)
DRV - (LGSHidFilt) -- C:\Windows\System32\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV - (LGSUsbFilt) -- C:\Windows\System32\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0a4219da-c298-43f8-9fa1-076f39c1ebbe&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=34&r=2013/02/14&hid=2420481901&lg=EN&cc=DE
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 21 EF D1 E9 50 CE 01  [binary data]
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007\..\SearchScopes\{F337523E-B29C-4560-BE0C-700C55472D2B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=93A6016B-7361-4CF9-89E9-BDA164FD65F8&apn_sauid=AF2918DB-5AC6-4BDD-8777-26158149C886
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 5E 6A 9C 8C 58 CE 01  [binary data]
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1008\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1584033661-3106969475-2456615852-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 18:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.04.12 18:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 18:05:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.easylifeapp.com/?pid=34&r=2013/02/14&hid=2420481901&lg=EN&cc=DE
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.177_0\crossrider
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.177_0\
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Software Assist) - {11111111-1111-1111-1111-110011301126} - C:\Programme\Software Assist\Software Assist.dll (Software Assist)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programme\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1584033661-3106969475-2456615852-1008\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [PSUAMain] D:\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007..\Run: [Atizivxypu] C:\Users\chaz.cZ\AppData\Roaming\Adku\cuwop.exe ()
O4 - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007..\Run: [IExplorer Util] C:\Users\chaz.cZ\AppData\Roaming\ie_util.exe (Mandiant)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Remove H2O driver] C:\Program Files\SyncroSoft\Pos\H2O [2013.05.22 21:31:14 | 000,000,000 | ---D | M]
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1584033661-3106969475-2456615852-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\cZPEEDHACK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E82628-4F64-47E9-9B5E-74B952F82759}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Programme\BrowseToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\easylife\sprote~1.dll) - c:\Programme\EasyLife\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\chaz\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\ICQ7M\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: Optimizer Pro - hkey= - key= - C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
MsConfig - StartUpReg: Steam - hkey= - key= - D:\Steam\steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.24 20:40:02 | 000,036,736 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PsBoot.sys
[2013.05.24 20:39:52 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2013.05.24 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2013.05.24 19:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013.05.21 20:20:09 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\ParetoLogic
[2013.05.21 20:20:09 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\DriverCure
[2013.05.21 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013.05.21 20:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2013.05.21 20:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013.05.21 20:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2013.05.20 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\CrashRpt
[2013.05.20 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\Documents\Arktos
[2013.05.20 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Arktos
[2013.05.18 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Programs
[2013.05.18 14:47:33 | 000,000,000 | ---D | C] -- C:\Programs
[2013.05.18 14:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.18 14:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.05.18 14:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
[2013.05.16 03:11:28 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 03:11:27 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 03:11:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 03:11:26 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 03:11:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 03:11:24 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 03:11:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 03:11:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 03:11:24 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 03:11:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 22:42:36 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 22:42:35 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 22:42:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 22:42:25 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 22:42:25 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.12 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Diagnostics
[2013.05.12 16:07:01 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Steinberg
[2013.05.11 22:04:59 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.05.11 21:09:09 | 000,053,760 | ---- | C] (Mandiant) -- C:\Users\chaz.cZ\AppData\Roaming\ie_util.exe
[2013.05.11 20:06:27 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\Documents\Battlefield Play4Free
[2013.05.11 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Ovby
[2013.05.11 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Ocalg
[2013.05.11 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Adku
[2013.05.11 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Chromium
[2013.05.11 00:22:38 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\PunkBuster
[2013.05.10 16:44:44 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Xfire
[2013.05.10 03:10:01 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\WinRAR
[2013.05.09 22:01:14 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\cef-cache
[2013.05.09 22:01:02 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\bwincom
[2013.05.09 18:18:33 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Publish Providers
[2013.05.09 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Sony
[2013.05.09 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Sony
[2013.05.09 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\Documents\Movie Studio Platinum 12.0 Projekte
[2013.05.08 23:59:06 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\TS3Client
[2013.05.08 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Google
[2013.05.08 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Deployment
[2013.05.08 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Apps
[2013.05.07 22:53:41 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Avira
[2013.05.07 22:52:40 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\TuneUp Software
[2013.05.07 22:50:20 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\LolClient
[2013.05.07 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\NVIDIA
[2013.05.07 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Logitech
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Virtual Machines
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Searches
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.07 22:47:40 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Identities
[2013.05.07 22:47:37 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Contacts
[2013.05.07 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Adobe
[2013.05.07 22:47:21 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\VirtualStore
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Vorlagen
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\AppData\Local\Verlauf
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\AppData\Local\Temporary Internet Files
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Startmenü
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\SendTo
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Lokale Einstellungen
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\AppData\Local\Anwendungsdaten
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Recent
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Netzwerkumgebung
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Documents\Eigene Videos
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Documents\Eigene Musik
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Eigene Dateien
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Documents\Eigene Bilder
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Druckumgebung
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Cookies
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Anwendungsdaten
[2013.05.07 22:47:09 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Microsoft
[2013.05.07 22:47:08 | 000,000,000 | --SD | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Videos
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Saved Games
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Pictures
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Music
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Links
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Favorites
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Downloads
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Documents
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Desktop
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.07 22:47:08 | 000,000,000 | -H-D | C] -- C:\Users\chaz.cZ\AppData
[2013.05.07 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Temp
[2013.05.07 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Macromedia
[2013.05.06 18:56:59 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\wvit.dat
[2013.05.06 18:56:59 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\jmwzdl.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\rfob0.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\corab.dat
[2013.05.06 08:11:44 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\0l9je.dat
[2013.05.06 08:11:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.02 16:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2013.05.01 23:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 12
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.24 21:04:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000UA.job
[2013.05.24 21:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.24 20:49:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.24 20:47:17 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 20:47:17 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 20:41:02 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.24 20:41:01 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.05.24 20:39:33 | 000,401,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.24 20:38:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 20:38:42 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.24 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.05.24 17:04:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000Core.job
[2013.05.22 10:29:55 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.05.22 10:29:55 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2013.05.21 20:24:42 | 000,080,700 | ---- | M] () -- C:\pic_8_big.jpg
[2013.05.21 20:16:00 | 000,001,152 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\RegCure Pro.lnk
[2013.05.21 07:04:23 | 000,698,514 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.21 07:04:23 | 000,652,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.21 07:04:23 | 000,148,570 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.21 07:04:23 | 000,121,428 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.21 05:12:31 | 000,214,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.05.21 05:12:11 | 000,214,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.05.21 05:05:15 | 000,140,360 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.19 23:33:01 | 281,682,144 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.18 23:56:49 | 000,000,435 | ---- | M] () -- C:\Users\Public\Desktop\La-Mulana v1.4.4.2.lnk
[2013.05.18 14:44:52 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.18 14:32:21 | 000,001,494 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\bwin Poker.lnk
[2013.05.17 00:27:08 | 000,053,760 | ---- | M] (Mandiant) -- C:\Users\chaz.cZ\AppData\Roaming\ie_util.exe
[2013.05.15 19:53:35 | 000,000,180 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\Renaissance Heroes.url
[2013.05.15 03:02:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 03:02:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.11 22:04:59 | 000,000,202 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\Arctic Combat.url
[2013.05.11 09:00:24 | 000,134,800 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\148806_371994019545477_942922134_n.jpg
[2013.05.08 16:14:00 | 000,000,689 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\lol.launcher - Verknüpfung.lnk
[2013.05.07 13:27:22 | 095,023,320 | ---- | M] () -- C:\ProgramData\ej9l0.pad
[2013.05.07 13:19:08 | 095,023,320 | ---- | M] () -- C:\ProgramData\tivw.pad
[2013.05.06 18:57:03 | 095,023,320 | ---- | M] () -- C:\ProgramData\ldzwmj.pad
[2013.05.06 18:57:03 | 000,002,585 | ---- | M] () -- C:\ProgramData\tivw.js
[2013.05.06 18:56:59 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\wvit.dat
[2013.05.06 18:56:59 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\jmwzdl.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\rfob0.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\corab.dat
[2013.05.06 08:11:46 | 000,002,608 | ---- | M] () -- C:\ProgramData\ej9l0.js
[2013.05.06 08:11:44 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\0l9je.dat
[2013.05.06 08:11:44 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.02 16:07:50 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.05.01 23:03:01 | 000,000,652 | ---- | M] () -- C:\Users\Public\Desktop\Movavi Video Converter 12.lnk
[2013.04.27 01:40:54 | 000,000,009 | ---- | M] () -- C:\Windows\pbase.dat
[2013.04.27 01:40:54 | 000,000,008 | ---- | M] () -- C:\Windows\npbase.dat
[2013.04.27 01:40:54 | 000,000,003 | ---- | M] () -- C:\Windows\ver.dat
[2013.04.24 21:51:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.24 18:12:05 | 000,080,700 | ---- | C] () -- C:\pic_8_big.jpg
[2013.05.21 20:20:12 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.05.21 20:16:00 | 000,001,152 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\RegCure Pro.lnk
[2013.05.21 20:15:59 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.05.21 20:15:59 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.05.21 20:15:58 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2013.05.19 23:33:01 | 281,682,144 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.05.18 23:44:26 | 000,000,435 | ---- | C] () -- C:\Users\Public\Desktop\La-Mulana v1.4.4.2.lnk
[2013.05.18 23:44:26 | 000,000,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\La-Mulana v1.4.4.2.lnk
[2013.05.18 14:44:52 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.18 14:44:03 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.18 14:44:01 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.18 14:32:21 | 000,001,494 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\bwin Poker.lnk
[2013.05.15 19:53:35 | 000,000,180 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\Renaissance Heroes.url
[2013.05.11 22:04:59 | 000,000,202 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\Arctic Combat.url
[2013.05.11 18:00:42 | 000,134,800 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\148806_371994019545477_942922134_n.jpg
[2013.05.08 16:14:00 | 000,000,689 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\lol.launcher - Verknüpfung.lnk
[2013.05.07 22:47:29 | 000,001,425 | ---- | C] () -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.06 18:57:03 | 000,002,585 | ---- | C] () -- C:\ProgramData\tivw.js
[2013.05.06 18:56:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\tivw.pad
[2013.05.06 18:56:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\ldzwmj.pad
[2013.05.06 08:11:46 | 000,002,608 | ---- | C] () -- C:\ProgramData\ej9l0.js
[2013.05.06 08:11:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\ej9l0.pad
[2013.05.02 16:07:50 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2013.05.01 23:03:01 | 000,000,652 | ---- | C] () -- C:\Users\Public\Desktop\Movavi Video Converter 12.lnk
[2013.04.24 21:51:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013.03.21 06:10:18 | 000,042,880 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2013.03.01 02:55:31 | 000,000,009 | ---- | C] () -- C:\Windows\pbase.dat
[2013.03.01 02:55:31 | 000,000,008 | ---- | C] () -- C:\Windows\npbase.dat
[2013.03.01 02:55:31 | 000,000,003 | ---- | C] () -- C:\Windows\ver.dat
[2013.02.16 19:54:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.12.19 00:46:19 | 000,140,360 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.12.11 01:48:08 | 000,214,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.12.11 01:48:05 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.09.20 20:59:46 | 000,000,046 | ---- | C] () -- C:\Program Files\Falco.url
[2012.09.11 00:29:35 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012.09.05 07:25:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.04 15:49:52 | 000,000,410 | ---- | C] () -- C:\Windows\Uninstall Manager.ini
[2012.09.04 15:37:08 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.09.04 13:10:03 | 000,557,056 | ---- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2012.09.04 13:10:03 | 000,000,082 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2012.09.04 13:09:48 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012.09.04 13:09:48 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2012.09.04 13:09:48 | 000,000,250 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2012.09.04 13:09:47 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.05 23:34:22 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\8-Bit Commando
[2013.04.25 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Antares
[2012.09.13 17:25:08 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\AtomZombieData
[2013.02.09 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Awesomium
[2012.09.20 22:32:06 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Beat Hazard
[2013.02.26 21:55:00 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Bloody Trapland Demo
[2013.01.03 02:01:17 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\bwincom
[2012.09.30 00:01:07 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Carbon
[2013.05.06 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\cef-cache
[2012.09.22 01:39:05 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\collection
[2012.09.23 16:14:22 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\DAEMON Tools Lite
[2013.02.01 18:18:10 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Doublefine
[2012.09.05 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\EoN
[2013.05.01 16:52:20 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Fiaku
[2013.01.23 13:39:06 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\FLV Extract
[2013.04.17 12:08:31 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\ICQ
[2013.05.01 16:52:20 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Itent
[2013.01.12 23:40:07 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Leadertech
[2012.09.04 17:23:52 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\LolClient
[2012.09.13 16:17:18 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\LOVE
[2013.05.07 00:47:55 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Lyla
[2013.05.01 23:18:20 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\MOVAVI
[2013.01.02 18:36:04 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Nifflas
[2012.09.23 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\OpenCandy
[2012.09.05 14:20:45 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\OpenOffice.org
[2012.09.05 14:19:34 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Optimizer Pro
[2012.12.01 07:26:49 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Origin
[2013.02.16 16:38:48 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Play withSIX
[2012.11.20 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\PM2012
[2012.11.24 19:48:30 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Publish Providers
[2012.09.20 22:25:27 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Pulsen
[2013.02.07 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Retrovirus
[2013.02.14 13:51:49 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\SendSpace
[2013.02.16 16:03:18 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Sony
[2012.11.27 14:15:05 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Sony Creative Software Inc
[2012.09.27 14:17:07 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Steinberg
[2012.09.12 19:00:05 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\The First Templar
[2012.09.04 19:34:46 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\Trine2
[2013.05.06 23:42:09 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\TS3Client
[2013.02.16 15:51:28 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\TuneUp Software
[2013.01.18 21:43:25 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\TZAC2
[2012.09.27 21:15:12 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\VST3 Presets
[2013.05.02 16:24:00 | 000,000,000 | ---D | M] -- C:\Users\chaz\AppData\Roaming\XMedia Recode
[2013.05.11 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Adku
[2013.05.09 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\bwincom
[2013.05.09 22:01:14 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\cef-cache
[2013.05.21 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\DriverCure
[2013.05.07 22:50:20 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\LolClient
[2013.05.17 00:21:11 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Ocalg
[2013.05.11 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Ovby
[2013.05.21 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\ParetoLogic
[2013.05.09 18:18:33 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Publish Providers
[2013.05.09 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Sony
[2013.05.12 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Steinberg
[2013.05.17 01:09:38 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\TS3Client
[2013.05.07 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\TuneUp Software
[2013.05.07 17:31:16 | 000,000,000 | ---D | M] -- C:\Users\cZONY\AppData\Roaming\LolClient
[2013.05.07 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\cZONY\AppData\Roaming\TuneUp Software
[2013.05.17 16:58:42 | 000,000,000 | ---D | M] -- C:\Users\cZPEEDHACK\AppData\Roaming\LolClient
[2013.05.17 18:27:25 | 000,000,000 | ---D | M] -- C:\Users\cZPEEDHACK\AppData\Roaming\OpenOffice.org
[2013.05.24 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\cZPEEDHACK\AppData\Roaming\Panda Security
[2013.05.22 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\cZPEEDHACK\AppData\Roaming\Steinberg
[2013.05.24 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\cZPEEDHACK\AppData\Roaming\TS3Client
[2013.05.17 14:17:45 | 000,000,000 | ---D | M] -- C:\Users\cZPEEDHACK\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.05.17 14:12:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.05.18 14:32:15 | 000,000,000 | ---D | M] -- C:\bwincom
[2012.09.23 16:13:19 | 000,000,000 | ---D | M] -- C:\DAEMON Tools Lite
[2013.02.05 14:26:09 | 000,000,000 | ---D | M] -- C:\DESK 2010
[2012.11.01 18:13:09 | 000,000,000 | ---D | M] -- C:\DESKTOP 2009
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.09.04 13:00:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.05 18:07:15 | 000,000,000 | ---D | M] -- C:\ICQ7M
[2013.05.11 19:30:05 | 000,000,000 | ---D | M] -- C:\ISO SETUP
[2012.12.25 22:59:05 | 000,000,000 | ---D | M] -- C:\IsoBuster
[2013.03.03 19:23:28 | 000,000,000 | ---D | M] -- C:\mIRC
[2013.01.17 16:00:06 | 000,000,000 | ---D | M] -- C:\Origin
[2013.01.04 03:43:32 | 000,000,000 | ---D | M] -- C:\PCWELT
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.21 20:15:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.24 19:54:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.09.04 13:00:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.05.18 14:47:33 | 000,000,000 | ---D | M] -- C:\Programs
[2012.09.04 13:00:34 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.05.24 21:31:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.03.17 08:38:35 | 000,000,000 | ---D | M] -- C:\TeamSpeak 3 Client
[2013.05.17 14:12:39 | 000,000,000 | ---D | M] -- C:\Users
[2013.05.19 23:33:01 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,000,378 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.09.07 02:51:18 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000Core.job
[2012.09.07 02:51:19 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000UA.job
[2012.10.10 11:40:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.05.18 14:44:01 | 000,001,090 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.18 14:44:03 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 20:15:58 | 000,000,384 | ---- | C] () -- C:\Windows\Tasks\RegCure Pro.job
[2013.05.21 20:15:59 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2013.05.21 20:15:59 | 000,000,468 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
[2013.05.21 20:20:12 | 000,000,442 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.11.04 20:05:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.11.04 20:05:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.05.24 21:28:04 | 004,194,304 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT
[2013.05.24 21:28:03 | 000,262,144 | -HS- | M] () -- C:\Users\chaz.cZ\ntuser.dat.LOG1
[2013.05.07 22:47:10 | 000,000,000 | -HS- | M] () -- C:\Users\chaz.cZ\ntuser.dat.LOG2
[2013.05.08 03:12:58 | 000,065,536 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2013.05.08 03:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2013.05.08 03:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.05.20 14:56:38 | 000,065,536 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{a39856ee-c0cb-11e2-9658-001d6039006a}.TM.blf
[2013.05.20 14:56:38 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{a39856ee-c0cb-11e2-9658-001d6039006a}.TMContainer00000000000000000001.regtrans-ms
[2013.05.20 14:56:38 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{a39856ee-c0cb-11e2-9658-001d6039006a}.TMContainer00000000000000000002.regtrans-ms
[2013.05.07 22:47:15 | 000,000,020 | -HS- | M] () -- C:\Users\chaz.cZ\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:67B66DF7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:436DEE1E

< End of report >

--- --- ---

chazinho · 24.05.2013, 21:20

EXTRASOTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.05.2013 21:29:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\cZPEEDHACK\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 58,66% Memory free
6,50 Gb Paging File | 4,98 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 8,71 Gb Free Space | 17,83% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 1,39 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
 
Computer Name: CZ | User Name: chaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1584033661-3106969475-2456615852-1007\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1584033661-3106969475-2456615852-1008\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{109FDCA2-DB98-4336-9081-00E90DBD5561}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18FAF802-34BA-48F8-936B-4BD3FA6349F5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{259A0A17-55F9-42CC-82EF-84EADC28C848}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2B7AEAE4-C0FB-4A25-93F5-2BD03DCB6138}" = rport=80 | protocol=6 | dir=out | app=d:\steam\steamapps\common\warframe\warframe.exe | 
"{3485329E-7EE7-4882-982F-0EF69BD2FA6F}" = rport=80 | protocol=6 | dir=out | app=d:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{3B93C3F5-012D-4E30-A002-EB719EC2B3AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{42522B1C-1EC8-4285-9C76-B2309CB9999A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4847F4A9-CD07-452E-AEB9-1C647AE9C60B}" = rport=80 | protocol=6 | dir=out | app=d:\steam\steamapps\common\warframe\warframe.x64.exe | 
"{505CFE59-2943-44EC-A3E4-F6D9E9C3F029}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{600394FC-9022-4F53-B729-D3BAA47FC49F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{72BA4716-F24E-4DA9-B957-052585E50C80}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7B4EC378-9559-4186-85F8-FC2F3C21CDDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F214118-7CA4-4381-BDED-A6FD1E49E3D4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8315A856-8806-4A85-A5E8-0D2448528B58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{88FF6C16-BDBE-41E3-BECC-719531223547}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9D4DDBD8-63E9-4989-AA05-7EC33898E03E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4331CE5-6332-43EB-9320-CC16213A7FE9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A799855F-D357-4256-BBF6-4F1315F9F1EB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BD72EDBA-B37F-44B8-BD31-17D1E879B35C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C4F0063B-BAAA-4034-996D-F05674D23576}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C980EB5C-C36D-4068-96F1-CAAFDB097BB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0EBA351-06D6-4120-90AA-31CDFB88153D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D3F0320D-72B1-46DC-87DF-65A6944DB120}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E3531506-2989-4BC8-91A9-EE3164E60649}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EB99FDDF-4E7F-4D22-A546-F13B2600DF26}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EE96928F-50DB-47A3-871D-E3D282E2B0E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B15895-7DD2-44C5-8BC5-C5F6239C1A84}" = protocol=17 | dir=in | app=d:\indie-games\qube\binaries\win32\qube.exe | 
"{032D8472-0433-466F-B442-7BD5D0F2A54F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{04119457-8D3D-444F-A728-5C0C0EF125DF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe | 
"{042FE542-5541-4635-9A3D-5AE8B574F652}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{04B0D5CB-08E1-4737-85F7-309ABFF352FB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cry of fear\cof.exe | 
"{0741304E-47B3-4E19-ACD4-CA28FED3FBC8}" = protocol=17 | dir=in | app=d:\primal fears\project4.exe | 
"{09019CC7-B41A-4831-9090-60DBEF2C974E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\warframe\warframe.exe | 
"{0D7DAA75-E5BE-41FC-871A-04FBBC6D0ACC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{1097898A-91ED-4FD1-9906-ED5A0661FD75}" = protocol=6 | dir=in | app=d:\trials evolution gold edition\trials_launcher.exe | 
"{12D2FBFF-5D96-4802-AEBE-4480319F9574}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1305B468-B161-4BC4-AAAB-1E53885EF1D2}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{18AF3D25-F510-4A2D-9799-9769335C7FAB}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{194557F3-0F88-4B63-80A7-86014C06A868}" = protocol=6 | dir=in | app=d:\fly'n\source\flyn.exe | 
"{1D07F12E-7067-4AA6-8A28-E91303524DB3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{1E20CFBE-57A7-4304-A4FD-EF67150799A2}" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"{20C91979-BE25-4562-830C-10BD4173D6A0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{22D2711C-396C-4EAA-A6E2-9217392CC7E8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arcticcombat\system\arcticcombat.exe | 
"{23D7A7D0-9568-4661-93A6-265851821FF9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe | 
"{23FA88C9-0032-4CFD-98CA-DF84A28251F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{260BF717-8AA6-4745-8758-E52B26E400FB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{261FEB6B-765B-4D0E-A1B0-1113B875D1A1}" = protocol=6 | dir=in | app=d:\indie-games\qube\binaries\win32\qube.exe | 
"{32AED547-D971-4E76-85A1-B266163D9C64}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{375825C3-7281-4CF6-B398-82553294D02B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{3A288BB2-CBD9-4E83-BDD9-0246B3977134}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cry of fear\coflaunchapp.exe | 
"{3D7BB33D-0F98-4099-9C84-D99A25487E1F}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{3D8DB76C-98E2-4001-9E81-5FED0757C3EC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe | 
"{3E89D118-7147-47F4-8834-0A625A75F74B}" = protocol=17 | dir=out | app=d:\steam\steamapps\common\warframe\warframe.x64.exe | 
"{407F8262-FC57-4EAC-8180-F6F94D3B011F}" = protocol=6 | dir=in | app=d:\bf4free\bfp4f.exe | 
"{43274772-ED06-47BF-B5F9-DB450A7CEEC4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{4A3ABF83-7AF0-4E71-9BD9-1AE636E34D9A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{4BEC82D1-82BE-4DEA-8813-7C1876A2A5D1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5060B21B-1A7A-4AD4-963C-0C96CA5AB5D1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{50F8C58E-C27A-4461-AACF-F0BA21FB2217}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cry of fear\coflaunchapp.exe | 
"{53B8D6CA-F365-4C36-9E70-4C87F87E3EA0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{54BC4789-D0A3-49BD-974F-7BC2401296C0}" = protocol=6 | dir=out | app=system | 
"{5738B9A9-FB93-48C3-97DF-426A89D31767}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{584EC741-4878-4BB0-BCD8-0BC065930F46}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\warincbattlezone\rsupdate.exe | 
"{58735C26-FC5F-4C10-A526-4D87BAABD3A5}" = protocol=17 | dir=in | app=d:\indie-games\hypersonic4\binaries\win32\udk.exe | 
"{58C3FC1D-5894-46AC-A0BC-09C0C68AF805}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E403F4B-4E57-4CE0-A3F7-E6D1CCDC9961}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F1EA08F-6D2F-4E1A-99ED-8F9D62F5D9D4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arcticcombat\system\arcticcombat.exe | 
"{60D57243-320A-4643-893E-2E2B302E5B37}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe | 
"{611E8566-3DC6-474F-AB76-B8F156E23E90}" = protocol=6 | dir=in | app=c:\icq7m\icq.exe | 
"{62B3ECAA-5EC9-4FD6-B0D5-C9BB543A5E7A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{68B670D5-7590-4F5B-A6F1-AE2D130BE60E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{69125912-439F-4149-92B0-FCA0F4D72344}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{6E7C6706-09B9-42DF-A532-3748A464C6C1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6F4B37C1-3F46-4AF9-92E1-99C448212F02}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{70B0F218-C151-482B-AAF1-15C47CB05C21}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\renaissance heroes\bridealauncher.exe | 
"{71B96E8B-D24D-46D1-892E-5DDC5186BC5B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{76D8C417-7125-498E-A141-74CF4726AC41}" = protocol=17 | dir=in | app=d:\rayman origins\rayman origins.exe | 
"{7A981986-0D6E-4DE5-956A-840FCF4DECF6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{7EF19E70-65BF-4EED-AE3D-20A16C88335B}" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\java.exe | 
"{801DF2A7-CC22-450F-9980-29506A571DFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81F0FA17-C23F-4606-90A8-B6E0995897CD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{84D6072F-4089-4827-BFB5-54AC218CDE79}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\warframe\warframe.x64.exe | 
"{8560BFF2-311F-463F-93D0-EF55CF3E930E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8AC64A96-D3B3-4B69-B2A5-6915CAB4198F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{8B7A81AE-4A96-41E3-8D0B-077C9FD93B30}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{8F4EA2D2-610E-4015-8A2A-4DC40D009F12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F5C8A55-9987-49B8-B50F-F79A594B3C79}" = protocol=6 | dir=in | app=d:\indie-games\hypersonic4\binaries\win32\udk.exe | 
"{9167245E-615B-4815-966C-D43AEEF28C82}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{9353E4BC-B3F5-4DDC-BAE6-EDC3FD177F72}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cry of fear\cof.exe | 
"{96E38C31-4509-4AC0-9CCA-C03EC4F8CF08}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{976EECA6-432D-48D4-A850-45C3E933361A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E542D8D-097C-40E2-9059-5CAEB1AE31EF}" = protocol=6 | dir=in | app=c:\icq7m\icq.exe | 
"{9F26843E-09E7-4895-A4C6-CDC809C6CBBB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{A097180B-5BC3-4794-A3AA-C0C9E3FB6E77}" = protocol=6 | dir=in | app=d:\primal fears\project4.exe | 
"{A0984D14-CA7C-4B37-80D0-9487EEDDE7D4}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{A29476FE-E60C-4658-AB39-89D9524C94E0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{AF0C70DA-E6D1-4A65-8313-B5FD0075177A}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B0328595-6164-4369-87BA-C1A3892E0096}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{B07B19A3-C06A-4EFA-801D-B313456A4751}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{B0DE91A4-9D2B-4C28-B318-D8DD1AE159D6}" = protocol=6 | dir=in | app=d:\trials evolution gold edition\datapack\trialsfmx.exe | 
"{B8A9366D-BF2A-4A6D-8FE3-3586E0DC5CC6}" = protocol=17 | dir=in | app=d:\fly'n\source\flyn.exe | 
"{BB067813-F8A2-4DDE-B711-F357F33CE56C}" = protocol=17 | dir=in | app=d:\qube\binaries\win32\qube.exe | 
"{BE4420BD-EBD8-4952-BBAB-0FCD51E9F66F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bullet run\launchpad.exe | 
"{C09C327A-A1DD-4489-879E-4B5CF02929DC}" = protocol=17 | dir=in | app=c:\icq7m\icq.exe | 
"{C1D081FE-DF77-4FBF-A11E-8B5B7D7F15EE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\warincbattlezone\rsupdate.exe | 
"{C3859529-21EB-481A-A113-CD9A8D42F527}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7E8E6AF-102E-4695-B444-8110B4733D47}" = protocol=17 | dir=in | app=d:\bf4free\bfp4f.exe | 
"{C8FE4E88-29FF-4A7E-B563-8B6AC5EF8BF3}" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"{C922326E-13FC-4402-9B3B-C9C09022DFA2}" = protocol=6 | dir=in | app=d:\qube\binaries\win32\qube.exe | 
"{CBF838EE-2BAC-41EA-9956-45C3365B53B0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{CF3BB940-E87E-488D-B176-3A1031768591}" = protocol=17 | dir=in | app=d:\trials evolution gold edition\trials_launcher.exe | 
"{D1F5D485-5719-495C-B798-AAF2928DBA07}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DBD6ACDB-9A53-494F-9A1C-C8A5E9CB7491}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{DC49DC62-7D15-46A5-A6BE-16D1FE9EA63F}" = protocol=17 | dir=in | app=d:\trials evolution gold edition\datapack\trialsfmx.exe | 
"{DDACCC90-6E7C-4E81-B68F-EAEF39B46BAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE3E2E96-98A5-402E-9C20-F21F53264B79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE9EBA84-33C5-4138-9C8C-511D5DBC1096}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E0D68DEC-62A0-41DB-A7ED-1157254A52BB}" = protocol=6 | dir=in | app=c:\icq7m\icq.exe | 
"{E1E514A5-EC1E-4C23-B770-8AF2A7DBDCEF}" = protocol=17 | dir=in | app=c:\icq7m\icq.exe | 
"{E45C6E95-7DE5-4AC8-838F-33CC211E496B}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{E501B4F7-9EC8-4136-BB38-EC7BA3D1379F}" = protocol=17 | dir=out | app=d:\steam\steamapps\common\warframe\warframe.exe | 
"{E98DA700-BD40-4447-A627-31F72E9B98CD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bullet run\launchpad.exe | 
"{E9E56E76-0F7B-4606-BC33-2DFAD1B6F2F9}" = protocol=6 | dir=in | app=d:\rayman origins\rayman origins.exe | 
"{EC8C8244-0BA5-4F2D-9CD8-B76B6301F1DC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{ECE01EE5-2F5A-4003-BD2E-E3CA3DD743CA}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{ED43E854-FF05-49A6-9ADB-F91A80B2833D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{EDE30E8E-2C47-4BD5-BC7A-C67C4A311505}" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\java.exe | 
"{EE5E4C69-16F1-4B79-8C49-86C4C18ABD77}" = protocol=6 | dir=in | app=c:\mirc\mirc.exe | 
"{F310D711-121E-4DF0-BAD1-277F538D22E8}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{F44EF301-E8DF-42B1-9265-97F3BC2EFE8D}" = protocol=17 | dir=in | app=c:\mirc\mirc.exe | 
"{F679E7D8-1366-42B7-876B-87979B1AD7A6}" = protocol=17 | dir=in | app=c:\icq7m\icq.exe | 
"{F7C76565-BABB-48A8-BDE5-62C92D1552EF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | 
"{F807673B-F987-4C31-93B7-DAEC04589136}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\renaissance heroes\bridealauncher.exe | 
"{FA11E4D0-337A-4CC2-B10E-7D84D958C9C2}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"TCP Query User{00151D2C-FDA1-4FE2-A4DF-BF9E00E7F0C2}D:\who wants to be a millionaire special editions\binaries\win32\shippingpc-wwtbamgame.exe" = protocol=6 | dir=in | app=d:\who wants to be a millionaire special editions\binaries\win32\shippingpc-wwtbamgame.exe | 
"TCP Query User{02703206-8D25-4955-9649-1AC1E735CDD1}D:\indie-games\fly'n\source\flyn.exe" = protocol=6 | dir=in | app=d:\indie-games\fly'n\source\flyn.exe | 
"TCP Query User{0CBA4009-0DC6-4D12-B4CA-528C88CEC742}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{129905F0-7499-4F12-8633-00C8F82108D7}D:\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=d:\pro evolution soccer 2013\pes2013.exe | 
"TCP Query User{1EA9ADB2-E129-4978-8D9E-47C86C2B9A60}D:\pulsen\program\pulsen.exe" = protocol=6 | dir=in | app=d:\pulsen\program\pulsen.exe | 
"TCP Query User{26DE22B2-967E-4237-82A7-1A118E75404C}D:\hypersonic4\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\hypersonic4\binaries\win32\udk.exe | 
"TCP Query User{28BE64CC-D2F8-4EA7-929A-708E1586FF46}D:\indie-games\qube\binaries\win32\qube.exe" = protocol=6 | dir=in | app=d:\indie-games\qube\binaries\win32\qube.exe | 
"TCP Query User{3A3E2854-AE64-4F36-9970-2AC595FF3D7C}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{466A7D00-E482-4CD9-B27A-1F4B0F89BB50}D:\dead block\binaries\win32\shippingpc-dbgame.exe" = protocol=6 | dir=in | app=d:\dead block\binaries\win32\shippingpc-dbgame.exe | 
"TCP Query User{472A0416-F99C-4BA0-9DAC-FCB6C6442679}D:\beat hazard ultra\beathazard.exe" = protocol=6 | dir=in | app=d:\beat hazard ultra\beathazard.exe | 
"TCP Query User{47E39D1F-8E79-4DF3-83EB-535FA54A977C}D:\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{6C0E1633-0AE2-470E-8EB9-D14696032B81}D:\primal fears\project4.exe" = protocol=6 | dir=in | app=d:\primal fears\project4.exe | 
"TCP Query User{712AA10F-8D2E-461B-9FAF-B8206CC4D824}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{7B99E1CB-B772-47D0-B861-B75A3D1EC7F4}D:\orcs must die! 2\build\release\orcsmustdie2.exe" = protocol=6 | dir=in | app=d:\orcs must die! 2\build\release\orcsmustdie2.exe | 
"TCP Query User{8792B2C8-A617-46EF-90CC-8839E9CFEF29}D:\bf4free\bfp4f.exe" = protocol=6 | dir=in | app=d:\bf4free\bfp4f.exe | 
"TCP Query User{934DD9F1-44C9-4264-80F7-09E4F3E839E4}D:\fifa.13.unlocked\game\fifa13.exe" = protocol=6 | dir=in | app=d:\fifa.13.unlocked\game\fifa13.exe | 
"TCP Query User{946F5C41-BE08-4DD0-B615-43B88A175C0B}C:\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\mirc\mirc.exe | 
"TCP Query User{97D8C96B-67D9-4338-A8D0-C6D263EC7AD0}C:\program files\common files\i4j_jres\1.6.0_27\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\java.exe | 
"TCP Query User{B12A9327-70A0-4F71-A4BC-0587A8807128}D:\indie-games\hypersonic4\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\indie-games\hypersonic4\binaries\win32\udk.exe | 
"TCP Query User{B39C5E99-D44A-4799-B55B-39E6858CD3EE}D:\rayman origins\rayman origins.exe" = protocol=6 | dir=in | app=d:\rayman origins\rayman origins.exe | 
"TCP Query User{B3B93F22-7619-414F-9005-E4C2C82C8296}D:\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=d:\need for speed most wanted\nfs13.exe | 
"TCP Query User{B53C0FC8-A491-4B8D-A577-6DE7A3EAAB2D}D:\karateka\binaries\karateka.exe" = protocol=6 | dir=in | app=d:\karateka\binaries\karateka.exe | 
"TCP Query User{BB36E362-FEBC-4301-9822-D3FDBBE27C71}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BBDE0831-F611-408F-9EA7-B375B54ECE3E}D:\steam\steamapps\common\cry of fear\cof.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cry of fear\cof.exe | 
"TCP Query User{BECD6191-9D3F-42CD-BC45-BE6B3E5134B3}D:\qube\binaries\win32\qube.exe" = protocol=6 | dir=in | app=d:\qube\binaries\win32\qube.exe | 
"TCP Query User{D1DB724C-D930-4F52-B4F9-ACB269F94D77}D:\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\call of duty 2\cod2mp_s.exe | 
"TCP Query User{D45AD0AB-3818-42E9-819C-B7D1F5F3A228}D:\trials evolution gold edition\datapack\trialsfmx.exe" = protocol=6 | dir=in | app=d:\trials evolution gold edition\datapack\trialsfmx.exe | 
"TCP Query User{DDABE2CB-1547-419F-84D8-F3EF08CA8718}D:\fly'n\source\flyn.exe" = protocol=6 | dir=in | app=d:\fly'n\source\flyn.exe | 
"TCP Query User{E069A528-5EED-4F7E-96BA-67898754317B}D:\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=d:\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe | 
"TCP Query User{F6009331-979E-41E8-89BA-A6BDCFCFD441}D:\worms revolution\wormsrevolution.exe" = protocol=6 | dir=in | app=d:\worms revolution\wormsrevolution.exe | 
"TCP Query User{FA0B232D-CC8A-442F-9B89-C5DBC9FBFDFF}D:\the expendables 2 videogame\ex2_win.exe" = protocol=6 | dir=in | app=d:\the expendables 2 videogame\ex2_win.exe | 
"UDP Query User{1FA441D7-3691-49EA-9EF7-85FD597E065F}D:\dead block\binaries\win32\shippingpc-dbgame.exe" = protocol=17 | dir=in | app=d:\dead block\binaries\win32\shippingpc-dbgame.exe | 
"UDP Query User{2B939348-5D75-4709-B016-8C59CC7FC491}D:\hypersonic4\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\hypersonic4\binaries\win32\udk.exe | 
"UDP Query User{31FD3CD5-1E85-4E7E-A688-CF18B3879546}D:\indie-games\qube\binaries\win32\qube.exe" = protocol=17 | dir=in | app=d:\indie-games\qube\binaries\win32\qube.exe | 
"UDP Query User{323B92E1-872D-40B2-9A05-0C6142C72481}D:\worms revolution\wormsrevolution.exe" = protocol=17 | dir=in | app=d:\worms revolution\wormsrevolution.exe | 
"UDP Query User{395F4EC6-4DFB-4468-B92D-9AC00E23E6F8}D:\steam\steamapps\common\cry of fear\cof.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cry of fear\cof.exe | 
"UDP Query User{4111A79C-9CC3-4705-B772-D3A21BCE02A8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{4AA694CE-5A0B-4287-8259-D7DFD58669DD}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{4FD4C031-9334-469A-B17B-F35A25D47E51}D:\bf4free\bfp4f.exe" = protocol=17 | dir=in | app=d:\bf4free\bfp4f.exe | 
"UDP Query User{51C25007-83C2-4D68-A4F7-F278264D2F3F}D:\indie-games\hypersonic4\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\indie-games\hypersonic4\binaries\win32\udk.exe | 
"UDP Query User{52766038-4F1B-44B2-8DB8-E8E0AFCB55EF}D:\beat hazard ultra\beathazard.exe" = protocol=17 | dir=in | app=d:\beat hazard ultra\beathazard.exe | 
"UDP Query User{64199B56-B469-4AD3-95FE-A7D560F6A722}D:\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=d:\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe | 
"UDP Query User{65DC722B-50BB-418B-BE2A-2E56B55ED7A8}D:\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\call of duty 2\cod2mp_s.exe | 
"UDP Query User{6D7ECF04-85CE-45BA-9AA5-6373E2D09D73}D:\fly'n\source\flyn.exe" = protocol=17 | dir=in | app=d:\fly'n\source\flyn.exe | 
"UDP Query User{7CEE06E4-56EE-49F1-8303-17EA33F3F565}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{8D1F7E7D-2CDA-49B7-9CCC-D95CBD863E18}C:\program files\common files\i4j_jres\1.6.0_27\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\java.exe | 
"UDP Query User{9C5CFB44-81F0-4E2E-888D-FC2E6E7C6643}D:\indie-games\fly'n\source\flyn.exe" = protocol=17 | dir=in | app=d:\indie-games\fly'n\source\flyn.exe | 
"UDP Query User{A959D304-91E0-4E32-8972-A52C11B4B90D}D:\pulsen\program\pulsen.exe" = protocol=17 | dir=in | app=d:\pulsen\program\pulsen.exe | 
"UDP Query User{AD3A2E6D-881B-4784-8CC6-4FEB82192981}D:\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{B5BE918B-9AEF-40F0-BB55-6DD28F1BBD8C}D:\orcs must die! 2\build\release\orcsmustdie2.exe" = protocol=17 | dir=in | app=d:\orcs must die! 2\build\release\orcsmustdie2.exe | 
"UDP Query User{BEFD4A8C-2831-482A-9222-3C1C989CB81E}D:\karateka\binaries\karateka.exe" = protocol=17 | dir=in | app=d:\karateka\binaries\karateka.exe | 
"UDP Query User{D8C8E4B6-CA31-4B6B-96C0-9AD1243739E9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{DB96A625-4787-42C2-AA44-99C97AE7CDFF}C:\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\mirc\mirc.exe | 
"UDP Query User{DCF69878-FC5F-476B-B99A-AC356C448EA4}D:\who wants to be a millionaire special editions\binaries\win32\shippingpc-wwtbamgame.exe" = protocol=17 | dir=in | app=d:\who wants to be a millionaire special editions\binaries\win32\shippingpc-wwtbamgame.exe | 
"UDP Query User{E1784BAE-1267-4530-A37D-32B2EC6C2847}D:\fifa.13.unlocked\game\fifa13.exe" = protocol=17 | dir=in | app=d:\fifa.13.unlocked\game\fifa13.exe | 
"UDP Query User{E27EEB98-3D84-4C6D-A8FE-D27E02478906}D:\primal fears\project4.exe" = protocol=17 | dir=in | app=d:\primal fears\project4.exe | 
"UDP Query User{E515D459-266C-4DC1-AA5C-3051A00159F1}D:\qube\binaries\win32\qube.exe" = protocol=17 | dir=in | app=d:\qube\binaries\win32\qube.exe | 
"UDP Query User{EC97BFBF-031B-41B2-8B67-74F94F452728}D:\the expendables 2 videogame\ex2_win.exe" = protocol=17 | dir=in | app=d:\the expendables 2 videogame\ex2_win.exe | 
"UDP Query User{EF950E78-90EC-4307-A82E-DA32CC2538F3}D:\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=d:\need for speed most wanted\nfs13.exe | 
"UDP Query User{F3311257-847A-4840-B42D-DD46E0EA105D}D:\rayman origins\rayman origins.exe" = protocol=17 | dir=in | app=d:\rayman origins\rayman origins.exe | 
"UDP Query User{F66023A9-6D01-465F-A157-B86EF287A091}D:\trials evolution gold edition\datapack\trialsfmx.exe" = protocol=17 | dir=in | app=d:\trials evolution gold edition\datapack\trialsfmx.exe | 
"UDP Query User{FBEF6593-9A82-46BA-AA43-0613C073BC27}D:\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=d:\pro evolution soccer 2013\pes2013.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.111.08260
"{07D857B8-C956-401D-BC8F-EDA8459AF037}" = Trials Evolution Gold Edition
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EF2A7E2-A588-45A8-91B6-2E83AA7D2F14}" = MotorHEAT
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{423A9ABA-E167-42F4-9715-485F17843750}" = Panda Cloud Antivirus
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99BEB67F-B288-44F5-8B2A-23F5A52FA1AE}_is1" = Universal AntiCheat 3 v1.072 R3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACE9FB2A-31A5-4285-9510-43F1636EAB21}" = EasyLife Gadget
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D1CEFA0F-C0E2-11E1-B5A6-F04DA23A5C58}" = Movie Studio Platinum 12.0
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.5.1 Game
"{D880D80F-C0E2-11E1-8A91-F04DA23A5C58}" = MSVCRT Redists
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.5.8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Antares Autotune Evo VST RTAS_is1" = Antares Autotune Evo VST RTAS v6.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"bwincomPoker" = bwin Poker
"Cities XL Platinum_is1" = Cities XL Platinum version 1.00
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"CodeHook Login System 4.22" = CodeHook Login System 4.22
"DAEMON Tools Lite" = DAEMON Tools Lite
"Desura" = Desura
"EasyLife Updater" = EasyLife Updater
"F1 Race Stars_is1" = F1 Race Stars - 1.1.0.0
"Flv Audio Extractor_is1" = Flv Audio Extractor 1.04
"Free FLV to Audio Converter_is1" = Free FLV to Audio Converter
"Google Chrome" = Google Chrome
"InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}" = Trials Evolution Gold Edition
"IsoBuster_is1" = IsoBuster 2.5
"jdownloader09" = JDownloader 0.9
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.2.0 (Standard)
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"mIRC" = mIRC
"Mobile Partner" = Mobile Partner
"MotorHEAT 1.0.0" = MotorHEAT
"Movavi Video Converter 12" = Movavi Video Converter 12
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Origin" = Origin
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"Primal Fears_is1" = Primal Fears
"PunkBusterSvc" = PunkBuster Services
"Sniper Elite: Nazi Zombie Army_is1" = Sniper Elite: Nazi Zombie Army
"Software Assist" = Software Assist
"Sonic and All Stars Racing Transformed (c) SEGA_is1" = Sonic and All Stars Racing Transformed (c) SEGA version 1
"SP_0b98f1bc" = EasyLife Search 1.74
"SP_48c708f2" = BrowseToSave 1.74
"Steam App 107900" = War Inc. Battlezone
"Steam App 113400" = APB Reloaded
"Steam App 209870" = Blacklight: Retribution
"Steam App 212370" = Arctic Combat
"Steam App 212800" = Super Crate Box
"Steam App 221790" = Renaissance Heroes
"Steam App 223710" = Cry of Fear
"Steam App 230410" = Warframe
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 5" = Dedicated Server
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TGFNdWxhbmF2MTQ0Mg==_is1" = La-Mulana v1.4.4.2 (c) Active Gaming Media Inc. version 1
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"TZAC ANTICHEAT" = TZAC ANTICHEAT 2
"UDK-30c14043-5341-4791-b463-a926c9268b70" = My Game Long Name
"UDK-b180d092-9a3a-4dc2-9ded-0e12ebb07012" = My Game Long Name
"Update Engine" = Sony Ericsson Update Engine
"Uplay" = Uplay
"Wajam" = Wajam
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1584033661-3106969475-2456615852-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1584033661-3106969475-2456615852-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.05.2013 05:12:32 | Computer Name = cZ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.05.2013 11:12:20 | Computer Name = cZ | Source = System Restore | ID = 8193
Description = 
 
Error - 22.05.2013 11:12:20 | Computer Name = cZ | Source = System Restore | ID = 8211
Description = 
 
Error - 22.05.2013 18:32:34 | Computer Name = cZ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Steam\steamapps\common\Warframe\Warframe.x64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.05.2013 18:33:40 | Computer Name = cZ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.05.2013 21:41:14 | Computer Name = cZ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.7.0.328,
 Zeitstempel: 0x5191aad8  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003224d  ID des fehlerhaften
 Prozesses: 0x138c  Startzeit der fehlerhaften Anwendung: 0x01ce57511b357ee0  Pfad der
 fehlerhaften Anwendung: D:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.232\deploy\League
 of Legends.exe  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung:
 da1857e4-c349-11e2-bff6-001d6039006a
 
Error - 22.05.2013 21:41:52 | Computer Name = cZ | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 320    Startzeit: 01ce5756a14996e9    Endzeit: 2    Anwendungspfad: D:\Riot
 Games\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: e5c7dd0d-c349-11e2-bff6-001d6039006a

 
Error - 22.05.2013 21:42:25 | Computer Name = cZ | Source = RasClient | ID = 20227
Description = 
 
Error - 22.05.2013 21:43:24 | Computer Name = cZ | Source = RasClient | ID = 20227
Description = 
 
Error - 22.05.2013 21:44:18 | Computer Name = cZ | Source = RasClient | ID = 20227
Description = 
 
Error - 24.05.2013 13:55:38 | Computer Name = cZ | Source = RasClient | ID = 20227
Description = 
 
[ System Events ]
Error - 31.01.2013 15:58:38 | Computer Name = cZ | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 31.01.2013 15:58:41 | Computer Name = cZ | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 31.01.2013 15:58:47 | Computer Name = cZ | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 01.02.2013 06:32:50 | Computer Name = cZ | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 01.02.2013 06:32:50 | Computer Name = cZ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 01.02.2013 15:19:26 | Computer Name = cZ | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 01.02.2013 15:22:19 | Computer Name = cZ | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 01.02.2013 15:22:19 | Computer Name = cZ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 02.02.2013 11:38:46 | Computer Name = cZ | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 02.02.2013 11:38:46 | Computer Name = cZ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >

--- --- ---

markusg · 24.05.2013, 21:30

Hi,
du hast den falschen Nutzer zum scannen gewählt, aber schaun wir mal obs geht

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007..\Run: [IExplorer Util] C:\Users\chaz.cZ\AppData\Roaming\ie_util.exe (Mandiant)
O4 - HKU\S-1-5-21-1584033661-3106969475-2456615852-1007..\Run: [Atizivxypu] C:\Users\chaz.cZ\AppData\Roaming\Adku\cuwop.exe ()
:files
C:\Users\cZPEEDHACK\AppData\Roaming\Dirty
C:\Users\chaz.cZ\AppData\Roaming\Adku
:Commands
[Reboot]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

chazinho · 24.05.2013, 21:46

- done -

Datei: MovedFiles.zip_1 empfangen

Vorgang erfolgreich abgeschlossen.

markusg · 24.05.2013, 22:18

hatt nich geklappt. bitte erstelle noch mal ein otl log aus dem betroffenen Account

chazinho · 24.05.2013, 23:47

wo und wann hab ich den Nutzer falsch ausgewählt ?

dann wenn ich OTL starte und ich nach meinem Kennwort von den andern Nutzernamen gefragt werde ? das kann ich nicht verhindern. sorry wenn ich mich dumm anstell :P

naja gut so schnell kommt wohl keine antwort

nagut ich versuchs jetzt einfach indem ich nicht "alle benutzer scanne" auswähle ich hoffe das führt dann zu dem nötigen erfolg

ich glaub es hat funktioniert... bloß "EXTRAS" gabs diesmal nicht. hier die richtige OTLOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.05.2013 00:58:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\cZPEEDHACK\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 71,25% Memory free
6,50 Gb Paging File | 5,30 Gb Available in Paging File | 81,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 8,87 Gb Free Space | 18,17% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 1,39 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
 
Computer Name: CZ | User Name: chaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\cZPEEDHACK\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - D:\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
PRC - D:\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
PRC - D:\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\EasyLife\sprotector.dll ()
MOD - c:\Programme\BrowseToSave\sprotector.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Desura Install Service) -- C:\Programme\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (PSUAService) -- D:\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- D:\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WajamUpdater) -- C:\Programme\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva401) -- C:\Windows\system32\XDva401.sys File not found
DRV - (XDva400) -- C:\Windows\system32\XDva400.sys File not found
DRV - (XDva399) -- C:\Windows\system32\XDva399.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tizeqdrv) -- C:\Users\chaz\AppData\Roaming\TZAC2\tizeq32.sys ()
DRV - (NNSHTTPS) -- C:\Windows\System32\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV - (NNSSTRM) -- C:\Windows\System32\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV - (NNSPIHSW) -- C:\Windows\System32\drivers\NNSPihsw.sys (Panda Security, S.L.)
DRV - (NNSSMTP) -- C:\Windows\System32\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV - (NNSTLSC) -- C:\Windows\System32\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV - (NNSPROT) -- C:\Windows\System32\drivers\NNSProt.sys (Panda Security, S.L.)
DRV - (NNSPRV) -- C:\Windows\System32\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV - (NNSPOP3) -- C:\Windows\System32\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV - (NNSPICC) -- C:\Windows\System32\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV - (NNSIDS) -- C:\Windows\System32\drivers\NNSIds.sys (Panda Security, S.L.)
DRV - (NNSHTTP) -- C:\Windows\System32\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV - (NNSALPC) -- C:\Windows\System32\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (PSKMAD) -- C:\Windows\System32\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (NNSNAHSL) -- C:\Windows\System32\drivers\NNSNAHSL.sys (Panda Security, S.L.)
DRV - (LGSHidFilt) -- C:\Windows\System32\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV - (LGSUsbFilt) -- C:\Windows\System32\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0a4219da-c298-43f8-9fa1-076f39c1ebbe&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=34&r=2013/02/14&hid=2420481901&lg=EN&cc=DE
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 21 EF D1 E9 50 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{F337523E-B29C-4560-BE0C-700C55472D2B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=93A6016B-7361-4CF9-89E9-BDA164FD65F8&apn_sauid=AF2918DB-5AC6-4BDD-8777-26158149C886
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 18:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.04.12 18:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 18:05:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.easylifeapp.com/?pid=34&r=2013/02/14&hid=2420481901&lg=EN&cc=DE
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.177_0\crossrider
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.177_0\
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Software Assist) - {11111111-1111-1111-1111-110011301126} - C:\Programme\Software Assist\Software Assist.dll (Software Assist)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programme\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [PSUAMain] D:\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Remove H2O driver] C:\Program Files\SyncroSoft\Pos\H2O [2013.05.22 21:31:14 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E82628-4F64-47E9-9B5E-74B952F82759}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91C0585F-EE7E-4B99-BAD5-A3377FE52869}: NameServer = 193.189.250.101 193.189.250.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Programme\BrowseToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\easylife\sprote~1.dll) - c:\Programme\EasyLife\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\chaz\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\ICQ7M\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: Optimizer Pro - hkey= - key= - C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
MsConfig - StartUpReg: Steam - hkey= - key= - D:\Steam\steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.25 00:42:42 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2013.05.24 22:37:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.24 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2013.05.24 19:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013.05.21 20:20:09 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\ParetoLogic
[2013.05.21 20:20:09 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\DriverCure
[2013.05.21 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013.05.21 20:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2013.05.21 20:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013.05.21 20:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2013.05.20 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\CrashRpt
[2013.05.20 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\Documents\Arktos
[2013.05.20 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Arktos
[2013.05.18 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Programs
[2013.05.18 14:47:33 | 000,000,000 | ---D | C] -- C:\Programs
[2013.05.18 14:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.18 14:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.05.18 14:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
[2013.05.12 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Diagnostics
[2013.05.12 16:07:01 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Steinberg
[2013.05.11 22:04:59 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.05.11 20:06:27 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\Documents\Battlefield Play4Free
[2013.05.11 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Ovby
[2013.05.11 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Ocalg
[2013.05.11 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Chromium
[2013.05.11 00:22:38 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\PunkBuster
[2013.05.10 16:44:44 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Xfire
[2013.05.10 03:10:01 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\WinRAR
[2013.05.09 22:01:14 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\cef-cache
[2013.05.09 22:01:02 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\bwincom
[2013.05.09 18:18:33 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Publish Providers
[2013.05.09 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Sony
[2013.05.09 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Sony
[2013.05.09 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\Documents\Movie Studio Platinum 12.0 Projekte
[2013.05.08 23:59:06 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\TS3Client
[2013.05.08 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Google
[2013.05.08 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Deployment
[2013.05.08 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Apps
[2013.05.07 22:53:41 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Avira
[2013.05.07 22:52:40 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\TuneUp Software
[2013.05.07 22:50:20 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\LolClient
[2013.05.07 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\NVIDIA
[2013.05.07 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Logitech
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Virtual Machines
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Searches
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.07 22:47:40 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Identities
[2013.05.07 22:47:37 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Contacts
[2013.05.07 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Adobe
[2013.05.07 22:47:21 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\VirtualStore
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Vorlagen
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\AppData\Local\Verlauf
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\AppData\Local\Temporary Internet Files
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Startmenü
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\SendTo
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Lokale Einstellungen
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\AppData\Local\Anwendungsdaten
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Recent
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Netzwerkumgebung
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Documents\Eigene Videos
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Documents\Eigene Musik
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Eigene Dateien
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Documents\Eigene Bilder
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Druckumgebung
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Cookies
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Anwendungsdaten
[2013.05.07 22:47:09 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Microsoft
[2013.05.07 22:47:08 | 000,000,000 | --SD | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Videos
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Saved Games
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Pictures
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Music
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Links
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Favorites
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Downloads
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Documents
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Desktop
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.07 22:47:08 | 000,000,000 | -H-D | C] -- C:\Users\chaz.cZ\AppData
[2013.05.07 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Temp
[2013.05.07 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Macromedia
[2013.05.06 18:56:59 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\wvit.dat
[2013.05.06 18:56:59 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\jmwzdl.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\rfob0.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\corab.dat
[2013.05.06 08:11:44 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\0l9je.dat
[2013.05.06 08:11:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.02 16:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2013.05.01 23:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 12
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.25 01:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.25 00:49:53 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.25 00:49:53 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.25 00:49:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.25 00:43:31 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.25 00:43:31 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.05.25 00:42:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.25 00:42:11 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.24 23:04:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000UA.job
[2013.05.24 20:39:33 | 000,401,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.24 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.05.24 17:04:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000Core.job
[2013.05.22 10:29:55 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.05.22 10:29:55 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2013.05.21 20:24:42 | 000,080,700 | ---- | M] () -- C:\pic_8_big.jpg
[2013.05.21 20:16:00 | 000,001,152 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\RegCure Pro.lnk
[2013.05.21 07:04:23 | 000,698,514 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.21 07:04:23 | 000,652,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.21 07:04:23 | 000,148,570 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.21 07:04:23 | 000,121,428 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.21 05:12:31 | 000,214,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.05.21 05:12:11 | 000,214,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.05.21 05:05:15 | 000,140,360 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.19 23:33:01 | 281,682,144 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.18 23:56:49 | 000,000,435 | ---- | M] () -- C:\Users\Public\Desktop\La-Mulana v1.4.4.2.lnk
[2013.05.18 14:44:52 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.18 14:32:21 | 000,001,494 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\bwin Poker.lnk
[2013.05.15 19:53:35 | 000,000,180 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\Renaissance Heroes.url
[2013.05.11 22:04:59 | 000,000,202 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\Arctic Combat.url
[2013.05.11 09:00:24 | 000,134,800 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\148806_371994019545477_942922134_n.jpg
[2013.05.08 16:14:00 | 000,000,689 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\lol.launcher - Verknüpfung.lnk
[2013.05.07 13:27:22 | 095,023,320 | ---- | M] () -- C:\ProgramData\ej9l0.pad
[2013.05.07 13:19:08 | 095,023,320 | ---- | M] () -- C:\ProgramData\tivw.pad
[2013.05.06 18:57:03 | 095,023,320 | ---- | M] () -- C:\ProgramData\ldzwmj.pad
[2013.05.06 18:57:03 | 000,002,585 | ---- | M] () -- C:\ProgramData\tivw.js
[2013.05.06 18:56:59 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\wvit.dat
[2013.05.06 18:56:59 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\jmwzdl.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\rfob0.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\corab.dat
[2013.05.06 08:11:46 | 000,002,608 | ---- | M] () -- C:\ProgramData\ej9l0.js
[2013.05.06 08:11:44 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\0l9je.dat
[2013.05.02 16:07:50 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2013.05.01 23:03:01 | 000,000,652 | ---- | M] () -- C:\Users\Public\Desktop\Movavi Video Converter 12.lnk
[2013.04.27 01:40:54 | 000,000,009 | ---- | M] () -- C:\Windows\pbase.dat
[2013.04.27 01:40:54 | 000,000,008 | ---- | M] () -- C:\Windows\npbase.dat
[2013.04.27 01:40:54 | 000,000,003 | ---- | M] () -- C:\Windows\ver.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.24 18:12:05 | 000,080,700 | ---- | C] () -- C:\pic_8_big.jpg
[2013.05.21 20:20:12 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.05.21 20:16:00 | 000,001,152 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\RegCure Pro.lnk
[2013.05.21 20:15:59 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.05.21 20:15:59 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.05.21 20:15:58 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2013.05.19 23:33:01 | 281,682,144 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.05.18 23:44:26 | 000,000,435 | ---- | C] () -- C:\Users\Public\Desktop\La-Mulana v1.4.4.2.lnk
[2013.05.18 23:44:26 | 000,000,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\La-Mulana v1.4.4.2.lnk
[2013.05.18 14:44:52 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.18 14:44:03 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.18 14:44:01 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.18 14:32:21 | 000,001,494 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\bwin Poker.lnk
[2013.05.15 19:53:35 | 000,000,180 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\Renaissance Heroes.url
[2013.05.11 22:04:59 | 000,000,202 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\Arctic Combat.url
[2013.05.11 18:00:42 | 000,134,800 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\148806_371994019545477_942922134_n.jpg
[2013.05.08 16:14:00 | 000,000,689 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\lol.launcher - Verknüpfung.lnk
[2013.05.07 22:47:29 | 000,001,425 | ---- | C] () -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.06 18:57:03 | 000,002,585 | ---- | C] () -- C:\ProgramData\tivw.js
[2013.05.06 18:56:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\tivw.pad
[2013.05.06 18:56:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\ldzwmj.pad
[2013.05.06 08:11:46 | 000,002,608 | ---- | C] () -- C:\ProgramData\ej9l0.js
[2013.05.06 08:11:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\ej9l0.pad
[2013.05.02 16:07:50 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2013.05.01 23:03:01 | 000,000,652 | ---- | C] () -- C:\Users\Public\Desktop\Movavi Video Converter 12.lnk
[2013.03.21 06:10:18 | 000,042,880 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2013.03.01 02:55:31 | 000,000,009 | ---- | C] () -- C:\Windows\pbase.dat
[2013.03.01 02:55:31 | 000,000,008 | ---- | C] () -- C:\Windows\npbase.dat
[2013.03.01 02:55:31 | 000,000,003 | ---- | C] () -- C:\Windows\ver.dat
[2013.02.16 19:54:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.12.19 00:46:19 | 000,140,360 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.12.11 01:48:08 | 000,214,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.12.11 01:48:05 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.09.20 20:59:46 | 000,000,046 | ---- | C] () -- C:\Program Files\Falco.url
[2012.09.11 00:29:35 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012.09.05 07:25:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.04 15:49:52 | 000,000,410 | ---- | C] () -- C:\Windows\Uninstall Manager.ini
[2012.09.04 15:37:08 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.09.04 13:10:03 | 000,557,056 | ---- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2012.09.04 13:10:03 | 000,000,082 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2012.09.04 13:09:48 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012.09.04 13:09:48 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2012.09.04 13:09:48 | 000,000,250 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2012.09.04 13:09:47 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.09 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\bwincom
[2013.05.09 22:01:14 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\cef-cache
[2013.05.21 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\DriverCure
[2013.05.07 22:50:20 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\LolClient
[2013.05.17 00:21:11 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Ocalg
[2013.05.11 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Ovby
[2013.05.21 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\ParetoLogic
[2013.05.09 18:18:33 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Publish Providers
[2013.05.09 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Sony
[2013.05.12 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Steinberg
[2013.05.17 01:09:38 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\TS3Client
[2013.05.07 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.05.17 14:12:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.05.18 14:32:15 | 000,000,000 | ---D | M] -- C:\bwincom
[2012.09.23 16:13:19 | 000,000,000 | ---D | M] -- C:\DAEMON Tools Lite
[2013.02.05 14:26:09 | 000,000,000 | ---D | M] -- C:\DESK 2010
[2012.11.01 18:13:09 | 000,000,000 | ---D | M] -- C:\DESKTOP 2009
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.09.04 13:00:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.05 18:07:15 | 000,000,000 | ---D | M] -- C:\ICQ7M
[2013.05.11 19:30:05 | 000,000,000 | ---D | M] -- C:\ISO SETUP
[2012.12.25 22:59:05 | 000,000,000 | ---D | M] -- C:\IsoBuster
[2013.03.03 19:23:28 | 000,000,000 | ---D | M] -- C:\mIRC
[2013.01.17 16:00:06 | 000,000,000 | ---D | M] -- C:\Origin
[2013.01.04 03:43:32 | 000,000,000 | ---D | M] -- C:\PCWELT
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.21 20:15:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.24 19:54:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.09.04 13:00:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.05.18 14:47:33 | 000,000,000 | ---D | M] -- C:\Programs
[2012.09.04 13:00:34 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.05.25 01:00:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.03.17 08:38:35 | 000,000,000 | ---D | M] -- C:\TeamSpeak 3 Client
[2013.05.17 14:12:39 | 000,000,000 | ---D | M] -- C:\Users
[2013.05.19 23:33:01 | 000,000,000 | ---D | M] -- C:\Windows
[2013.05.24 22:45:00 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,000,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.09.07 02:51:18 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000Core.job
[2012.09.07 02:51:19 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000UA.job
[2012.10.10 11:40:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.05.18 14:44:01 | 000,001,090 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.18 14:44:03 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 20:15:58 | 000,000,384 | ---- | C] () -- C:\Windows\Tasks\RegCure Pro.job
[2013.05.21 20:15:59 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2013.05.21 20:15:59 | 000,000,468 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
[2013.05.21 20:20:12 | 000,000,442 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.11.04 20:05:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.11.04 20:05:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.05.25 00:53:19 | 004,194,304 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT
[2013.05.25 00:53:19 | 000,262,144 | -HS- | M] () -- C:\Users\chaz.cZ\ntuser.dat.LOG1
[2013.05.07 22:47:10 | 000,000,000 | -HS- | M] () -- C:\Users\chaz.cZ\ntuser.dat.LOG2
[2013.05.08 03:12:58 | 000,065,536 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2013.05.08 03:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2013.05.08 03:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.05.20 14:56:38 | 000,065,536 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{a39856ee-c0cb-11e2-9658-001d6039006a}.TM.blf
[2013.05.20 14:56:38 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{a39856ee-c0cb-11e2-9658-001d6039006a}.TMContainer00000000000000000001.regtrans-ms
[2013.05.20 14:56:38 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{a39856ee-c0cb-11e2-9658-001d6039006a}.TMContainer00000000000000000002.regtrans-ms
[2013.05.07 22:47:15 | 000,000,020 | -HS- | M] () -- C:\Users\chaz.cZ\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:67B66DF7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:436DEE1E

< End of report >

--- --- ---

chazinho · 25.05.2013, 00:24

ich glaub es hat funktioniert... bloß "EXTRAS" gabs diesmal nicht. hier die richtige OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.05.2013 00:58:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\cZPEEDHACK\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 71,25% Memory free
6,50 Gb Paging File | 5,30 Gb Available in Paging File | 81,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 8,87 Gb Free Space | 18,17% Space Free | Partition Type: NTFS
Drive D: | 90,45 Gb Total Space | 1,39 Gb Free Space | 1,54% Space Free | Partition Type: NTFS
 
Computer Name: CZ | User Name: chaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\cZPEEDHACK\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - D:\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
PRC - D:\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
PRC - D:\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\EasyLife\sprotector.dll ()
MOD - c:\Programme\BrowseToSave\sprotector.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Desura Install Service) -- C:\Programme\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (PSUAService) -- D:\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- D:\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WajamUpdater) -- C:\Programme\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva401) -- C:\Windows\system32\XDva401.sys File not found
DRV - (XDva400) -- C:\Windows\system32\XDva400.sys File not found
DRV - (XDva399) -- C:\Windows\system32\XDva399.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tizeqdrv) -- C:\Users\chaz\AppData\Roaming\TZAC2\tizeq32.sys ()
DRV - (NNSHTTPS) -- C:\Windows\System32\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV - (NNSSTRM) -- C:\Windows\System32\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV - (NNSPIHSW) -- C:\Windows\System32\drivers\NNSPihsw.sys (Panda Security, S.L.)
DRV - (NNSSMTP) -- C:\Windows\System32\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV - (NNSTLSC) -- C:\Windows\System32\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV - (NNSPROT) -- C:\Windows\System32\drivers\NNSProt.sys (Panda Security, S.L.)
DRV - (NNSPRV) -- C:\Windows\System32\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV - (NNSPOP3) -- C:\Windows\System32\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV - (NNSPICC) -- C:\Windows\System32\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV - (NNSIDS) -- C:\Windows\System32\drivers\NNSIds.sys (Panda Security, S.L.)
DRV - (NNSHTTP) -- C:\Windows\System32\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV - (NNSALPC) -- C:\Windows\System32\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (PSKMAD) -- C:\Windows\System32\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (NNSNAHSL) -- C:\Windows\System32\drivers\NNSNAHSL.sys (Panda Security, S.L.)
DRV - (LGSHidFilt) -- C:\Windows\System32\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV - (LGSUsbFilt) -- C:\Windows\System32\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=0a4219da-c298-43f8-9fa1-076f39c1ebbe&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=34&r=2013/02/14&hid=2420481901&lg=EN&cc=DE
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 21 EF D1 E9 50 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{F337523E-B29C-4560-BE0C-700C55472D2B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=93A6016B-7361-4CF9-89E9-BDA164FD65F8&apn_sauid=AF2918DB-5AC6-4BDD-8777-26158149C886
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 18:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.04.12 18:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 18:05:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.easylifeapp.com/?pid=34&r=2013/02/14&hid=2420481901&lg=EN&cc=DE
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.177_0\crossrider
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.177_0\
CHR - Extension: No name found = C:\Users\chaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Software Assist) - {11111111-1111-1111-1111-110011301126} - C:\Programme\Software Assist\Software Assist.dll (Software Assist)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programme\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [PSUAMain] D:\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Remove H2O driver] C:\Program Files\SyncroSoft\Pos\H2O [2013.05.22 21:31:14 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E82628-4F64-47E9-9B5E-74B952F82759}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91C0585F-EE7E-4B99-BAD5-A3377FE52869}: NameServer = 193.189.250.101 193.189.250.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Programme\BrowseToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\easylife\sprote~1.dll) - c:\Programme\EasyLife\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\chaz\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\ICQ7M\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: Optimizer Pro - hkey= - key= - C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
MsConfig - StartUpReg: Steam - hkey= - key= - D:\Steam\steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.25 00:42:42 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2013.05.24 22:37:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.24 19:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2013.05.24 19:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013.05.21 20:20:09 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\ParetoLogic
[2013.05.21 20:20:09 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\DriverCure
[2013.05.21 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013.05.21 20:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2013.05.21 20:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013.05.21 20:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2013.05.20 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\CrashRpt
[2013.05.20 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\Documents\Arktos
[2013.05.20 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Arktos
[2013.05.18 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Programs
[2013.05.18 14:47:33 | 000,000,000 | ---D | C] -- C:\Programs
[2013.05.18 14:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.18 14:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.05.18 14:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
[2013.05.12 16:40:02 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Diagnostics
[2013.05.12 16:07:01 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Steinberg
[2013.05.11 22:04:59 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.05.11 20:06:27 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\Documents\Battlefield Play4Free
[2013.05.11 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Ovby
[2013.05.11 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Ocalg
[2013.05.11 00:22:40 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Chromium
[2013.05.11 00:22:38 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\PunkBuster
[2013.05.10 16:44:44 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Xfire
[2013.05.10 03:10:01 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\WinRAR
[2013.05.09 22:01:14 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\cef-cache
[2013.05.09 22:01:02 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\bwincom
[2013.05.09 18:18:33 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Publish Providers
[2013.05.09 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Sony
[2013.05.09 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Sony
[2013.05.09 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\Documents\Movie Studio Platinum 12.0 Projekte
[2013.05.08 23:59:06 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\TS3Client
[2013.05.08 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Google
[2013.05.08 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Deployment
[2013.05.08 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Apps
[2013.05.07 22:53:41 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Avira
[2013.05.07 22:52:40 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\TuneUp Software
[2013.05.07 22:50:20 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\LolClient
[2013.05.07 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\NVIDIA
[2013.05.07 22:48:32 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Logitech
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Virtual Machines
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Searches
[2013.05.07 22:47:50 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.07 22:47:40 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Identities
[2013.05.07 22:47:37 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Contacts
[2013.05.07 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Adobe
[2013.05.07 22:47:21 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\VirtualStore
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Vorlagen
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\AppData\Local\Verlauf
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\AppData\Local\Temporary Internet Files
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Startmenü
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\SendTo
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Lokale Einstellungen
[2013.05.07 22:47:15 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\AppData\Local\Anwendungsdaten
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Recent
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Netzwerkumgebung
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Documents\Eigene Videos
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Documents\Eigene Musik
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Eigene Dateien
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Documents\Eigene Bilder
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Druckumgebung
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Cookies
[2013.05.07 22:47:14 | 000,000,000 | -HSD | C] -- C:\Users\chaz.cZ\Anwendungsdaten
[2013.05.07 22:47:09 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Microsoft
[2013.05.07 22:47:08 | 000,000,000 | --SD | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Videos
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Saved Games
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Pictures
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Music
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Links
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Favorites
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Downloads
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Documents
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\Desktop
[2013.05.07 22:47:08 | 000,000,000 | R--D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.07 22:47:08 | 000,000,000 | -H-D | C] -- C:\Users\chaz.cZ\AppData
[2013.05.07 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Local\Temp
[2013.05.07 22:47:08 | 000,000,000 | ---D | C] -- C:\Users\chaz.cZ\AppData\Roaming\Macromedia
[2013.05.06 18:56:59 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\wvit.dat
[2013.05.06 18:56:59 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\jmwzdl.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\rfob0.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\corab.dat
[2013.05.06 08:11:44 | 000,141,824 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\0l9je.dat
[2013.05.06 08:11:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.02 16:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2013.05.01 23:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 12
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.25 01:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.25 00:49:53 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.25 00:49:53 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.25 00:49:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.25 00:43:31 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.25 00:43:31 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.05.25 00:42:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.25 00:42:11 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.24 23:04:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000UA.job
[2013.05.24 20:39:33 | 000,401,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.24 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.05.24 17:04:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000Core.job
[2013.05.22 10:29:55 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.05.22 10:29:55 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2013.05.21 20:24:42 | 000,080,700 | ---- | M] () -- C:\pic_8_big.jpg
[2013.05.21 20:16:00 | 000,001,152 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\RegCure Pro.lnk
[2013.05.21 07:04:23 | 000,698,514 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.21 07:04:23 | 000,652,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.21 07:04:23 | 000,148,570 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.21 07:04:23 | 000,121,428 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.21 05:12:31 | 000,214,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.05.21 05:12:11 | 000,214,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.05.21 05:05:15 | 000,140,360 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.19 23:33:01 | 281,682,144 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.18 23:56:49 | 000,000,435 | ---- | M] () -- C:\Users\Public\Desktop\La-Mulana v1.4.4.2.lnk
[2013.05.18 14:44:52 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.18 14:32:21 | 000,001,494 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\bwin Poker.lnk
[2013.05.15 19:53:35 | 000,000,180 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\Renaissance Heroes.url
[2013.05.11 22:04:59 | 000,000,202 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\Arctic Combat.url
[2013.05.11 09:00:24 | 000,134,800 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\148806_371994019545477_942922134_n.jpg
[2013.05.08 16:14:00 | 000,000,689 | ---- | M] () -- C:\Users\chaz.cZ\Desktop\lol.launcher - Verknüpfung.lnk
[2013.05.07 13:27:22 | 095,023,320 | ---- | M] () -- C:\ProgramData\ej9l0.pad
[2013.05.07 13:19:08 | 095,023,320 | ---- | M] () -- C:\ProgramData\tivw.pad
[2013.05.06 18:57:03 | 095,023,320 | ---- | M] () -- C:\ProgramData\ldzwmj.pad
[2013.05.06 18:57:03 | 000,002,585 | ---- | M] () -- C:\ProgramData\tivw.js
[2013.05.06 18:56:59 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\wvit.dat
[2013.05.06 18:56:59 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\jmwzdl.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\rfob0.dat
[2013.05.06 18:56:57 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\corab.dat
[2013.05.06 08:11:46 | 000,002,608 | ---- | M] () -- C:\ProgramData\ej9l0.js
[2013.05.06 08:11:44 | 000,141,824 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\0l9je.dat
[2013.05.02 16:07:50 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2013.05.01 23:03:01 | 000,000,652 | ---- | M] () -- C:\Users\Public\Desktop\Movavi Video Converter 12.lnk
[2013.04.27 01:40:54 | 000,000,009 | ---- | M] () -- C:\Windows\pbase.dat
[2013.04.27 01:40:54 | 000,000,008 | ---- | M] () -- C:\Windows\npbase.dat
[2013.04.27 01:40:54 | 000,000,003 | ---- | M] () -- C:\Windows\ver.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.24 18:12:05 | 000,080,700 | ---- | C] () -- C:\pic_8_big.jpg
[2013.05.21 20:20:12 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013.05.21 20:16:00 | 000,001,152 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\RegCure Pro.lnk
[2013.05.21 20:15:59 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013.05.21 20:15:59 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013.05.21 20:15:58 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2013.05.19 23:33:01 | 281,682,144 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.05.18 23:44:26 | 000,000,435 | ---- | C] () -- C:\Users\Public\Desktop\La-Mulana v1.4.4.2.lnk
[2013.05.18 23:44:26 | 000,000,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\La-Mulana v1.4.4.2.lnk
[2013.05.18 14:44:52 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.18 14:44:03 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.18 14:44:01 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.18 14:32:21 | 000,001,494 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\bwin Poker.lnk
[2013.05.15 19:53:35 | 000,000,180 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\Renaissance Heroes.url
[2013.05.11 22:04:59 | 000,000,202 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\Arctic Combat.url
[2013.05.11 18:00:42 | 000,134,800 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\148806_371994019545477_942922134_n.jpg
[2013.05.08 16:14:00 | 000,000,689 | ---- | C] () -- C:\Users\chaz.cZ\Desktop\lol.launcher - Verknüpfung.lnk
[2013.05.07 22:47:29 | 000,001,425 | ---- | C] () -- C:\Users\chaz.cZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.06 18:57:03 | 000,002,585 | ---- | C] () -- C:\ProgramData\tivw.js
[2013.05.06 18:56:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\tivw.pad
[2013.05.06 18:56:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\ldzwmj.pad
[2013.05.06 08:11:46 | 000,002,608 | ---- | C] () -- C:\ProgramData\ej9l0.js
[2013.05.06 08:11:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\ej9l0.pad
[2013.05.02 16:07:50 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2013.05.01 23:03:01 | 000,000,652 | ---- | C] () -- C:\Users\Public\Desktop\Movavi Video Converter 12.lnk
[2013.03.21 06:10:18 | 000,042,880 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2013.03.01 02:55:31 | 000,000,009 | ---- | C] () -- C:\Windows\pbase.dat
[2013.03.01 02:55:31 | 000,000,008 | ---- | C] () -- C:\Windows\npbase.dat
[2013.03.01 02:55:31 | 000,000,003 | ---- | C] () -- C:\Windows\ver.dat
[2013.02.16 19:54:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.12.19 00:46:19 | 000,140,360 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.12.11 01:48:08 | 000,214,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.12.11 01:48:05 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.09.20 20:59:46 | 000,000,046 | ---- | C] () -- C:\Program Files\Falco.url
[2012.09.11 00:29:35 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012.09.05 07:25:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.04 15:49:52 | 000,000,410 | ---- | C] () -- C:\Windows\Uninstall Manager.ini
[2012.09.04 15:37:08 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.09.04 13:10:03 | 000,557,056 | ---- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2012.09.04 13:10:03 | 000,000,082 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2012.09.04 13:09:48 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012.09.04 13:09:48 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2012.09.04 13:09:48 | 000,000,250 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2012.09.04 13:09:47 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.09 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\bwincom
[2013.05.09 22:01:14 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\cef-cache
[2013.05.21 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\DriverCure
[2013.05.07 22:50:20 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\LolClient
[2013.05.17 00:21:11 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Ocalg
[2013.05.11 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Ovby
[2013.05.21 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\ParetoLogic
[2013.05.09 18:18:33 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Publish Providers
[2013.05.09 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Sony
[2013.05.12 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\Steinberg
[2013.05.17 01:09:38 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\TS3Client
[2013.05.07 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\chaz.cZ\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.05.17 14:12:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.05.18 14:32:15 | 000,000,000 | ---D | M] -- C:\bwincom
[2012.09.23 16:13:19 | 000,000,000 | ---D | M] -- C:\DAEMON Tools Lite
[2013.02.05 14:26:09 | 000,000,000 | ---D | M] -- C:\DESK 2010
[2012.11.01 18:13:09 | 000,000,000 | ---D | M] -- C:\DESKTOP 2009
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.09.04 13:00:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.05 18:07:15 | 000,000,000 | ---D | M] -- C:\ICQ7M
[2013.05.11 19:30:05 | 000,000,000 | ---D | M] -- C:\ISO SETUP
[2012.12.25 22:59:05 | 000,000,000 | ---D | M] -- C:\IsoBuster
[2013.03.03 19:23:28 | 000,000,000 | ---D | M] -- C:\mIRC
[2013.01.17 16:00:06 | 000,000,000 | ---D | M] -- C:\Origin
[2013.01.04 03:43:32 | 000,000,000 | ---D | M] -- C:\PCWELT
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.21 20:15:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.24 19:54:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.09.04 13:00:34 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.05.18 14:47:33 | 000,000,000 | ---D | M] -- C:\Programs
[2012.09.04 13:00:34 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.05.25 01:00:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.03.17 08:38:35 | 000,000,000 | ---D | M] -- C:\TeamSpeak 3 Client
[2013.05.17 14:12:39 | 000,000,000 | ---D | M] -- C:\Users
[2013.05.19 23:33:01 | 000,000,000 | ---D | M] -- C:\Windows
[2013.05.24 22:45:00 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,000,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.09.07 02:51:18 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000Core.job
[2012.09.07 02:51:19 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1584033661-3106969475-2456615852-1000UA.job
[2012.10.10 11:40:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.05.18 14:44:01 | 000,001,090 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.18 14:44:03 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.05.21 20:15:58 | 000,000,384 | ---- | C] () -- C:\Windows\Tasks\RegCure Pro.job
[2013.05.21 20:15:59 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2013.05.21 20:15:59 | 000,000,468 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
[2013.05.21 20:20:12 | 000,000,442 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.11.04 20:05:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.11.04 20:05:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.05.25 00:53:19 | 004,194,304 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT
[2013.05.25 00:53:19 | 000,262,144 | -HS- | M] () -- C:\Users\chaz.cZ\ntuser.dat.LOG1
[2013.05.07 22:47:10 | 000,000,000 | -HS- | M] () -- C:\Users\chaz.cZ\ntuser.dat.LOG2
[2013.05.08 03:12:58 | 000,065,536 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2013.05.08 03:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2013.05.08 03:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.05.20 14:56:38 | 000,065,536 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{a39856ee-c0cb-11e2-9658-001d6039006a}.TM.blf
[2013.05.20 14:56:38 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{a39856ee-c0cb-11e2-9658-001d6039006a}.TMContainer00000000000000000001.regtrans-ms
[2013.05.20 14:56:38 | 000,524,288 | -HS- | M] () -- C:\Users\chaz.cZ\NTUSER.DAT{a39856ee-c0cb-11e2-9658-001d6039006a}.TMContainer00000000000000000002.regtrans-ms
[2013.05.07 22:47:15 | 000,000,020 | -HS- | M] () -- C:\Users\chaz.cZ\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:67B66DF7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:436DEE1E

< End of report >

--- --- ---

markusg · 25.05.2013, 11:36

hatt dein antimalware programm in der Zwischenzeit evtl. angeschlagen?
falls ja mal posten:
http://www.trojaner-board.de/125889-...en-posten.html

chazinho · 25.05.2013, 15:12

leute ich möchte lediglich meine 20-30 privaten bilder retten die immoment nur ein schwarzes bild mit dem hinweis ich soll mir irgendein encrypter downloaden.

markusg · 25.05.2013, 15:40

ja und ich möchte die angeforderten infos...
ist das fake bild immernoch zu sehen?
dann zusätzlich:
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

markusg · 25.05.2013, 16:08

aso ich sehe ja, du bist bei avira aktiv, also da chrossposting hier verboten sit, bitte da weiter.mich nerfen diese leute, die denken das sie so wichtig sind um 2 foren in anspruch zu nemen, und nicht mal drauf
hinweisen, kein wunder warum meine fixes nicht liefen, dann viel spaß bei avira.

24.05.2013, 20:55	#3
chazinho Gesperrt	Decrypt / Encrypter Trojaner / Virus. Erledigt. Konnte es allerdings nicht auf file-Upload hochladen. Bittesehr hxxp://www.dateiupload.net/download.php?file=4e88ac618d8849260eb66ab76d7516e4 __________________

24.05.2013, 21:02	#4
markusg /// Malware-holic	Decrypt / Encrypter Trojaner / Virus. bitte das log hier reinkopieren. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

24.05.2013, 21:46	#8
chazinho Gesperrt	Decrypt / Encrypter Trojaner / Virus. - done - Datei: MovedFiles.zip_1 empfangen Vorgang erfolgreich abgeschlossen.

25.05.2013, 15:12	#13
chazinho Gesperrt	Decrypt / Encrypter Trojaner / Virus. leute ich möchte lediglich meine 20-30 privaten bilder retten die immoment nur ein schwarzes bild mit dem hinweis ich soll mir irgendein encrypter downloaden.

Decrypt / Encrypter Trojaner / Virus.

Mülltonne: Decrypt / Encrypter Trojaner / Virus.